hxxps://www[.]youtube[.]com/watch?v=fIcu6PGGEnI

Analysis

max time kernel
145s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
02/05/2024, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=fIcu6PGGEnI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
784	msedge.exe
784	msedge.exe
1380	msedge.exe
1380	msedge.exe
2016	msedge.exe
2016	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1044	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 3360	1380	msedge.exe	78
PID 1380 wrote to memory of 3360	1380	msedge.exe	78
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 4352	1380	msedge.exe	79
PID 1380 wrote to memory of 784	1380	msedge.exe	80
PID 1380 wrote to memory of 784	1380	msedge.exe	80
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81
PID 1380 wrote to memory of 1072	1380	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=fIcu6PGGEnI
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd89113cb8,0x7ffd89113cc8,0x7ffd89113cd8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12538737670882088966,16726318180318673737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5f0cce5b099a5821544588f143bc285d

SHA1
e7c7cad0a52a631b44a4682680362d9d1bab3193

SHA256
3758f0204726e11197536f1033e434dfce413553d034ac6fd8618182525aa126

SHA512
eb7863f42e186c09365e7683f2fdc66ab9f955a91cfb084717c4e27fd619b9e44dbcbddd424bd193e2cdf3c1a5729d3e1a61caa4b317b5f0310bcfdbe25f5e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
57ec3c29d71caf4a987ec316d19d65f1

SHA1
26f2f9e580406b64977cedc585e610dd5e04436c

SHA256
ec094e9e0c943d7a8b5b8b5d70025811e5fa569123790d068ebcc3c5d93aba0e

SHA512
764b9f6256778dc90337e1096e097c6e68aedce0c2d19a195b0b05a16a4764df8595c61eaa1e81b8ed36457af62e430527e0d60a0688da881f63c17bdc7f174b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8809a73b0c7949797dec96930b0ecad

SHA1
85022716cb8431006cd1738e34f05d4341c89cbe

SHA256
8135f949e92eb9618f7d114c95a322c102549bf3b64d4603a5242901ec5391ae

SHA512
6a3cfb26477f86c679d1ae55b3c9c4f47abd01fbddbb9b09eb00602d163916577a27ea06eb644b6acf6966c8ffa3b2ef72034078a3b052b29268600198dc7987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6df4c81efe609b585d3d01500315dbf

SHA1
74675b39c5246cf391928f65c41df5526cb1537f

SHA256
58336824e88a809c83411397e93c6ab4a11fc8ab1d3e596949c1ed3ec54b8384

SHA512
2b7c65be83ff835c903357347db13823606644defadb97a0013f25be9beb0a41cc51be4dab07df064e27935320c8128f4dc10196b749303f9a2e00b26ae37f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
093418c354620534feac3e82a56b4b46

SHA1
099008c8b4bbbe41175f3de6902a0ff1214551d1

SHA256
f3e78c6ff352a6c3f97f6f5e8841ebaafe82cbab1c92e343dbfe54d488cc04a3

SHA512
e60969e7be90a9b62617585a6e86ee6b630f4e08a9c58f15f32f0c135b26d0826292a9f94c3ff1b2b3a44ae2c8b3264662872ca68daf2b4d2d6af1e2177dcc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8efe8a83-4687-4ec3-afd9-d155e03dd587\index-dir\the-real-index

Filesize
2KB

MD5
dd0ff72479abfd3e0eb4cf8afc829ccf

SHA1
40b60380ce96bc3594040c0a7209798aac97dc74

SHA256
b0b8f87a73f19bba5215ff6ba41619ff9d96228cfbb3c0d16524072f6495988c

SHA512
8d88941a728e6defbab7034f2323c1954fafd4a7b50985e20c9b11d1ca609a78958721411042e427a77360f68db11eb0ba850273f21b4a881e89421dd97bc718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8efe8a83-4687-4ec3-afd9-d155e03dd587\index-dir\the-real-index~RFe579b94.TMP

