hxxps://www[.]youtube[.]com/watch?v=whEfx2WmDRE

Analysis

max time kernel
146s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11/09/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=whEfx2WmDRE

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
62	drive.google.com
61	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2268	msedge.exe
2268	msedge.exe
2432	msedge.exe
2432	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3496	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2060	2268	msedge.exe	78
PID 2268 wrote to memory of 2060	2268	msedge.exe	78
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2892	2268	msedge.exe	79
PID 2268 wrote to memory of 2480	2268	msedge.exe	80
PID 2268 wrote to memory of 2480	2268	msedge.exe	80
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81
PID 2268 wrote to memory of 4896	2268	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=whEfx2WmDRE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8ea13cb8,0x7fff8ea13cc8,0x7fff8ea13cd8
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15386975697254520809,5044473272744231524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
47KB

MD5
213af7ac1aa72e2c0c316743695b7cd0

SHA1
c93bf2de82958073a23b3a495356118ef718cecf

SHA256
f5680671f5dc330f962eb3de4164654e2c17284ac3a109f687ddabf104e25ce4

SHA512
d0e11f42a046682805d18a0a133df1c8c4272b94117de503dd4992c34f93e516b7decbf77496f45768aeb1a95f1493f74f5ff732e9b42efa6bff1b47e9b0c1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
232KB

MD5
efde650967f54e45c8737eff98b90365

SHA1
f2139d2784be093f32d26d374b0ad2d9c4f7cff1

SHA256
4d26eaacc25960cec1e8a3a3435f1be9899c44d375334d4201cd2d9676841282

SHA512
05f3a338711860b3cbb4c1031da4d3b5028a47d18d866bd62834f437a299cb6777cd98b06bf62b7395ad886bddc31e05f9e41d68a004ada036da43cc0bd9ea56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
15e0ac8bd6bbf3dd326d0c0de9ca03c9

SHA1
4afe452e2b2a241751d1d187067b179ad52c5860

SHA256
90af0fb5af85d06dc7679c5b0c516355a85c893f6d2e5349aefa31058a3321a8

SHA512
fa5c9eade8385777ab7f8c6750484d67dd23336b8a6513f154c6f9b58ed4f7e4128c45de837815f594c65626904988242e88424fd34173e39f5e8e6a53a99a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bdbe3002dc03531e8cbf011a138f25d

SHA1
e32e2ee842bcfc10f3a8ed4163c3a0f337ed0a29

SHA256
fc33cd6e1cf232d236784a07a0f16436aba01994b1d47cb23b444c2faf1435e0

SHA512
d28a0dd00170e79d1038e57b4d74d6d3417e08a64e5b5981582062b8f6953b6dbc4078f90de3b368e8ec34299bcf3cf045c126dcd0068c4e9b7af3573bb8f4e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
44a92d81d4741aca57ddbe989a97e5a0

SHA1
d3ef652515bb1b1c59ba5eb4c09d9a03483fe5cf

SHA256
6f4973aa4133fae0b1ce90381df94468291c1d922f840c9236bf21d7163c9e3a

SHA512
4a08be07a72a4fa0a86e3a1ac6c0e41db2bccbfd5c3d4d56c111a52776b75551634c5321b442b50f2dd5e6c99a92790355cdab7442e892abfea7c3fa32898e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cdaa68a10482a450204a09f76750bdc

SHA1
a66700ee752e9adc2d371b0698ff65e15008fe65

SHA256
3e19fe736d18a0103e164b53f72ca0192aca797f13aa448a947515b9d6632870

SHA512
029ffb3a1e421cafc9447d87cc5d01488a674a9f1717894d0025caff9b544b5020bc58a4e1bca2ab2df571d7dc01da3ad25aef45645bdb3f4d4158b86238aa69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31161f245a08ed254acef1476764cbcc

SHA1
4f62f62d41a8d3a76bd2625edcee990e8495697b

SHA256
4a1f5e58ba4ba47531f33b6fcce06a6d6cbcad86d54f3ff164878698d59c76b4

SHA512
959445b2fd4924d53aae4fac352a1079451f968f4bf305d99fdb6a6b4e8ff1ececd287fb304b08cf5cef3c8f3b48a8e37ea487662ff4a798a4be4c3829eeca91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5d9e2104-3d68-413e-966c-4b423f0b8222\index-dir\the-real-index

