hxxps://youtu[.]be/SSlzIRIVjlY

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2023, 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtu.be/SSlzIRIVjlY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3824	msedge.exe
3824	msedge.exe
2124	msedge.exe
2124	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3524	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 4188	3824	msedge.exe	85
PID 3824 wrote to memory of 4188	3824	msedge.exe	85
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 4788	3824	msedge.exe	87
PID 3824 wrote to memory of 2124	3824	msedge.exe	86
PID 3824 wrote to memory of 2124	3824	msedge.exe	86
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88
PID 3824 wrote to memory of 4952	3824	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/SSlzIRIVjlY
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0b2c46f8,0x7fff0b2c4708,0x7fff0b2c4718
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,17213468278922424570,14760356617926231565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c84cc5ecb5ec09ff1dc5352a7ae6728c

SHA1
3df2add8103c5817c9deac4d5dfb3d03a2f67c40

SHA256
e0d83673a2e0f183af264139f87b72c74e59927408e505068a70172609fae3ae

SHA512
139a1c387555dacc4f101bcd97f201e1efdbaa1d67193b11cfb978ee2e701c5a9feb44d4416619370d2a67a46c092da5e46f182de467f311cf1b2418064bd5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2a6ed65ffcbebcdd70d1a512f54a7561

SHA1
56e0ab21e86a1d363cec0a49a839ae6b843d4a5d

SHA256
78d0685ffc70f88ff63acb649b5ec76172c5ddc18e21ac3a7c13b963a08ed80f

SHA512
7023cd3df0fa9b2e14e375c53ff5c2b59818f0f0d427a93823cce3ce6a393da656f23f0b5c1f6a2461ffb5ca4fb57fde1acfa0c4456df094d44a7a4ee7803784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0ac5ffc9587d5534361e5a5ffc8ab010

SHA1
024ae2434db66f32be72e1fbe2c5840736e3366b

SHA256
f8c4782f514d0caf67727616d58ee5c13bc71267586892c2c24481b67353215e

SHA512
8d94d22dc4a9b3cc8507a6734e5a1a85dc5388e60b8aba35a8641ccdd00c8248583fe8b68de26e50824c856e89b311419446c7233377dbe3f4d7d4f160cb1ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b64f5f8e8da234fb1e7c6892bbcf77c6

SHA1
d37cd0360c2cbcf85dd978c308b370c8aa87fcf9

SHA256
b0f72ad6a1cad2bc414790325e686316ad690e658402368d5400ff5995c04df7

SHA512
ee4833afcc9900287a8717a54ae89d7870660acb7c938b6bb339b0d84f7c9f398b92b97185cbffcedbb15318b2d6aff4ab0821e392129674294bd3cd993e68af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd36f85f465f28524cd253e186f51633

SHA1
24f285cd89ec737248ecf28e5ce053cb8cf7c4b7

SHA256
f3638157485da7a7dc47fc27d9e3b8708f8f4ec211b5238d876143bad88f9a52

SHA512
e7ee33abac9975c374918eafdc72c9be9ed31f439800737615ec2fde19d95807ff5f489cd871d61685c87640f36158f464ba387270fd1149750d79c346d305fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\491ab962-4a64-482d-a941-bdc3c7864ed8\index-dir\the-real-index

Filesize
2KB

MD5
f5e25448bb213883e55ba13b8968f6ca

SHA1
8e908d8c3c3cf5bfe1fbe4363524aa8c4b77426b

SHA256
a01eb4861b3d4afc7ede428c6afd490934f9114d7cb2fffd67c5427357a15dae

SHA512
74fcd5a9acf1165c40fc5a10575aba79e771a967c2e8da136c16812b7efea8b08823d954848fcf58e3995a03a7babeffc11018874865fca8e7b6785e3de0d87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\491ab962-4a64-482d-a941-bdc3c7864ed8\index-dir\the-real-index

Filesize
2KB

MD5
8a3994c4f5c33778972fdb13094e6c8c

SHA1
f6a359e0e3ef7fe9e66c0416a2a1003e40785b1c

SHA256
822e43e0e6677a23dd120a6c2c97e741719f814013b0bc375cbd50693960b7f6

SHA512
7b0fc237e64bd0d81d2b892c7ffa1358704de3a2a12466fe33468d6be8572dca9b326d29eeeb5bdcfb51c75734a8429bd30e29523a0773bda472d19342cfa368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\491ab962-4a64-482d-a941-bdc3c7864ed8\index-dir\the-real-index~RFe57e86c.TMP

Filesize
48B

MD5
2ebe7f5a131396dabe16a8df1183ed21

SHA1
3eac249bd26bee127c73bf581d489d3a9edb705d

SHA256
b33fd79136798e14443292ae84e2321658471e7935d934c36acd1e6ff53dd757

SHA512
29296fbf42d6cde6408f4c241e829bd4a04902b23bc2d1b4a1192d26a8b507a2b06472df1416d95b743be7e956c4e6e4354cdc74b88bcdecdd05a87aa99d8b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\576462d1-ac2d-4dbe-bfe9-d9e25e4520c8\index-dir\the-real-index

