hxxp://youtube[.]com

Analysis

max time kernel
1681s
max time network
1686s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20/11/2024, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3996	msedge.exe
3996	msedge.exe
4736	msedge.exe
4736	msedge.exe
4920	identity_helper.exe
4920	identity_helper.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2720	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1300	3996	msedge.exe	79
PID 3996 wrote to memory of 1300	3996	msedge.exe	79
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3708	3996	msedge.exe	81
PID 3996 wrote to memory of 3080	3996	msedge.exe	82
PID 3996 wrote to memory of 3080	3996	msedge.exe	82
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83
PID 3996 wrote to memory of 4548	3996	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbc443cb8,0x7fffbc443cc8,0x7fffbc443cd8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,11536595057663806407,7632745939061105243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2d769f92e0f806d8994356cc090a92f3

SHA1
e5fd583ea7899de76cb15e553d18ef67d40399d6

SHA256
51ccbfd357b41ffbba6f8241a62858f45868225efe77f6f8f57ed910a5e1cd14

SHA512
16464d019eea293d24abcb5f6ae7e9e3d6c718856986435bb8ea4c939dd373bdbff965d73c158bd958fee7c3d55c55f6cc9dc88de4981a98062364ac1ea94268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6a1e83720b5c857899344db7506b1fce

SHA1
1c6fc10f113fbda2b30d4268e7fbef04e56f16c2

SHA256
9cd913a006c254fa6a1ddf15262c05c0b7d543ff977ee4365be4808237e1eeff

SHA512
5353e870af349dd526e3ac4603b35d58f02b3eb3cc8a3c77c3831948b4cb35de25b511d904d97218ed135fd4c0656584199a99383466689c493d2c5b2521cd03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e97e68eb2920602e0cb5da5aa54f2e66

SHA1
598c435d24b9d652a4198495f0175d1be56ee9ab

SHA256
742611581388c5f8d17a74df89e9bd672688b53ff6dce7cb76eb60ae2e2056e8

SHA512
151157e3b596c2afb7a0062a67500d60a5cc2819ebd205b279fb8f2d088ba5ba76fba3408238608bab79cce7bfd0e13e10a1be7cf23d00b15e429a55eb05f2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
23372a561eed840b3a0a257006ddd7e8

SHA1
12a5e5e9f829252cd23dda141fed717661992703

SHA256
0a3e13430f428f697ed8b51825580a5966944533d3181004758e76b25df67aa8

SHA512
1a9a58c856034edc78563b3a9818dac02622851faf0c6577e234bcc33abc68468c6d379d44b79f7484a269c685b24e3aff9b7f6b3937d552cd28df912b86e7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f5552d4e1dce4a3e51c4be0df8b317a5

SHA1
0af869f9b3afb9214ba7e2083c97e54e47952884

SHA256
dad34ff842c6d7918720529b8f1f76eb497f84a5de21e044f1e825935140b13f

SHA512
8d65fb12bc6508a4a3dde22483790e9a89d51be8796af02c0bab6e0f09bf2f43626e1ef532f6f789c2a15eca470faf7ea05639bf066b47e746dc5e20496f67e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ae3b9f94b9cecef8551c004d3a33ee06

SHA1
af416774cc6779f78809abc4a594580b43574987

SHA256
71a0d07f93e0929e6dcfa099a6bf748d247b38e2dc31249bfb25195af7b20f1c

SHA512
0498b3e81fbf3ac6fa2d50e1e033c5dd0151a1206754890ef83d179050802a2e388ddb8938720946c6c21753159d7407bbe2ffafa359a97b56add6335f05f757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81a604f3a35d30dec17449bfd9d4c008

SHA1
dbb0ee21a7b18504d82fa7604db71d8784542cb1

SHA256
06749280e5d16c1817fa859996d5685bcb2b6dbd78ade67bb5aa64eb630743f3

SHA512
ff8f8dd44589a93e8edeef711424431b93c07e13b6c0f81ffa587f33bc372965e076b566b9186189713a1750782f72d15e46851228798c4e9cbab1271cf3fc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28b30a6e375a21776b5145a01a055801

SHA1
396e9c7a67823878222271247d96427a2269f1f7

SHA256
24332222d6f8c4b5857105b09efd0551579194ffe7e3fe4698eb157b6306d612

SHA512
634d58249bf980f3e3707455d591377a5eb9179d6fb47be5beafd1cb78b0721024b302cca585a8570fa03bda8e97a34f0c637ffdf028c7c43728fd105975aeba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c11b68b-f416-4454-82d2-7f6abe2dde37\index-dir\the-real-index

