hxxps://youtu[.]be/jLdGDfcy134?si=azNZGWbBakQChJf1

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtu.be/jLdGDfcy134?si=azNZGWbBakQChJf1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2004	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2004	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 316	3448	msedge.exe	82
PID 3448 wrote to memory of 316	3448	msedge.exe	82
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 3216	3448	msedge.exe	83
PID 3448 wrote to memory of 1844	3448	msedge.exe	84
PID 3448 wrote to memory of 1844	3448	msedge.exe	84
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85
PID 3448 wrote to memory of 3052	3448	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/jLdGDfcy134?si=azNZGWbBakQChJf1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ffb1a3646f8,0x7ffb1a364708,0x7ffb1a364718
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3380606021773276156,13624326954775146413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
46KB

MD5
f871dd44ae8c9e11c5c85c961f8b2ab1

SHA1
7618910822a0f2639b405e3c0b13faff0431140a

SHA256
2ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec

SHA512
3b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
7d8d92c7979928537d71703ea27d79cb

SHA1
d50a42fa707bbb4f1a981febc8ad92cf9bcb60a2

SHA256
cf1a9f37a2711a8889bfa931ef602e6a89e52095cad48fcfb59323ac13ffa312

SHA512
c8fdd8dab2f4ab702e905d01bece06ef28d71dc7d0f458b24468cabaf942416a11f865e44f00c098100abd251c37c5412c76025e31930be1d903a1ae46dc2d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
871c9fe3b359bca4191f5ffa1ab356e2

SHA1
20fdfc94b3daa13604dbc8022ea2d8f7bd7a1ea7

SHA256
7237e0a515cfee6dc956a1b83ae1e82e66a19f7c943deed2509a71aafadf4010

SHA512
c758da8fb3a00751880182fd37efc0e2fcad0a1720335268cc04d8ac776396826333ac8cca02f8aab81f4452453eac868cd076033dc1278ec847e10af8ddd766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5261bb510154289a9b452fbaa8ccadbc

SHA1
28f842fbeb9dba9c7105370f4e81eeabcab7a66f

SHA256
3ba4b4d5ab1aafd50065d6be4fe42299ba3e62dc35cb2d897b6ec78a9f44c0a6

SHA512
3f68afa9d5d707179cad178622f9245821054414d4e11d9453af137f60b8774010fd8e4b2bf5de50fabfda7097f3d5788f051038d9bed26ee7788eb914a6cd8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81a2ab64a4bfc0e8246625f071db52d2

SHA1
84aee9ef2626a3d9d88bb02ab664c0d24801aafd

SHA256
d414c33618776dd276a83de919619b5ecfa5b20cb1d59cbbb670ea9ca467d939

SHA512
ec623d762a3fd8ba0fb7f3bdfe5ffe463a4a7bbe044094dbe16524cba9a0c6fece42a35fc2c805c79db42afbbe1945b91e557b82a91659e67d5a5c75ef6576da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d36b58901d042008532b5712225b75e

SHA1
be9ce1a20cbcfb57b8f967368e6c5132b1d916d4

SHA256
21297de1805938857ebb84ba70149fcdfafd977a1010fd6dc6071d0e6c996455

SHA512
221883f9db285373a06bcf509089cb2cac42dae177500633bf564072586161d59ac8dd7e4f622788902ec4b4ff7cebdaf36886460b66e2023d85278e78a58c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\17587cb5-0612-47d6-8e9f-f6a0c0e5827a\index-dir\the-real-index

Filesize
624B

MD5
2dac370375a498a218e1c20be977cd6f

SHA1
4f1ba7ac2d030a2b9ef082762338f53fc3ca9ae4

SHA256
6c768d71effa20b30c81c6e72f2e52026c0522d1808deea01e500908d55ed339

SHA512
d25992587358e9b1923a5cdf07f473a72aa7d07098258b2a7ebe5dd186e2d9097ebfe68294e9d587b7ca4bc61b041d9f323fa578162bd60f19f7885f1db11a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\17587cb5-0612-47d6-8e9f-f6a0c0e5827a\index-dir\the-real-index~RFe57b333.TMP

Filesize
48B

MD5
ab38700ae0750fbfe865c4a051ff545d

SHA1
57eced0336fb1415ca6ec7b5fb79f3cc471af244

SHA256
ea0585b5ea71d8289578d97a68ef66dd8c8f689711d839eb2ec069320a55c19e

SHA512
7191e8c3ae2fb37cc5a7c14f77ec15dd2676c077c288d165e9dfc9147ecdadbdf9b18c6d5bcab0ac943b8fd17694f7c5cb3ac91711fa4c18e4f5d666a9d6707c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad8e0574-2521-4a1f-b680-20c30be4d92b\index-dir\the-real-index