Filesize
624B

MD5
aaead79b0bc2e06ee3f7daae31564e23

SHA1
750b6cc70e9adc260a8a83df30164ce6f8bae334

SHA256
f523cce495ec4bf9faecc0e9fa19adeae9cb764a7e781d1edea4271e5a2a33ca

SHA512
56fc8295c661ee8ea4975a2ab2ae4ed4fcb5aa5b04e461a203f0170b065919a57ecf9be643cf323812b09134476a8b896f2102af138cd2ac997d0e8471b8e0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5d9e2104-3d68-413e-966c-4b423f0b8222\index-dir\the-real-index~RFe589ac4.TMP

Filesize
48B

MD5
7ebb86085674bb56a5214883c3017a75

SHA1
c14b97e753f0062c8f5b6d50a0f258b25d851bbe

SHA256
92e670df223eb41f7bbdd7b85a978704742be536f2a92735acdc76b46cf1a2e0

SHA512
43e42e6a6ce35fe0d5ba73e8068410945c6e83eb4db6745783ae4c70adde3b408fc23bfad0093308447f9122e31c30353be829160736c670d4d704aae3882344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2e42593-d235-43d7-9540-320474f0feca\index-dir\the-real-index

Filesize
2KB

MD5
93fb3db50679caff5f8d12b5beed00d7

SHA1
f54e9468f27dd19afc6c898c31767e78829aab22

SHA256
b90f1fb53b770ab62490aff9de0fa020342233d03fc2d20ddba7626146d8ee41

SHA512
7198b942de162cd8e423bcb56b981c9eb8d814633c20ea75572e9f5300233d861272d2f27c95f7537658f74d6c40b634f222fcabcc62c573e4ea6446a29a3188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2e42593-d235-43d7-9540-320474f0feca\index-dir\the-real-index~RFe5831d9.TMP

Filesize
48B

MD5
8b50f0c4a7d1ae2a7c26c3416aa124e2

SHA1
c6e1939b7504d2da9d3f11a26c539f5626c501a9

SHA256
fccc2ab8f0e6581a05bb1619801bd97c1ff8003b2075f62c9b29bc07b20b424f

SHA512
35e5a5fa04f57eb7669b162f595dbc17725878438d9cbad8c8ae8bf896e14fae2e6bfa3f461a21686cd14fefa509fe2eeb7d252ad83e0598a6646c3d2022e7a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dba91b54-c18a-472f-bac4-cf42d6f4f058\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3504d37c6b9a8b6fac3f9aa9503d42ca

SHA1
cc68c3847ff0854edbdddaf8b1bd9ee11ec4cd27

SHA256
e7fdf496e690a1cfacbabf1c67288e8b3a1cc26e688f5c8c6be04ef160d512df

SHA512
70e2f958106ba575536de01068f9981682ff1a7141ad815bb0dd5e4f403408cef2b85176915c270602535e12e76a0e317ee72715818b87969867f46b1d28b444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c70f8088b0853cc9f1590e8a457a14f4

SHA1
58651a2138417f7aca4dfd51f1c588fa63791c92

SHA256
ee9e771a1c78d03ea05ff653ac6596c10a3ff9111736d1fd4b39ddba1707b5bd

SHA512
747823d4fbe09815f73cd4999d9e8d778864a93d252b7d4c84e66ebcf9e112ef0fa18cc271feff23fcfc5be0094dcc1a41fef87ad62ad02102864884e036e288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
5144a9e5f7bcce3eec97196bd260efcb

SHA1
7e836186b9c34a1ca0969b3f64fec81567114722

SHA256
60c521b360d3c91c1a19b5cd0ffe4ed2185a32b464300da262bb14c1805af462

SHA512
a3ab4c56a7842a3f088c4905ac1c74a66b6a910d70eef24b5cbc64d1a3778571682c4da7d3bf0f1500b9fa60e392ba542399db289b85182ef32751f917617100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
03a3f1c75cee5d42e7b93c078e75a9b3

SHA1
58519b7a73781484870dc159170021924435b93d

SHA256
7325fcbf05fdc66ab334bb3ac598fe8ad5bf6418949bf7a3701765ec764821b0

SHA512
d91d592992c7284107804be683ee866d5afdb420713cb63645ba10c7409b342caac849fe8fa971f15d529c49381c7c8e4d41ab027d3489a13759adef114ef3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
8bd1691b26060efacd3150768787c964

