hxxps://youthlawinstitute[.]net/

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youthlawinstitute.net/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
3464	msedge.exe
3464	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4292	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4292	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 3948	3464	msedge.exe	83
PID 3464 wrote to memory of 3948	3464	msedge.exe	83
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 1612	3464	msedge.exe	84
PID 3464 wrote to memory of 5056	3464	msedge.exe	85
PID 3464 wrote to memory of 5056	3464	msedge.exe	85
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86
PID 3464 wrote to memory of 1496	3464	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://youthlawinstitute.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4220 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2607761353291816703,17498291612034078386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
e1646490e148aecb21dfe6c1dbab2650

SHA1
55386b8af28cdc296b4f34e6ee52d833743be741

SHA256
bdc2f176f48791836e57d424328794bceab08b5bdd76c9eacbccb0dc4409ad74

SHA512
c0c75e4477e1a029761441367ce3e1d31e9294306806a81c57c30072c4f1094c76797c5ea932f3e174b531c7c94b8b815b09dc6f83c5ddf7c571e3b52a162fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
122KB

MD5
15874e2141c312d1d8a0e361b12c18a2

SHA1
7960c0350a44dafe47ce986fbd73e57a2072a163

SHA256
3229b7f78e5ddd561b8af2f3beb90540f1c322e6df35c23bd71438e23b5002fd

SHA512
ba4cd38ea9ea7afde51f30c2aba5399f3da887d28909dbca7dcad5c976284addce342a9bb567904a5ad4bb4cd6668053d1427a78aa5b8a9676fb45225598eb68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
99KB

MD5
fd5b9c799f81b04887dfffcc34c6f97f

SHA1
b0c2cfc05499edf0cd94d10eb3c63d63de352a71

SHA256
d2c00c224af2bf9192dda2eb0e873e67ba25b4b258b17ae14435c1265c222c3b

SHA512
698b906c84ead68a3bd2ab38825c8e3ec2bf33779c790c95662ca52e792fe634eb77c9ffd6e21df7cbb88f4e9f30e3c2cf78335ac7a45e3fc039ccd0b8f1cea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
2a298fe92bb5785a1b7b3fee7ab5b469

SHA1
f62d0142e5928e78e26039fd2a46ee1d88e8f79c

SHA256
7748fcf7a727c8f71aa5fa8ec4406f4a944b604bcb566491802abb2fdce29548

SHA512
fad1388575ece050bc2013aa50e43758f9cecde1125e32b8c165f8f5ed003773e7ff5544543dacfdaccddda6e3ec66e3f8daa4ab2fa092af33b3cfc07fcb95e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
01607010d1d2c601bd2bb9fbe367061e

SHA1
134fd7a72a68fb042fc115a532a4545d51a3e693

SHA256
6f224ff611e394385a6a77b257edd2df2d81854a0b055167394ac89d1dd3f17c

SHA512
9ba4cb7846d6c287f875cccbed5ddbfeaeada58a0484ba2fa8115de7237ed5f8147f745ed09bf156b11e4284898f00ab04912538b89fd501c193ca530bbfdeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d09d9e5a89a7ec5eb72133e9d4fe101

SHA1
bfce364a020e08e48739a9369c537ffacccb288a

SHA256
ab0b52bb7ca3ff39fcb2cb3736cfdbef55d9a39ece9d72fe6bb51a5584362897

SHA512
16d0059c087ae75cb1fd873ff052455f23f65d2ac3ef45042093dc40c08e52ec336d72a1c2476fd41c20c069e960ecc43e77c18af347a09644e85aa169f247b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c8519a91f4df0acfb959224b94c05b0a

SHA1
35be88569d5a837743b0b7df6e6928b398552a37

SHA256
5866e3c6daac496031fdf64397aeb775f0769e6a512db4de0176fbc3eb283393

SHA512
fc10820e1654f8901005f489226fea5c142921f95f7b48490c4d2a0eb67988d43a376b199c3ba91a83279b493f05c1108a1f20e27b7d399d658ad01588bf42e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6c7d6604b4c136d42bda4ff19292379

