hxxps://youtu[.]be/zohVr_ZU3pc?si=GZu18x_3xICnOgwo

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtu.be/zohVr_ZU3pc?si=GZu18x_3xICnOgwo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
2564	msedge.exe
2564	msedge.exe
5388	identity_helper.exe
5388	identity_helper.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4920	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4920	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 3164	2564	msedge.exe	85
PID 2564 wrote to memory of 3164	2564	msedge.exe	85
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 1168	2564	msedge.exe	86
PID 2564 wrote to memory of 4884	2564	msedge.exe	87
PID 2564 wrote to memory of 4884	2564	msedge.exe	87
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88
PID 2564 wrote to memory of 3528	2564	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/zohVr_ZU3pc?si=GZu18x_3xICnOgwo
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,5124310384680328175,6522551079768398027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5a977b172cd0b225decf197263cce640

SHA1
f67840ac70f617c86a59c974ee34df0bf65a09ae

SHA256
3967332fdef6aa01767f666b3c52fce980b2aa7caf5745b0762e0d37943c4d6e

SHA512
419c9a7ee065792d88e5b63756c8f5aca8ade186501883d55f244701d3d63aeb3e9a8dabb282ac95f99db78ad0482218f4e4f1a5239b97955d766094c8b85f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8eceecbaa4642d6ebfed8416666ea3ab

SHA1
778e9ff1969ed537099446e8009cc7416229f98d

SHA256
b4e8ee9a4d163dd4eb1a8ebb14de11480fd0388b4f19f874132d8fd94bcf6553

SHA512
3b4def55b218e0d8d66ce7c54ba564db9be44348c083cdbcfeb9233d858ef467477583a34bb8e391fad2180c4ca1e1b10ced89a56b03218c6e2c5bd196c36eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
59ac04d20c6d9127925f40acd8a1c747

SHA1
d57bee30f0cbe69c45bb7ea7e2452a1f280e0b45

SHA256
1010c61888d375746c7e4678a1e03b70a0fecc78b24a132613a88a95b7530db6

SHA512
6d4fe1d462c513e4064d70654f4460bb9b4eaba843be5297ae5f8d11309afe0d0af94d3146f09914ee1a1a8bac76afdad51fb8b8addca75842998d4f60d3d129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c482cdccaa8fbc914985d7ccf6d2fe96

SHA1
a73accdab1ad4e529880ed69752966b216b228a1

SHA256
49e5c235b1c3e2d782faa9738d05702de7560bd40efab892b3e8b45ec825e31f

SHA512
236a44856fced720a6261592a9221c356b83bbd24b3dbaa1ee674513066378ca0763678a0819dddf446b42c2227804ce700238ab869673087b61be0c1ff5b979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee65c41f0bd78b6882d59106464c4f12

SHA1
3ec3526051967f42b62d1563e710ff4327c2f80e

SHA256
293a72bc4392f4fe7cbf8899a04e624770929691ce5fdbe00820b0693b418b75

SHA512
7b58ee9e14afd3540d96e3cbf619e57e957c3cfc91e10aad94eee1c47c29fdf51cba09c7aedeaabeb953fab8095b24ffaf49d9c14ddc4cae865eaec8ce0bb155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6adf56976c7e6da805054623f92f37a8

SHA1
0902629754e2358309e494e7fc6a9d2f0de14b60

SHA256
3f0693f6fe084d00ea038297fba994c436d71a4256ab59299ab1eac0841de220

SHA512
1cb6d7c5944a1f16cafa67126a7b4a1181771ce9efa267e2595a01cecb3a414aea00cedadaeab6d6f9c3d44268505fe220667934a06749b167a7a83cbce0419d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cdfbaeb7-fbd8-4d7b-9d1c-01f3c52d2019\index-dir\the-real-index

Filesize
2KB

MD5
2499f7c9928e692eedcfa83ced7ca5aa

SHA1
f027968e8b35636d9982072c6e3d18064cd12edc

SHA256
c7084ccb3363305be6ed8f14df72bceb0453736014565f2e967b277eed0ac6f4

SHA512
f53d3f3669037add4ef4ebab8c604145ce2eecb0e1b1ee9935d4fad4a9947ccf7db1c4280c34b78db3dbe747767360e7840200fc3b08daba927d95c4fe9a23d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cdfbaeb7-fbd8-4d7b-9d1c-01f3c52d2019\index-dir\the-real-index~RFe57e9f2.TMP

