hxxp://youtube[.]com

Analysis

max time kernel
30s
max time network
21s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-01-2025 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250124103910.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6849e168-5d14-47bd-8fdd-71fbdb4a6bd5.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
2480	msedge.exe
2480	msedge.exe
4824	identity_helper.exe
4824	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4552	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4552	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 3520	2480	msedge.exe	83
PID 2480 wrote to memory of 3520	2480	msedge.exe	83
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 2336	2480	msedge.exe	84
PID 2480 wrote to memory of 1752	2480	msedge.exe	85
PID 2480 wrote to memory of 1752	2480	msedge.exe	85
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86
PID 2480 wrote to memory of 3648	2480	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff88d5046f8,0x7ff88d504708,0x7ff88d504718
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3640 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3676 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff67f4b5460,0x7ff67f4b5470,0x7ff67f4b5480
    3⤵
    PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12999261362188669028,4966601517383626793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
86719c9ef18be171c28cbbd6afb51e94

SHA1
9fc7e129d332cb143305af50afda413b36ba4034

SHA256
9af44cc5c7225a84aae1099a4a3900a8992a58b9712477cc6bdc72e97a749916

SHA512
2b6e095850703f6c3f1d342e85738e6afdf1f3380a167bfcee82b7724323b470a0f61297e4339dc0893bc577ecdb0a3abfb8122b8375e532ac9c83631ceb2de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57af89.TMP

Filesize
48B

MD5
c7f8bf45f08709af4e64faddb68a0770

SHA1
4d2d8c618541f8866f2dc5195fa48d2e0e445249

SHA256
b94100641e0e02a6a937ae1b3289434d3b92d243acd92715497088cd1fc87e24

SHA512
625358e2e98d7ae45bb40ae0c3f60e997797dcb2ef4c97743c985b0cd9867c5b3f950972ecb40e1c97b70e1f1b015186c091421d77c39f808547546449493c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fd2f78c82f6905052ca1fc387ac514b

SHA1
ffa05073b3bf3e69dafd974f4bb423521818bd55

SHA256
d466e0907b6d5db5c318ff88a0f8afe49732a3e43935ec2658437ced4f033e4c

SHA512
9ac41f409242cbb4c56e3449fa45879606ec93df84c33cddedbf99340f3944072b9318f2789a474d2af6666c430d54c48802de8eb0f5d8fbdaa26360332bcb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21faceb9944f7aec05b9476f464cde7b

SHA1
ca623a160d5cac9e111c8f39b56e556366fa6006

SHA256
67299eab2e728c07b0b1c9b99777e46f7ff92673ee0b0860d531b849b9bc48f4

SHA512
56adb6194b13df275720f4b8deafaa2c4cbbc838256f76bf8134a204ff6c116e070e7d8e6f57bc678cfc8b9dc8ceadf5f37dde88400d88a765c86385dbe6127f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bc3a0ca62cfef580ff9ebbb7afc92b9b

SHA1
fde9832ce521fcd53850d0701a543ef75b772e3b

SHA256
b0203fb7c3812937e92ac04ad6065a2129bc165a36a60a4d2fdb0accc4499464

SHA512
fc1f3a5bd2106d9b6ed5a678c2f4978550a0d7414172b0ce6954a835b0da01ac28c177955a48c2ef56ea3d517a6672474a9cab873aeccae3f22a45ccf2d070de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3e951787-9c1b-4281-929f-43f5b2ae5b19\index-dir\the-real-index

Filesize
2KB

MD5
c96f60a98f7e3de4fb128ee959c8aa59

SHA1
cdf02dd372f92451b08021815cc25c3b41cd56b1

SHA256
6ab1bf0123c97c40f738a680831956b5720ab441dbb34d4983e46ed9dbd5f85f

SHA512
c60548f3dcba964dcc19636deb42eadd14b041cf2714bf5bb8261ee7965f8300c9f1b18246db624344423662797d4cd291e72c8bab6fd74354be6a5cffd44627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3e951787-9c1b-4281-929f-43f5b2ae5b19\index-dir\the-real-index~RFe57b006.TMP

Filesize
48B

MD5
338e4b71f2863701b2b5469ec5113f69

SHA1
e677debdb950f232f57527751854dbc3143bab07

SHA256
b81cee2732509e4d90f114a75431dea4422f2953eecefdab172965d30925eda9

SHA512
98567f76e90f06327e7a12cbee7431f800e1567fdcd11b31944980abca00c0cb75ce6bcf6481ec86a4ddf530475c619d8cd263b0cb4906861a1d9f90c2707a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
673e81515ce3434079205a9bf27948f2

