hxxps://youtu[.]be/80j4SL_GZaU?si=-WD6NVILmJzdm5gL

Resubmissions

21/09/2024, 01:33

240921-bywnvsygqr 3

20/09/2024, 22:42

240920-2mwslasckf 3

20/09/2024, 22:42

240920-2mmjxsscjd 3

Analysis

max time kernel
294s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtu.be/80j4SL_GZaU?si=-WD6NVILmJzdm5gL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
3596	msedge.exe
3596	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4212	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 2404	3596	msedge.exe	82
PID 3596 wrote to memory of 2404	3596	msedge.exe	82
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 4548	3596	msedge.exe	83
PID 3596 wrote to memory of 2180	3596	msedge.exe	84
PID 3596 wrote to memory of 2180	3596	msedge.exe	84
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85
PID 3596 wrote to memory of 3920	3596	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/80j4SL_GZaU?si=-WD6NVILmJzdm5gL
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956bc46f8,0x7ff956bc4708,0x7ff956bc4718
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,571651068385657414,498001741619096929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x384 0x38c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
47KB

MD5
166272be2a096d91ca063d2a2b8a5109

SHA1
e6368f257a883a4425b38c480d942c3c71c238d8

SHA256
b468a14db93d196fbfb11ad23bd5a5024e5413b32ed08469dea21e037c8e1384

SHA512
c84d1eeba00598cff55a6cb2bbdc7a9de7875b4a342a9353736104a9577bb48bcc2520724ef89b48482808491142fc88cca6352a4bba9b8545238b4b6d555b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
232KB

MD5
070825d45acee96d0d42ecd9492c1588

SHA1
1915c718b277cb4b99ba68c4099bda0748d789ec

SHA256
36a9426941402e16484bcdaea5c37f9b1db536fa11ed8cf06880300c4a2f43aa

SHA512
e4d9801fb04b6af8447f91cebdb5c22f1a49c68b1ee32ca074a1fb3a465b55be48f893ef6e1e258c339c84a8d6143c58cf95ef8332e3589e7fd11be12e9adfbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
11e287ac9d9839e014c454bc130f2aad

SHA1
a99317dc7f83459e259621de9c78a8f2d92eeef2

SHA256
da1b153ae4dcb954aacf64758db80644b74344de78286b50ca58aa100c698be2

SHA512
602608f41fe43a5fcc16cffba00a1b580fd7f71643686875d09e5f3819bd15eeff4b5d1026d62d39ca2718c58290ee08cb9d91de7bc9a799315a58cc2f8ecce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
592fb50642c55a8a64789c1e3cf5bf24

SHA1
8032312683551f22cac3c87544931c383800e024

SHA256
caf8a5e03ad55710abd48060865c37b006dba1359b5ae6dab8c12094d225f05b

SHA512
a23d322c7931d675d4012c7f49bda458184ef1c37a8335f8099089735ca8673a3d1e01138e03c5b36e164185f4521098f0261f0c232b90e33da93d9fd00a8c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
9947aa9c1c729608100676fd99c37a3c

SHA1
ac0184fd2122921542dc1d522afdfcdb99a9ef5f

SHA256
d7a49c49c964250d03cbe2d91716b4ddcd61ecf90252e3197ebf2121c765bb7b

SHA512
5f3e89f1c045eeaaf9df3a799ef2a8769932a7832190fdc3fbac6f99919367c752d380c11aab7331bc69d8c14b192e9dabcba2fe2216804c35afe926d10b1641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4c01deb7a90cd59df13968812772b3c8

SHA1
d717ca30450bea417de355b47b0fa4036b4b8deb

SHA256
d1719d87972c0768b25acd3bb3d5bad661f15a2efcc9d1b84e09598769fa2589

SHA512
daaec5a5c83f7e2bf6554039296b981a5a81cfda8ab135aa249898b3c44ab5f35a80ed9719be42ebf18e1c90b0d800514d02762223fdab6692162bafda9270f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3d2f169a77bc339f9dae45083e399651

SHA1
0cd868cd53df787054d102b10b806c65319ba81e

SHA256
68311f7b5cbad7d20174910e58e22bd107c3ccc52e9d2da55ccb85f15883ee02

SHA512
d01c65875b0cdc4071806906216ce370402aa6dd11f35920e64671cb8e0e9fafdd28a071e35abdbe0adafa1a26c441c5a69944160f3dceeeeed0ef7d5d381e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dd6b9919eea3b9b4a2fc3dff153275c8

SHA1
c1044d89422f71b930a670dc58c0a97bb0367de1

SHA256
171352174fa948ca4c8502ae4b57c7eddf3ddbc0eacd211f8dff7acff172088b

SHA512
738eaf30600bed5dbc673bd94260b9f53cff2ccb1f01fc10591c7540413b8f213ce661cc9b79dbedd38f04a771183229da08e9bde08f73392f5982e3f70a1c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4dfdd2303965bdd4c26d14944d3e26cd