Filesize
48B

MD5
9d602efdaf973a2a02714aa6e341b520

SHA1
99b02221ed5accac856870d18e8cd61e0c402900

SHA256
bf9f0483f9fcbd22ae6ef3069155645de78f19770a57f90eece55364ec8c57b3

SHA512
3ec1d3354fd1425db36fa415df54bb49a8fc0045a60a826f6dc7417714ef939b9b75a2767fa8cd66391c2351c9bc7a0948bcabd3522528eefea7571a357fcddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ced2c9c0291b097b3d78a6be6d9c9d62

SHA1
e6af0073d44db30ee0e93545fdcd0180426d46de

SHA256
ed887396e9c55966d1a3c81b1712a5d3efbdf573f2cff2ae0dbcfe53482c3f7a

SHA512
e7eae234fe616391d304f2c0df34b9623fb6b3b66f87d9838af2ceacac797a158e69c018b66a80d0a8410c45e004b747cd03cad61df6aa288cbcf1a50091411b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7cb92723ed2819b50cfe1c6513aa9d3c

SHA1
679d1fdbf09ed7bb4fd8dcba1a5e46c677911481

SHA256
7c1062b9853aabb6004464d7d03ac9ca9a53622ebc6053cf1b982105edc69bd7

SHA512
ac1df41e1cb919bc1b79847a187d97def1d2323a105c7cf7b3f5fba0a3425b8dfb6c39ddbd2cfa3d0a8dfe790962af7266573a34ffdbdf6b9278653b95a35601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
ef023d9fc36d1552951e0b36b594e1ee

SHA1
1f3ec2383512de4482de3b54ed7a5a4edb77a385

SHA256
c0c9f92e61e2715db08d139dccb1e0c9f02f861491ba0ed7ee810dab8a00cbd7

SHA512
6fd08c9af3437f3f46c02e070f79140ba2c4a08c1f19e95f6065e8002b21e77eca7b20533e664de6e3e322b7989f0d14ffc5c16c34b7f0b653de0bcae685b586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
93af30a5d069fb36f541f7f3d853a14d

SHA1
31d31d403cfc06bfeb49c1fc2f852428f1e4647f

SHA256
48464e081cb74b9f10469f9eb15df341c86c48b6daee78d37684a1b011bc991d

SHA512
7cd0aa0f3d2ea55d82ed18267f2bfd62b76993c7038c4c64dc799a92be156d0adbe58f519ad91f2484e9b850c1f5cb1f7295912a3e26dd07add16c5245c5228f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
53fcd983c23fea0bed4e3adaa247386d

SHA1
8d50bd29f7e5f22d16eb7b2561d63688fbe66f10

SHA256
d93c9bcbde04060215a79432dcb3351de66fb44afd7f9a1d7a3ab3d8273bea32

SHA512
0afa6c93c489a87ab52f5b9e2ef4dab444847197ac1ef3728d3eea7b0c7645cc8043e879e2b6aa75c67e5062f96ddda7234cbfd731f5f89fad659f14409fe8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579182.TMP

Filesize
48B

MD5
1a1da2eb0bcb2109c9d81c20f667c902

SHA1
c436dfac9940518a8764184b7c31eabefa9965b3

SHA256
04060399e5998a60e432a50b6b1fbfeb39aca394f5c739313d613116da1325d2

SHA512
feb2e82885e24aeca0baf45c94b94400f5535675c7484cc30f2d9acaa7496ac9b849e9910ad5725e1a1f7b0e8edddb087ae82b8f590e44eecb4ae90fdd9a632c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbda65675df26fb0e715bd6aa23d675e

SHA1
bdf63471f88a20986768ad3d95de484e93aab31c

SHA256
4ec9402df292ef0f80186b732785f29a7193b7f2913b2738214a5c0170d778d1

SHA512
d43c86582798d20953108c74bc41cf6fdc5c5eb5d728fe29aa8b5e9219b3937c0c4e893ec6f817d83f1068a306de7f5e51ff358ba946af13e29bba86976c7b74

Download Submit