SHA1
db173e6146d127e945ae2c11bcaf9db233013fb4

SHA256
63907960fb5a75d5f6856486b4b21fac96df583b29f47962a66c3e7d57ddae4c

SHA512
58b594be64b092116fab355be29ab804ec0628f1eaa1af1a2fa45e4df8145d9a733f47e32e4f4192697d2db82196643ec5163ba6262989827d161fdecdfe577c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
5daf4cb937e45c86b22f4da0ac671e75

SHA1
a6c6b7459850b34e5c12b6bb09c90cd7054a63d9

SHA256
dc99115c3d312b9c327406deb2903cde63f80abf9f75e152de9ede396837494e

SHA512
5ade7e4324c1e674b0617791495c9cdb9fc896fc659f32e29b3eff63a8324e34b0b90f6bc079a89a0978cd4e799cf774e87e70bc7a4da99f4c403e41ac300173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4c6be2b4680756d3f356d19eee6bd47c

SHA1
2679ba49988c3a060bd6d5609cf1091c219ee980

SHA256
3eb72ef8c915bac4fb4da51925adba0657bdec8ff492faf7c31b44a7fe466db6

SHA512
baaccbe7659a0c9315ddd1c39ce67986bc32b28b26ca096b91a02d87b3e3b34cb646ee44826580d9b670a4247a47c05bbe270b42a7471b0cc242558901c6359e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575a93.TMP

Filesize
89B

MD5
0f9a36c3ebc18a88f4fffadbedbfd9a7

SHA1
31810cf1715f2e92a88b2b3e0fc31c0ce33fbde3

SHA256
323459f1a946b9d295cd28eff547b3800e92d0db48399af180da21dd2eedb67b

SHA512
75a98e34a6d25d0c49a1a2d547ff73320b337a876c3ff291e6921a16bce69d2695b07770d15d23dc50864840d2d7e3f7beddb28688a87635be97015a85aa6ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f5231ad96291ea0a4954b8c166cf8521

SHA1
d668d6ba7d33251c7bc8893bf5c83dab77ed0d10

SHA256
1cbfcc40b5c4dcd4559d3989a31a6f75a840d2a587514cb076156330b2535e02

SHA512
56efd367fe8a040dcce0c1cb89d63bedbd37e0a5f547f0ffc00f56c632fdaf8c56f386bd8fea51979210ae4714aa1914856951dc669aaab857a609b40574906f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57abff.TMP

Filesize
48B

MD5
9bafbac22f6cfefd1d5efc33353f706f

SHA1
d509162f345c24b9d1141c1dbd10dffc83e89d63

SHA256
fe0078cc76ea350285528bbe620a7c2ddee3af3390db9da3c4d2dfc10a857e78

SHA512
5dcbf66ac5b2fc28d8b08edfeb21d7eb36cafb03e10dac601d66c5e61a838bb4929a4883018ad24826556c2a18e6081f3ff15d6b681ed731dcc7c5d260cdee1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
21bf8d712e4abfe68dd43ad4c377ac73

SHA1
f545e8fd003e2d215d9b9960f5db3f0f2c270565

SHA256
ce8f7c32a9fac8972826e35032b6ecd69a0a30edb0349a5e548178f1c55e7334

SHA512
ea73182e89d9634cd040dd9f7159b73fe4db5b027f2ac37e435e77f0f1c4a59b8a573c4c927adace294d705bb75cc5213afc2a3abe1338853c3334a8256c9a55

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
935257fed48a62fa98868eee23ef4775

SHA1
963ce9117d33e991da373d11df513908bacb4165

SHA256
20b61ffcd47f51897048d5b28de4f8bd5c24f00c0166065b0ac6cce9d55946e6

SHA512
881ab74554cb1a9d8ccdfc987773e6acb91e80dd311f31eef86e2ad9bc83f18da92a3639307d4c37244904d00ebb1f4b431d0bed7eeb27cf5036f2250d7060d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
aa0e8bff6e24d775d862d7b93bd02a59

SHA1
4a7bced3a714ad40a32dde5c2ab6c15284ea08c5

SHA256
b62e7e414fa44d1f7be6d33a0d44498ba4c30c9bcd508f3daf0288592aee9171

SHA512
826c81348f73d8d9d41a2e1d37b9a5369cb871e20e719bd96c3024fe4cd5049f74c6b53ad761ca036444dd37f31bfd68beabb8cedc0c4f88b1fd6e6d60531262

Download Submit