SHA1
447e30661bcbdb4bf86f059edffda99f367ebbe4

SHA256
4fd7a9233b0ede215a70739037a2ae52942269f858db3e7541abda344728dcb8

SHA512
ed4012ddc8c2994984e09fc26cae2a53e1bf9f52b0dbe6bff38605cf232a5188c5656cdb1bfef30ae328c09e020503926df28718280363bd89e385120db1840d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
1e7ac81ac79a4c65f06e594949b080fb

SHA1
fe3296ed449ac5fb73cd29b8fa1af03c9713b5bd

SHA256
d07564e02fdf5d5415218172c6f9d801f93a6a4a6df419d5464c254b790074a9

SHA512
688fb7fa56dd79e3a3e7b412dd78d68aab59968ce1bb12cc05d2482af4247bf4e2468abb80bd5e546959aa008272e773aa4264b63163438d35846ca3d7557122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5813f0.TMP

Filesize
89B

MD5
d9a8f25fb683017fb402c5c040238977

SHA1
60daca8dd873fdf984285a04ab78d6da6f59f104

SHA256
76e3307c9c7174c4fcdd72e2a4ea789df841da003e4abc6eb1073837c7fe5367

SHA512
13b69bfe31733d6fde394c673df3bd97c1bc12f3245d47e70c789a8c24f7496f7d920cacb21ad44c71ef2a6ce48ae951eb6416a1ef435490354e7ceba417d656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2bf98fef5cc45be879ddbb8cedc6b97d

SHA1
892f76df503529397d19cb718f7f1ffeba2c0dd0

SHA256
33aa4966fdc777ba1fa550e6fdde609bfa2d1166654a63ac4b1635e8de911f0f

SHA512
c9b45b8daaf97323c7ba9666be39ca8be0f9ab54a4792f963415a6eb6c2713ceb86c26da6ce12984d0b696d8f9835c9aad03a7ea4da3e66461642c5de6955e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588fd7.TMP

Filesize
48B

MD5
9b162e0c37b9498d7f18d9840a843a12

SHA1
b9df90ef0c8687209bc289ae8990b204aee459c3

SHA256
a450de432acf4ceae53713e8530af638bb93b35f01f555c5d5e9273b836c1b4e

SHA512
5ba7fce97fa6c0e34e0878563cf40d5b2758f897dadce70e418eaad412b2a3e9f4b6b007ea54ca7d56be74dfb664f0e799bb397d9d90e8a4db49d291faddbe3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
9821abcb0e85727e837d40b5a6396d70

SHA1
4e4014ab1cedf6a6dd982422662c43ccef3a96d7

SHA256
f959e4495a4be739286e49baef2c6b52e3674998dd15b00b0e5bdba49d9ce26a

SHA512
4be6b53f22a57aa79d667e1b453de59e8bf5981b5eb6b0c4fbda7f37c082cb738c719646175ace073f995e2b44e717c0eae06309203cb366adf429f299bcdaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58587b.TMP

Filesize
706B

MD5
bd5d7a82d0b2b3095843d3888b90056d

SHA1
349ebac30c6cecd0115d7df2275ffe8169314bf1

SHA256
bd60cba5ce055e2cbeab76274baab9e431065507ca4c3f1c33a2d52cd01e003f

SHA512
1e11cd1c2c281f07a3417069cd6fef9a5c7234f381408a95de24cde517a551fd0d48e0b93275ca0bf942659bcacb69b91a741832549d4d940676fd0354327a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c371626f-b887-427d-a6ca-aceb6014f85a.tmp

Filesize
5KB

MD5
2d634ccaa4769e58c9c51b8da72f53a0

SHA1
d026135e1916aed8ccd50274b211558a6471ee9d

SHA256
122399389dc6ddcffc551174722f16ba45318ed1168d11d2dbc94fa32fc225a3

SHA512
e2c9dd0b37d7e3a23f4e2afab3b168de789433b169a98dfd8d1dd3623fc68e9ebc4c1cc39bc884f0fb67a8fa044ea1ac28025cead58915def7618f588cd662af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
65a9ed2af06a7809e66b73791907524e

SHA1
1906c688a9f798f71915871d80c4411d41745da6

SHA256
1281894b059e198bf4dd72e71c495f205a856b29bfb3266a660db3b6b68c1efa

SHA512
d696110e4900a9156a46dae2c2eef4c658a8ad684d4558fe0d43ce9c33866b8358ce70122b9746feba239fd49c37af6f60c12ad5cdd892712dc08bebcc4b4d5d

Download Submit