hxxp://youtube[.]com

Analysis

max time kernel
1680s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30/09/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
4148	msedge.exe
4148	msedge.exe
1384	identity_helper.exe
1384	identity_helper.exe
680	msedge.exe
680	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4184	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4184	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 3740	4148	msedge.exe	78
PID 4148 wrote to memory of 3740	4148	msedge.exe	78
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 4864	4148	msedge.exe	79
PID 4148 wrote to memory of 2648	4148	msedge.exe	80
PID 4148 wrote to memory of 2648	4148	msedge.exe	80
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81
PID 4148 wrote to memory of 2136	4148	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ba23cb8,0x7ffb4ba23cc8,0x7ffb4ba23cd8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14031127805400130941,356421183796648570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\47830e8e-d06d-47e6-9af9-d38571b009e2.tmp

Filesize
2KB

MD5
336e274bf7d5933fb84088232dbe5bcd

SHA1
1d6a70c22338aac854a5b7fe6d8714245aa9841d

SHA256
0e888a3db32efc52a11fefd979182d1e155b20355fbbed4c019860ddacd0515a

SHA512
32c00477b67dfb74f864f07d4cd80cdc15862dd18f0ba758d9226ab052ad0a3ca94e57c0fe3970aaf7af29a6f893ea7a6dcc9fb6749702083936ec11b4ada5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
9dd8d5b84ec5e511f397db58ab565f54

SHA1
b25ac6a7dba555d3bd162b0c6a87d9ea345af6a3

SHA256
13cef79d4df5d3d7b758c66534e099b4c7b99a4235d1605790c76f1d6be7d2be

SHA512
95b243cd513420d55f6bcbde529324c0423f3beef90cd539d88f63d7bf18cd2e846495d32cc1c3bdd341548046dc8cf716278135fb3515ddd4a9f91a888ed631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
53bdb73506e20889b7c501398a4c24e5

SHA1
890951f42bcfa181f83a9f3a359da6ed0316fb1c

SHA256
32ccc0cf72851ffa43d0ccbf931cdd634c445c4615ea39a508b11198b1d2b897

SHA512
e84e10d3f068789ca8ad2d181603557a0442d18a61c9123ea62981732b667b4dc7554e9d2a2d762cbd0ee80b05fb2cbeba06d6f2f54884999ccef97eca62b9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
141b0555691f221e41ec522795870b12

SHA1
7f6cf6ce33af3f736374c062e7ee57ea6cc0d926

SHA256
8d467013d9f8b1b8864930b9438e20da391af4ed708da81bedc1fcb964cf51d4

SHA512
90453e5a0317e6a6f749ea89ab07f60363ad7d91dbabcb3113420ee2ae4371b358d00cf46eb86741e401ced1e719aa828b22bfaaead9e2fb186a46521f186db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
09ed6547da2db186283591ff803ed2a4

SHA1
d09e596c694a59ca5e19b8c893d80c7352ee34cc

SHA256
d22264f7188e5db7d499951f3746d2bc282f0713026109a2adda94bcbcbb3b4a

SHA512
b8daa804c72a65578df8c2fb2632da7ba1a11914a8e0d8181526a82f1caf40796d1be1cbf53839fe526bb03c70bbcf28de850f56041c7d53f0e31a082478e030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ccd620de2ecc016775615be5d8f6a39

SHA1
d985aa1c577694830592eaea5e886c58f6404a96

SHA256
6b94142282f498a40f8d1df852b9be91366ee0e4873fdc590ad73934f09c2264

SHA512
8c65a8158249cfb4599169a37f323191a12b74dfec12b86e7e38e427734442f0ca4821de2bda2079d110baa6971c1bc1efab57ec18cddd6ee24c01c260ccbe97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce79fe6d52f80ddf145e2dd748faa793

SHA1
87f0a6126da1aa948cac0d004198866e5733c761

SHA256
90222f884d8857479e5d567f521b2bcc9a79f377bdb38c920cdbf6acc857986b

SHA512
11229d650d02fa11fba9c5d08433597e2a7d02004727ca5966d45b3a66df928c1f1a9c70ff263186c048b785a228957586d87606787fe4078ce511908dae3c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34e4df283e1ffc889e70e394b19f9c38

SHA1
8d9d02e743edac1fefa960775db51e15b24ae11e

SHA256
696486ee46553b33d55372942aa528750e817cb603a00b48f634592c3a1ee3ec

SHA512
252060fed128bb4fed56a4230b03c901daa5d29e20fcccef49c17516ac791eb005c705ea43f6f6bd6d581291884dbadc47ef595d2c3778224aa73c106f09ee2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c3330368-9585-4c75-88c7-fb03f8533b13\index-dir\the-real-index