Filesize
2KB

MD5
9756d978add9f13080ed6cb7bfc470e2

SHA1
d16d2eaa3daada6caa39749c030890c4be1b9957

SHA256
9b61873ccc01aa5f72fdb8b92749cd6c79e7c3e46a3d827849f2f42d1a2faa3c

SHA512
9e4f99d452b3f2f73948c1642ee71c4521e9322564110b08e005516834010992adbe75032f4025db5f4fde2a1c379128c70a7c4ee56c715e43edd45b793654f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c11b68b-f416-4454-82d2-7f6abe2dde37\index-dir\the-real-index~RFe5832b3.TMP

Filesize
48B

MD5
998fa047da765e4fb454bb404e25e601

SHA1
2afd6c1c84532911eba16b9157a29e99ea64a740

SHA256
e2c3498be3148fc543ef222e8d0b09200d46898b834fd83de1565fec76ffccd2

SHA512
d4ef77e46e7f840911b1f0191a68cbb0582d2064ba562b92e6f27e9f370e1507cff8bf60c0961d5c62d15877aa1e0ba0871abf2f9946b4fe1385c6d68b31c431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
260ad0c92a3b8c26bc15ceacd67eb4ee

SHA1
141b74f25f63419d4052b039f14f60afb45cffd1

SHA256
8a6de3487be8ab5af11f9c024f85dc7f67896a1b7583126c607d117e95dd1e89

SHA512
d7d2351e8669732c956648280467f9b19885d5ca0a71fe5542fb7e49fb3d507cf41d58373ea7b114609adbd3a3c8f4876dec32e63531fc918fd82689726367fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e92cdc366fe81f23f74c538349f8a2ae

SHA1
e0e507778f7c135a051d696f3a56f9909088a248

SHA256
97b04abb4743d03b384fcf7037bd50d63a0ed3b882e2ceb765a298aeafcd4863

SHA512
6f065f5d45e588917ccbdf1f466e9b0b9228f6c603feb0031df9d94b364a52c9738db942a4e8338ea24e5378f451be4866f1263efecb20161471df54325984b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
d19cc58398d46379f4a87a96414d4e7e

SHA1
c7440a9eb08d4191a5fcff2c39c2cf3f7b1b200e

SHA256
9fd5c9feeed5d42e52e22165fd9122a8edc7865f16c9e641eef3eeffd005172b

SHA512
f559d1ea6f4710f73b480fc7c60d465591e358b2eb2f5dfad6ab6a6047521b7c7bef0dc1d7915f057b2fb63fd329ea896db69e61013368a932285e1c11b2c1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
9cfefebaef90b8a7194dcde2400928d8

SHA1
0ce07ef7b6d342ce391ff682a21416e923d73d39

SHA256
2879b8a0ccb5acdf9af94f2de3beae8be9ae39d62a677385b742b085e6cf456d

SHA512
d071da53d01c592fd3d5241bf724658f578f9b2be4bd759eda4685403dff2e820c43f7e60f9efeb27861acc98e0a30087f612d3615b93341b56f5cfce81fa396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d8d45d370b4cb8ad040b4540be21b43d

SHA1
ea40451f44a00e48f9258618c5e19ec43003d8af

SHA256
163f04fc95a14b51bb478e78a04b26f031e925eb6a6f821e2a702e0b8d384704

SHA512
cb5daa0b761e5fe69565ff61ee316949c6f637cbe716b781acfc2cf055a7125e7da125e8d9682f56cb6816f5c5e9de81f422dc790aaaa9e9209a52dba633847e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582a18.TMP

Filesize
48B

MD5
9219595e7c6f6b711f5fa8374c3116a4

SHA1
d27e9a6ed7b8eb4f91b977613c8c066bc04f26b6

SHA256
61d6ef6deba113372f37d13d3d4448e1105b5f46a98b0a93683cec0f5f215210

SHA512
0782cc88e05fb72deaf84375d7b8fd78562d17f1d3ec373edf8f978a3c1c74084b04cdf5e3278b5bda86c5a9bdf244253418525badf9ac8797c728e86472ab63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
68c0eb529ed416695e566abde473f13a

SHA1
c42acf85863e75e3db2525ba0a085a6fe02f5160

SHA256
5b69487270b00ada41e45228782b75a4043772d0321e47b05c839aeccd39e144

SHA512
f443b716bb4ed0e3483abb72989713458c9237ddcd120692b33c0a9471b11745dfe8d1b5b45f29a5e8e8cb2bf512d8671151f5c6b7add43da33e9c53e8a97b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
726b86dfda061b6047bb7edb5b69011e

SHA1
5296244f82041150b386750872c807dcdcf0058b

SHA256
8ebca016a9da31e674dc47a5502512f664e9ab081900b557895f9b29e659cbe9

SHA512
c05fd6cdea36f7c24625690d4c1a4903e11a9b4370b694424ac44d4d9c40752618567d770f36b1a2e8efab96f8b409670bc3049216a971313c0338f46253992e

Download Submit