hxxp://YouTube[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://YouTube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
3040	msedge.exe
3040	msedge.exe
3276	msedge.exe
3276	msedge.exe
2156	identity_helper.exe
2156	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3564	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 4216	3040	msedge.exe	74
PID 3040 wrote to memory of 4216	3040	msedge.exe	74
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 3924	3040	msedge.exe	82
PID 3040 wrote to memory of 2076	3040	msedge.exe	83
PID 3040 wrote to memory of 2076	3040	msedge.exe	83
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84
PID 3040 wrote to memory of 1096	3040	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://YouTube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff87eb13cb8,0x7ff87eb13cc8,0x7ff87eb13cd8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,380031677315652674,3968865887053579580,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
68ba11f0c1f75ec3cdb4d3e123bdc1f7

SHA1
b6ef3348654792117c7dca3dc4ce91e3475fc854

SHA256
9f66379be2ee499bab681bbdddce0fbbe512b330d2d3be7cc4876da1193886aa

SHA512
4dc397e05990bbdfb901b4a9f80eed22f35bfbc6d7bfbc3d7acce16674b18b466e4e3e479d6a19eedea0ce2e1f23290f2202595e46004407a5a61f13f19d6480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
76f540b2605a28c1639ace800ad5708d

SHA1
cdc405a2d4b3c86cff95f85aea95fc68fbb91927

SHA256
aac8bd02af5daff4d25ec07ebbac0ae408f334298fba9094b5188841987fed76

SHA512
0c425178780e4133b55e9b5d504ed1596f40d2616938c244862d53b025c1a02fcc29e17593fdaba6c7c71b9573fc6d5b7bea59c3b5b2bd02aa48ee80d6eafd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
501b32c11f759a6c1f9f32efbdfae00f

SHA1
858d52cc158047780df34c8dac7afdb6245b6713

SHA256
c82c50213266798aa0814cd32210a6bcc04d9b82f22b63b96a2d79cd5ed8d196

SHA512
09603a194a152e8326d0640ef247f95d14504eabc746646313e04c0bfa2f5a3741a9b4968a961dd84764b74b2c76cd24027cefbf6d836c050863ffafe3ad4822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6584c49d355a16c7238bb984ed29b918

SHA1
358d8e1b5f70e75e44630bf466e693f8e74398d2

SHA256
24bfa0e605774a4937df0bb539e83eacffa8dabaecfbb9c6c23beafcd294e433

SHA512
c616a32ddfece8d2526bbb657994520fa9f15c8988eee35a0c7274f2b679ade4e0069feb46f0dd0e408023d2e2a4c60b135aa96c53ee835cadcfdf56d63fc810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12aaddd08f507d50c6e1b1e635effee1

SHA1
d1cccde9657005a4312b05e58366a461f02a10ff

SHA256
f02ac9b03fe0f4b18a059ef6f8e970570f5f1fee291f82499d803e63fd80de46

SHA512
afd40eefa9459144c37683060100ad11f1ed0bd25c5d3f9d8b3d52a64c2d11c7ac8f2c85aa8547ada09952f382bd7ae73309024afefd617f5411fd4473596d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\97d4cb4b-45c7-4a89-a0dd-4984b27ba7ee\index-dir\the-real-index

Filesize
2KB

MD5
405a2787ee4634913b34a8bb950160b4

SHA1
ee9ce4aae747ea90270805ae450a446a9056c96d

SHA256
ad6952ea7e08157bc21258665f475caff9e6e5b8757a1eb991c36e2da7fa9c7c

SHA512
a87723062041e1899c1dc30c64a66367c754f76aa1ae43a92b0f712944204e510b88bbbaeb6b91577f5e2652c30001d8b7979e64033693a82cb2e072430bc16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\97d4cb4b-45c7-4a89-a0dd-4984b27ba7ee\index-dir\the-real-index~RFe578c23.TMP