Filesize
2KB

MD5
c64ed41432a9fc4460f55fa6976032fb

SHA1
fb21b3d5c2310e16c63092bc87e49ecd025d71a1

SHA256
8c966ae33b9a5b90776f2b250f6521badbc6d4a507c3bfed5431a8bb0a05f4c0

SHA512
61419923594da2b02f551e90d6ab4b04582caf09383735bd6099a7ae31886ab0cbeb568797f945f00ea3eaf24c9c3f1bd65914a288d46c4df07f8c7e65f91650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c3330368-9585-4c75-88c7-fb03f8533b13\index-dir\the-real-index~RFe580a8a.TMP

Filesize
48B

MD5
dcb1153f3f2d98880f0805922a5e2df0

SHA1
e4c3051dac6fe3d9eaabb5620e9236a84269ea81

SHA256
a195b8f09d241cb4fe095580cb480018799e137b08e88f3bfb9c5e122abe4e06

SHA512
be4aad781624be8a706049a2882e600f4e5a7acccdbe6b32b43fda5235361b7af9ba4073bc3dbd8b026b4ff3459e5d58aa8c800fb8ea1e00de92f9c15ea59ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
b5dbb93553591afbeca4dff3ceca43f8

SHA1
81529e4a6e8e965f0407064dd538e6056c5692a2

SHA256
e21b84ab0985629ffc471b00977c6a07aa408ec51ac3df7409b19a717e87d9dc

SHA512
ad2bf9a4c38a78ecaa177b74729d1f8db0111553db0164b65bed0ebbe56505eae50166eb37404d99bdea1bff95d076275f1be4994a2fc3f37517bd5b99ee94ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ea02827392afc525eca2e7cea388d479

SHA1
ad979e88084f61d9e3b1f16b42ed25f8a04f6285

SHA256
92aaca4184b8963ba3710dd30cdc579cd71e06de85f22636b428585b32a90609

SHA512
8647f4690746a64a31c87f568bc60ec54462d0ef9740a87320aaa0a748c6af3afea5a39c6284033d85bf104a5307b2b67d76a8a675f07a43e8a43d3a36a241d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
7584f59c654382cc9f2c9176451b4e86

SHA1
dc0490f942b3c78ea9d7a7cbaf90d6ef1b21e193

SHA256
c99f049b9e53db772bad08082fc7792777533e3a274f2ea52e3f23922f7f649a

SHA512
147ab4677ef4297b6fdde7949e11013b9f6b5a22214a68c5d37c4d005684f99b9aebc88de68289e515de25ea55055659c561cea440c99e51b434a830c97330b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d38a6e01745ecc6dadf8da198f547686

SHA1
912897fd62e4a5ba4c2e81508ef233366080de5f

SHA256
12fde33f5a88b9259179820f0a7357d5764808311db0f23d6a3ec0bc8e022e98

SHA512
819a890635d7f9a807e0915b997488ecafd9d1fe3f596f0bd67ade1504866df3f25435b53982188056094c8cc9c0e58f9ffb7f63ee762e99cfb0ca1d16fe9a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a1f76613ae02765905579b37db9198df

SHA1
763086a0756d1f77e78f44ff780cf21ed7da161a

SHA256
d717696358641766c8337ad2e04cf58270bb5be1842b2d21a64080724fa47c01

SHA512
f24a239ecfed4195a2153c39b1bd4d1b6a2c7e73f14a86f8d3053a0ca266716b90dd1be98148c4c503806b61822b5f123730b07fdf3cbb12d09ebaa9cc087ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5806b2.TMP

Filesize
48B

MD5
f44a69b260176a5b1da9bea4da1dc2d7

SHA1
32068de8b644cf846c5531b1b9b9bb0b545834c6

SHA256
994cf70ca77540b82698755beab9352c2295328842e742001cad51e5aff14fc7

SHA512
cfda9f646ce80d1f0c9ff2c0dd446aa53c8033debf014f53454dfab3164fbd802f9d4a0aa696bd521ce30b3f792545921f79bd062ba013e20542e5a6a3d0f4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c674641a46a487523bb012ed6eeadb5

SHA1
3c65a17243005ce59ccfa5fd40e3150fe681007c

SHA256
6906f685e6cd05a2bccee5be7a18bac5eba73435334c9d282e0e8cea39fed272

SHA512
cbab1536c072bc4f7fc8546bd9392f60f2854cf694888aef727049b2e9d728b2bfdf4e0f4e6ac4dc897058e8c6563e792e8e083a8e4ff27b7dcf0b5ce4becfea

Download Submit