SHA1
8f3ad131447ddae1386e5d1f49d8e8b146d3797b

SHA256
d4dc932b4374614b3ba413786416d3cb7707a5c54e99f11fbce17ff56e3ee445

SHA512
de921087906898bf8cb91cb5f578a43f7411d5dd72d7892fdb588ca71a656e059866fdffcef530c9db6986ec006812124be4e9e7cb82cd2267a11026bab74d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2c4a0ec1cf20d29d4c77efec5d609fe

SHA1
374ede8da1760172775243e1027aea05ed3b8fbf

SHA256
d12db44e7aa19f294ae6ec1b8523860aae2abf68114da5331830a5512bbd179f

SHA512
648e7c34596aba961e12e0f2f9acba6020dbbee002ed5c7396ea6cd929ea7f06017a2598ae362d0d06d146c603404643097e80cd7873ebacc0cfd283bdecad6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
878b269dd687fa4c6977a75446c85fce

SHA1
2a352e24acd84bab2f83fae5627c7709cafd1ae1

SHA256
a9a3e0fab8235a3391d74b0b09018d9a5c48b2abdd669652ec239cea772c84a9

SHA512
dc4d1168615db64e96a653b4a9524b300d25b94bd30531d46ace85dac40dd2229caa991f2d33c04f7dfc70ed553b42a5491abdd83686c33ebd93c537178702a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\61c62377-ad8e-4e91-9b19-da03bd010aba\index-dir\the-real-index

Filesize
624B

MD5
9fe5339f5387866e99f558efd8d48e98

SHA1
2b32360f3d80168ab351e49e195e007c435d2bcb

SHA256
719e53a59c0d79128c4d94537550e855549058dbf9071eba1cdbf88a686137f1

SHA512
fabbdb0bf4671f92c34609c6af67f25cd9307b9589a7e1179136b6cf1058a57e2163421af31fa2f6ac63efb5ba5119b4308be8bff215f9c5217735223f4c2388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\61c62377-ad8e-4e91-9b19-da03bd010aba\index-dir\the-real-index~RFe581e60.TMP

Filesize
48B

MD5
f275c208e90d033c4aad7a194327ff2b

SHA1
e26bc03d921bd3f528da3d362d42b5861605e9bd

SHA256
b5750235c28487fe09c03362757cdcf06dca71d38f74273e161a15e1eca6140d

SHA512
9a459a70d6d192e64249df2fac164499ab8a1c7a464047be29be9371ab9fe63ce7397b69d6d2cb419914d0cd8c1d56d98a80ab7b9a8dda208b5e698d392493a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6497f3bc-bfb7-4046-bc9a-d892631f1c04\index-dir\the-real-index

Filesize
2KB

MD5
416726ee7ee7a8cfc0f0aa9422ebabdf

SHA1
48d073804be2e51045c63ef58b0afd5f31cb01f4

SHA256
426961749538766fe0fd45c68d09bf409a2cecbee9fb847bec7a94aef6fb3e25

SHA512
cd6e20f46ba9bf9a5dcddb523cee0aa375f71457492bbc516b2bb297acbd12553784ad85deb701eb3cee134430feb2b81c7142957de22fdd0e65445abc12eb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6497f3bc-bfb7-4046-bc9a-d892631f1c04\index-dir\the-real-index

Filesize
2KB

MD5
8f94ddaf98b7d7536f8cbfece8bc8858

SHA1
c3dc58659aca03291f3c841025a7ff200f898b33

SHA256
9cef182790846a129cd4d3eedb3fc016038d75b98f184f3ce910549ec657add5

SHA512
c8c22e2da495a3a807bdc0cf8996e9176088a0d03ae543e7ce4e45064f9fd3b2e5574f635dd21bac3d1be721617d23102b43bf9b21d9548515324fe9a02b4f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6497f3bc-bfb7-4046-bc9a-d892631f1c04\index-dir\the-real-index~RFe57bbbe.TMP

Filesize
48B

MD5
d9933875c50befb00438baee687e219d

SHA1
24b5f0f8dfbc19d1390b91e0f0995c78dbd87ce1

SHA256
414a2767662f70b843e0d3ddf53a560f59e03783d7e21d4a3a6ae51bf65affd6

SHA512
c9796be22312505d457b19d2c221adea07c6664c23f00c0ab7fc51de9c3c96857236b754a36c28f2eb1854da2f76e6a203665dad6befcd96d1c71fd534718ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f37f6332-8ff6-4b89-86bc-179de0804eff\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a785896adc5d7023fb9bcea46a0597a8

SHA1
56ab04ecb78018c786ca8dc100c1dc9403430a1c

SHA256
bda5a6e803bb98bd8efd230ef8762967903639be81382c150e492529faae8926

SHA512
8c5a3ffc3edc4428de616841890f24a090936e1295d47e9a5a91ff0845560eb86f25048362729807345c645fc3d41b7182160da4d07612c57960fb8b98294272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
0a1f0f23499116753330d8ae40a28878

SHA1
5702746afa682525b07eef2abcf62ada80de8b9f

SHA256
d0cb6fd290137a239f256fe01475c5df13d2940b1a13087e0784cf91d8c09bfd

SHA512
24536859413fb8f72746b4c3eeea1fd65b9940e87e31aab2e051e462a812f0226d530aa5e793d907da2d879f161a9f3129cee2d1ea3ad1d3c004de09a0eee645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
885725de292eaa12cc73752985a181d1