Filesize
48B

MD5
c2018d5469feafd6eb34f127e002ce3e

SHA1
084119f56782ab890ef1e507f62e0a45d976a57d

SHA256
d352a969ebec269f37c6d0df23e4e178af687e478bd10636c273cc7e92a52ffa

SHA512
5994b29e078d036e810a74d8a4ed389983931723d574b4e4fc2cc29a45b0fb1fe5b6ebc64bb76c4e6805c192a365b021d94e6751dd6ce16e3abadcdaa98f5f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
cfffcab4ef47fe5856ffcb2a285acf31

SHA1
3e0362beafc243ec51188468784a7db1f00cbeb5

SHA256
1a22b1997e035bd6d464b943198b8017326a96ca226b8268eab5f88c30308f89

SHA512
7a981365e440aba00db62df66a27259d3c5d69fa0ada63ccef3419a6dc467ccfb6682d6e3cd78abfe91aa14f24a6020b238e03e32e917ccfc38d2667d876bdfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
9848f179c5dc7868883e40da18b87b3d

SHA1
7b6943d1c0b30e9e66c7a262ebc5b471fade80f0

SHA256
19eaa4c1b064615f5912783553e83f34a65deffbe773ca816ccd4479ff7fb680

SHA512
5dbbe6109ba85cbe8289519432572e2aa37ae1c713b81d00b6fb25dcc4f76cb2097589dbce60f314a20f095eda9c22f28614be992a1f54c813df07611037c0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
4fc047ae73d199057efa37f34ae5d77e

SHA1
6178505ad981dad8b4fda7ef3144818b4de7d184

SHA256
704208e41f97402893775613a8d140b1446193c8c760322b3629bbf571da655a

SHA512
d4ed8dace14b33fcc82a4f75f4078a4051baa96645f1224f8b65dadbbcb95302aebd2a1b5c652b9457796fdf2b28ffeaaa7d21e9ce07b468519f60c08195fc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d157669d1c4def002da1b6c2d54edf50

SHA1
c04eb6924fb0f2be78499f5d57f0c85cdd8c4e81

SHA256
e8c3cce0ae4724c8dd80f16dfb7dc74c295d88f70d8910c1e41338157dc8f7fe

SHA512
a12e555a77ca1e91252fb6ef5148510df1978968760833cfef54b529d040c7a75dd9a7bd1dac465db8e82904292147f3a59a7c083f5f94146f6537f2532c2c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
37c51424b0a31628dd0cc65ef9220a7d

SHA1
d17fbbae85eb40f4cf7d6a9d8ea15bf1c5c4d89d

SHA256
217b8548eb6197051db5b7bf09544ffb640050b244780cb25a3dd77dbfc44e4f

SHA512
46664e0210fe23a7d9fae6b732f51b2c1ab5bb364b8eb68677354bf7158fc8f25bc1e8eb00fe1ab9bd2ec02480640f83da3641547db834cd5b67ef8fd69be971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57878f.TMP

Filesize
48B

MD5
586d523ce62963b071201e5203cd9224

SHA1
3d1c1978c07f8df5fb15a3459d1c935f34c070ef

SHA256
6e83605d43780910665f4cba256d16ff669ada64ca379eb736ef8e79a69f622b

SHA512
a81afdaf401f5c999a47f849de0f02102cd3b17d64d3177d791425eed2ca5a4ebb5a68443a6050e3efe50766abcebce7c040e614ef6f01ed3a2f0b2865743657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f462d747c9055f128411435effce854d

SHA1
a9b54af35747effc5e444f26f365d4038986fd5d

SHA256
779fe298e6256dcc63453f9d24d864d2d007ca6d5959e8ae06c15f92f431d0c0

SHA512
8ea1256a81a04e4451e20e813ea6c91187d5566d4c85d76443e1791be461d359b42fd668e9e8b51d199e99bd54280527b2e8c0f723f2f15a6cdbc55a88533d99

Download Submit