SHA1
1b796615f2dd8cbfd571772e18bea389bee7f3bc

SHA256
b1aee6d55b41be07166a8ad1c3f6785879cf44abdd38cde6b801c0edcdb2d3ab

SHA512
b9be7d79db07affebd424da89c7c371705bc5917d25cf589dfb4334b3232769176e576fbaeed530ecfe2b1a3566b359682f0223af77cbd550ada8c85e68ddfe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d18994f6f2828a8a29fbc720d0d43ff9

SHA1
4f45ec0facfef2dc4b4bfd696db4f1ececdbde7b

SHA256
a0bd4398cc1e706602c2e909974fb5df07de0e4b349298c5454af6cd8d545fd5

SHA512
91ed8a846b38245d1ceb27f4479170048e686f8430e125b3f7d70fc1d72e2b0ef2fdedd70d3ffe6376c5bc129d55bb857ebea2cb3e8e975b4ae55de7419828f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91aee71788f3f39a53d278a06cb010cd

SHA1
de9f639a7e8f0d4a2d7922366c729e988edd6302

SHA256
2c37eb5c76275b48803cf6414e047a5225e730af9b09e31339275aa9d5706cb5

SHA512
4bfb2246b043d5e34224f5b78a60f99e7b075123b3a0ac83d68d2a5b0fbbebd3d9fc9a58db7cdbf66ea4b436c0416ae7b31cd526b141d2d948c662ddeda8d84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d1b45c24e1ec593e686fc2e7e956317

SHA1
a7a3728c8fe5d6cfa01a8adcb6511cf3df5fe958

SHA256
8acc240d9442ac49352b59886811a0b94ca1ca55050caf7dd4bdb03541ead753

SHA512
f5b92598cc79cfef706b8146d3cdc5cedb5ad8d7d3ad654dd17527174ea3545ab1445af1b0b714dec2e596f6d0028a06b7183074b6b30b15b28df04b8f67c116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
1dc20c294aafc151389f5ec9394299b8

SHA1
eb498902d038f227282361bede652d4f36fb8627

SHA256
6b7c43686caa01f0f605b60b0fad15b6f715f607a1650b4de1492cf38c6256ba

SHA512
97843166016e0cf86dd1ae049910089ea6ae74396cc69b8b74ec1921c6c730ec03bb6b3a8253adece66af48eb97e91e6f2c6b060274e3ed544eb630e6de40632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
a7c76fe159b022fb90ef74a64b6b82d7

SHA1
066d246dad68ecbb3dc33e92677362cd3dfc1282

SHA256
a340ae36233fa692adeac5b983f678d4df80d7d3bb68385493a13d6be1162d17

SHA512
229db31849f92087d7b73b2ffff34776dc73d188429aa74fb4cb34eff9fce7c79ae721dbe52040c2cdacaecbec1ee86265007abb572d9859c951cad11f674d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d0ae.TMP

Filesize
372B

MD5
8c810b4f2420be130595d72bea04a91a

SHA1
88ad4748a4fcbcf1f4baf427227a782a8f5f5914

SHA256
f4e7efedac40c91777239a7c7e97c61d4bfa8bb4f26de79c5af64d3a1498e9e5

SHA512
6088d3101886678e0cca54fc2df948670918cccd5faaceb6873473a04ce05adc9922f376d21b8b20d079f3c767b6a4cda751ce56cdeecaa1c595d457f5454c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8e06b3734993606ce36a17c759497dd

SHA1
e7592e57b3d9df7b81fe7fd1c03f8af14e95e2b7

SHA256
a108e880296674a04c647128e777dc3d5d319895eef51704f693177903e0b630

SHA512
219c05f73b996be028b978d567fa1bf19dcc7712add1640961cfca8b6d2cc7446d0787c56dbdf1215943cee6df681e3ad103efc58ea3f182b9507228585cbc75

Download Submit