SHA1
e5783f4f7108bac90bf71b879dcbc8b055cf9751

SHA256
090eccffe0e3ef2332fefe26f04537df2e70fb0ba5eb4fabaf3e424764c28426

SHA512
149d03c5534ea806b9a5ceb6743a21d9865ff0d464762538bcf4a831aa271d227200a9918e6dd52a7928af596222db3f5b837b0902e5ddf7eade05c684e76a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
30f19cd5bc2812e9017afa212bcb2357

SHA1
d0c2c623ec905c4a932d614de1255e56d2eab21e

SHA256
ae995aae39636f771cae1f9c1e7027b42225129d6bdc75a846ed2d0c55cb36a2

SHA512
2df8a6c499efc50f8df6da6db8148ef613bd049e8ae84697d30ad0af2ee96a814fcf76f8303754fc98fcb781cc861cf919f8357c6de65fca6cb23d6a0f57163a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
6de838c6ff28d1192b682c77a5541134

SHA1
8166852522b5305efc211bc07552c65f0ad0f49f

SHA256
37ec8e129eb8e92e82c3f71be0f5b4674cb8ab5f9ec7bbbbfa6aa256915eb7a1

SHA512
f822a124371d9af681cc47cfd4358813c334df1aa4b07cb2f74c6cc58299bdf32b593330d345485568205b92caae65ad3886cd4f1191911d3964ad1550f2f329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
77c4f683902356a1a370b4f87932d02f

SHA1
a3abc7f15a8dc937c200e62049d78519ba20aaa9

SHA256
9adcbc06500738b6c18a0b92f17393ebad719e80df55560d42564b6119b775b7

SHA512
b0a47349d91e187442ec788ea3d3a3a0a7e9daf126c979cf70bc0b0f6c02b9d22847068943bf62bed1edf7f9b7baa67523779d12c4ce20ac3d1f21c548e808d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579d1b.TMP

Filesize
89B

MD5
21785d3bd5327400079b2771e4230f5d

SHA1
adff51e7ecb4a1964859139e7cda1a513c70967c

SHA256
9497980a6b88dc648ff0e9a210443e15f9863184ff5191c3983199ef720cce3c

SHA512
62bcfb658edf1c0141fcf1a96cfa2c5e63722a52ee69d759eba474d85af2024fc4ba558d285333ad785c9a1e9c55880c187d0062ec20fff35a4793bcf048ec14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f90c6cdd84af0463ac9cd2b46a9686c5

SHA1
aae6bbad49de083264ef9688d7beec9e52db9ba4

SHA256
1655e23a3dff73ca294928cfa24ad1132a1e0ceecf6683f6271293df5e7b1a1e

SHA512
f26b15d6a462c5bd98b47bdb6c0138b3b455844269a2546ea9a2e4964cd0bc9a2e40b8dc092d90d9a42d2024fc9d9038568221ea5683c4521a585da9ef02bb81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5810e3.TMP

Filesize
48B

MD5
0295805a82124a593849db4ca493a40f

SHA1
068e31b31e49ebde1e9ec54a532c99bfae68ec37

SHA256
d7753d40c2b45421f1c6e20eabaea1ed7a70121e4733c747fbefa7218112929c

SHA512
dd2f436b1b48b1c90d8a1fa57f6b563319e60b7aa7a49ae943c22b14531983988cb1f7aecf2be537a7807b2094e814f1841b8775b78cadb66aea5ac27755535f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
3980425f304b017dc82f14477cdbf233

SHA1
eb82ef150abb393445fb6d1289757aaf02315e30

SHA256
b3cc114c5e2d151ded211b9fb5872fa8665178f1bc1a0817fc1568f388e7c4e8

SHA512
18d22e19a2b11f041342e15a50358036f2eaf340ed11895b0bb71767824df9c7771c859d1c883500dceebc6b1139096a7d2a462a88c0426b796791922c15a0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e261.TMP

Filesize
870B

MD5
0078b151960f2a52984e6426c205597f

SHA1
ea43dea5e6e9feb7c5fd6df9105d0336a3c00595

SHA256
0eafb407bafdaa8c047f0c699766c66e140bc037e7b743cb40c9a205d30c47d3

SHA512
19303784046f7c5ef717ccc73bc41e18a18ee655de159043af46af815b2900f1fcc076891519ae600733c04662e260102a834e037bdbaff5d4124481539572db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9b10ae329cc0a813a033c342fe147f1

SHA1
9df44d21d23f0d98f4a7c52d085b801f3d086265

SHA256
d3bb1c443f9ee87d9f07bf794c8e1a3aa278fcd4460df826dab15ecfe0b36c89

SHA512
f66d04d8db5d8d2a75539ca60c5676f6a1bbddac696559989d03f7c1658641358b3e3eebb4c3096cf47485eaddac80562672f274c97e89e9f9ca2f1300ca1a03

Download Submit