Filesize
2KB

MD5
68d8c0f6c22d1ac3136415dd07af1c9f

SHA1
e6338de2a1696a15ef4c5c53434230f9dee4e09d

SHA256
703943b3731a014fe7db5021bc12ffe8f5f31473103d575600cb65f035180d6e

SHA512
73fe56f59fd239bc8af76dcde62a06d8994124a0e4825320e2b11b1b0af9fa4f6b2f46f8b0fd223a83c38fa5f965bac99f4290695c01becd7f635ed7ec7f3082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad8e0574-2521-4a1f-b680-20c30be4d92b\index-dir\the-real-index~RFe57b035.TMP

Filesize
48B

MD5
cde2359186ac15ab91dee4f4b3824330

SHA1
0b64cbeba2cc16e564fd92d8d4149e1b19051fe4

SHA256
867d2ebf2c2ef61864a04ae6eaa9f91be23f2f0101435a9c8a74f8ff2e13286b

SHA512
e3af543ef1651f6e613c5a5b64fd8530f623b90e9994ab26a3f0e7a8730d53c0e6224ffca687bd964c1cd3395fc85378d57095934fb420c8f8fa634b54cf444f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3f9a5fbef799eed31a820c35a718d0e6

SHA1
fe5cd2849b2a03cf7d2012b2a7b4a17330bbf380

SHA256
43ff0e233716d16c534c3ed0b3203680a873e8355c0f380be10cffd369fb170f

SHA512
0a6a6db076818ee03242166c836db88c546bcf2b6a0c724f712de311577b4e45a4d7ad1a450b70dc207ee432accd13c23a3ed79378abc4050d3471b1ffa82e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
de8e214e8d3a90e4c3713c02492fd917

SHA1
38452b29fc48ff27c1e847a93750749e3e7d81c0

SHA256
0181836607cedf38dd1940142575c46ea9f329a1eb52475787949cd632740fcf

SHA512
3eba869f74d9aa3025e569d9f738dae5defad612d64cd011365d39bb7347341dcdf3987ce732fc970e8a10d7ba1c43ac30970796eadb6fbcf6510b68cf8d5a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
20dadfffc7d05e359b36e3f19331c2da

SHA1
f22d18bc61d4d26f2d697f61b0193565625ee0d1

SHA256
4df26dd2ccb29ddfc87168b81b96eaad785f12bcbd6069a3312cc2c10631d95a

SHA512
a6a48666f4715c0aa51bb8c62b0c7c603f6bf4d77b7020e945dea80c72fdfd5f370b95a9823bc826d29ccbbd40adb96fa03253001ce05a57ab5f5dfb9866a566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
66cf82358a85433c55f14517c29d3f38

SHA1
53b4d575ac12926b2385cab4c8c50351dd202f8c

SHA256
b888fbd5756ffaf2b7a808f06e74911ddd1702142bbde5d2c746207a0bad2db3

SHA512
c258f95dabede6f58b7b6c611283120d69a0ba4da6e8cb507844c6436a85773becf992c262db0278c6ac0686a8b5fecd1fc4234e330549b5730c3f9d6d3f9abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5758fd.TMP

Filesize
89B

MD5
8bc5479a5289a8f1e3838ef1653346c2

SHA1
883580652cd38f3748a8c172054560bc54ce7e73

SHA256
088506da5dff7b557a0c82c650884bb5072bef1d15f964dc5c3761e032ce455b

SHA512
7576552814869ff0e43a95a4e02959f34185319529be19413328ee1f77ae120fe3b29c007395428abf970a9466efdf52ead5780b132aa413c3282c9b42130938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a826cabe791ab7d4f434b4f9aadc0e8f

SHA1
411cd8b4ea760ef00b3a28851b3856ed24c1fecd

SHA256
2714bc6473fd6bd5b16f2ce7dbf6cd13cdfcccaa6d8ea2986749c157b5e08ada

SHA512
dcdcb647c87a4497cb7b501a7383fccdab65a4b325976c18c5d398806f76d496979656c9454379b1f6ffe85720ff0879c3aabf95fa195e193986c7cefccdd32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a901.TMP

Filesize
48B

MD5
4ff0ba294e898df6bfd51e489fef83c7

SHA1
ec46bc2e224a25813a43ef7371fe51577b134c0b

SHA256
e5d642bf39091cc6c54ffaf5b470975e7213563f88afe1ee76dce40413c717f9

SHA512
88e32f2d998933e560d04d8fa94ceee74573ddb8440ff8f29a30033491b8f0d1ca1b89bb71f3d80b08cde533637c54b9752661721e78d90ff28aa8bd61d9a029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
caacf33c6a3adee7e756b4dcb48ef1e8

SHA1
4cdb2cfd14953d82ff63b4249f4d0b9c6cc37bce

SHA256
9fd0b68a25efb26e62197a84ceb63242e21490d5908495eff1a22e8938a03a5f

SHA512
18bc45ef98250cab39600c8ead5141b046827d048ef7d833a2daaa4d173eadc3924db5542697502eba2b77e19cbed7230cf8884c11deff80d37138c785da980c

Download Submit