Filesize
624B

MD5
fa0e4165f54cfbb261a7b970c1d43781

SHA1
140fd26ffa460503f845dc4e5d33026af3bb4f85

SHA256
18045c62e94dbd8604e27a59b473cacb8e9ed78c0195833c60a5a87acfddb052

SHA512
223ea3d202929272d872ad6f90c64fa90603a431b086ba154714a597e199a1abfd7fc3bfb8c0e7efe0d4f46fe13b5cf939e9f0ca7adbd816fc35038fb8c5dd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\576462d1-ac2d-4dbe-bfe9-d9e25e4520c8\index-dir\the-real-index~RFe57ebd7.TMP

Filesize
48B

MD5
1d01502a970dd9ba0a04148b5caf6ea8

SHA1
e705bc077afd32ab4dfdb1bb1c7079e3589700f0

SHA256
8b4107837e4bccf5b8f2795bc035e05ab8a53784e0f734c2f41a4ce7d6f86a01

SHA512
80cae4af18814294f1b6a6c371ffd742f1bab4d0572939ff9766fef8544c594113707f7460ee197631c7a320c6b5e72c8daf81f3b746072fe9b00c5e62536817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
86519c821e60aca9824a20564018548b

SHA1
52e797a770db1303abcf6050d7d39c05df82e573

SHA256
72ab37f3cc78d8d88c6b9317fda86d7ae9c6f4722b592f8048eded72a000b7b7

SHA512
f3443a2159fa0f1bba002ba01966bdd440b26769b962cda2f23536ab581639092d6d1362771a00829ec2cb23f639c287f3f13378d99d7de510a41420ae09a492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
757e0470ada41215abb571da4399b40b

SHA1
28ad2a72a70080c78133f6ae52477f0e20ebb1e6

SHA256
70e72aad417607705162546187e5d528a3cbd8cb618ef07ac10da2863d0a0e62

SHA512
601f22e570ab610ee0fe676929025743de9725cc238f2662c42ef164ce3a9c6a4ab825a7ea5535e394a2b947d861f6d105cf9e47a20e0187df05f9827c4ac396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
57f4181d262b3c81ed206539407ad526

SHA1
d030b202fb3d707965e0a4638e2c4dd95499af88

SHA256
3131dbc96367538c30cc3d13d4083d65da98996772821fecadfa06faf7ce33b7

SHA512
4b54bdc95900a6cac97d61efe837e5eb92abf99582f5f5e1f95641ed5e7a26c603134c993946c2936a9e117b37e937c63ed07f86773f5ec12da48ef94d68caa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
81ecffc3b1399834f80fed0f39814c72

SHA1
f8c6dadd6a666c0ddfcb5b4625f5ca0e5378b004

SHA256
9209c4ef89cc6c9e383f6858a6427a88fca4bc5c0815eb93838509dfaf242254

SHA512
a1940e2accbea114bdd07ebf29e9bfce5a32b4e1c783d700e5fddd1fce72826d7d7bcbaf7666006c6f0b2f07867f70fc6c12405bc9baea750eed0ba7e0aca448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578973.TMP

Filesize
89B

MD5
abd4b63f450331f3c0ef3f09c2da97b3

SHA1
623e0949b6eb168f0b44dce7e2fbc8465789a027

SHA256
945de2b251c2ca1cda37034d7d030d27293118b8669554aa363524ce5d827f52

SHA512
792d15ee5e147783230b82abfa6dce0339306b62495cf4d3addaceabbdce18413743a03ae3f420a6da5bdfc5cbbdeee53c7346d41e18bf55215f5c11df765d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
651b7c8f1b9f76cebdb9ff38992e102f

SHA1
4d93bfcd33d981ec0a50fe30b6a24371ab13fb2a

SHA256
8037c23905010ec84f09d4f66d4b291451cf14b307535760107a0d53beb91557

SHA512
8ca1c23ba73cf3dde43530c59f44e5b14993b769b12aa9d7354baeec52fd28a9ea235805e17344b0dd5a9cf660d8a0937fb3ae50d204365279da97036e90391f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d8db.TMP

Filesize
48B

MD5
29165477f5c11d471108212a1a88cbe2

SHA1
ccca31ebadd6b22ecfa1c9c99d3c0af5d9dd177b

SHA256
4033d732b93807038fb8870f73223b75ccd63e571678d08997321de4af4e6a70

SHA512
7e2dcc7ac60274539da7cca45af3d635fae6c3a09ac03b928bf0ce7ed719e3e5dc478eb0fb8bb4c45254939e054942d1e4d64c268419671ac642c4cc7e528cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
73141f4ff95956e049bf9a65701f1b5b

SHA1
59931aa6681ed3698c2e723ac82d1931ad4c7db0

SHA256
e042d3402caf01c527902da7c673b81c4de71dd0e1f13f51b0c21d3a3681b124

SHA512
08da066bc90e646e7fd6996d7472831b14d047d1411b24e3d788e60372d65e08f2c062d4cce96bf702aaec8bed84d261e9f9d4410091d492429e3cc7c951411e

Download Submit