Filesize
48B

MD5
09f42903f6ba298a344f400c31b62b7f

SHA1
e7bed1d4025d24c992cef54ef4234e51cdcef624

SHA256
716cc7fa712f5663bc4a94a77446a7b248bb6ccc7761642f4666a28c3669efd9

SHA512
58da545b8a513d47297ba6064d2864194b4e778c09cb3eea97de99a3a3c959d20ae3d6f84e3429aed16c0863dbe4e5cd6a29b7012276ecb1ad8f683c90153a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ec850bbb-6aa8-4369-88c5-13e9784ae829\index-dir\the-real-index

Filesize
624B

MD5
2e68d58c56601bc61b8ef98a1cbe426b

SHA1
ca2ed69df245cd7d752ff2633d0e8f3315ace9a1

SHA256
3488a414eda5e6564d0eb57354a946ba2357ea730d91bc4e9d433a01d10f3a80

SHA512
e8d9c8f332576e8260eb0ffc2931d07db4d32bcf0775945d38b92de46423c6c420430b801f013294960db223cdb803f7423e6fb09e01ca087839031f423d82f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ec850bbb-6aa8-4369-88c5-13e9784ae829\index-dir\the-real-index~RFe57e426.TMP

Filesize
48B

MD5
603499f8616610ef3342cbce23bde69c

SHA1
7691a7ace2fa9ba975ed4f385f44a7446bfaa75e

SHA256
eb59ec26f76fb4b302ce179b112081fd1e3a38d64b991a51493acdec9f84390a

SHA512
851b7b8bffd0063348298da7a04155d85fa6a9ad11d5724e4be37e7fdce1ac235ca3e759fcd42109b690240f84a0fd06615117ab54a6b259bfcb3558e250bbf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
9daf86b4401f96aaf4c84237c1959a6f

SHA1
322ffe16a627e88569a08bd13aa47659de4feee3

SHA256
ec9a7641fee32fe8e6c43682cd66b4dab67e73bf7289ff9e3eea2f46f5a54482

SHA512
8ba6f1130e8d89b97ad829bd582a5dac577ceac0ca8f40913caf58320e9cb0bc93fd035d8982aca4249b0fa971f06709b912cbf2fbc004bc8cd0a71b913143cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
0beb129e8bff718bdad0982d931aca96

SHA1
92a98a8418eaa12aeee74301e596e72275c29b8c

SHA256
025acbb7ac4e33dea853151419908b4551d033f0e58f0aaa7f82c8baf740cc85

SHA512
8a8e125b21dc0a4a3411579afe72f6ae77c958b488908fe8054d20b1df7d54c15d2111550c5232e33ee5d3043e1520b40099d0cad1dd145677aa056e3bfa3392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
fa3c01db0e90894ebed07cc244b82287

SHA1
d1c162ef77fac26fdbea27ff9400c9d11b969be6

SHA256
ee425a005b55e17d91dc8064a6c3433d364272a8ec2811cab93da12f09c8d172

SHA512
7209c0cc427dee623e7a038757347c225f31f5117469feccbecbd3255fde1137f6d180c7b4a39c77a54804090a8635acd346baf1533a013b797f2bff6227276d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
8329927e1d3f96d148904ce68efa4c8c

SHA1
26650bc1b7d226504c2efb36f8aa5535af8efbc7

SHA256
12f4d7081f71899650b4cac3d63fa2d76d33571ee66b115d77e151c71a3c3b8e

SHA512
7f8f2dc5334eafc7c0455dfb1ba409db3a0c5919c76f8408411d93ff58f02fd6aaa523b568d3c88a6fad9df663cf4be18398ce30d3c3a302887d1dfe89afc38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
23a2adb791ae751a543d5d024eade705

SHA1
716986b50f5fb8ba663c5102089cb26a8481c9e5

SHA256
bcd85478e327ecc07359e280ee69c9250088ab4f356d67ee48983a96e54ed6cc

SHA512
02a61b40c850ed3227fbaf82638dbad9ae856e583701f6c579e5e59eb8f31a7a4bfdd019149c2f73f9042d192cec7f25d4ab7b402871c9c5a77cd887dab4df49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5a39cd3afa0d8f7da253219e0f0c996f

SHA1
71f456dea48d71e64e06cf2f8525f5c6264fc188

SHA256
46267ae67bd97d6a72bacf15d3f3fc4834fbdcfd16d34d3f25ad5131dee5945a

SHA512
3f81f9789cb5774e0142ab393c9e9ace9fe950e123f3aa991998f845055a15e74a0e7f44e935d9c2fd751a61622ee2bd271a4d8fff601ea012c62dc0811d0c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d263.TMP

Filesize
48B

MD5
8c319aa2a3b5518f2ff84d1cf0a55489

SHA1
ea0b94ca04b59ca5410ab45b1b9f18fe8dfe7421

SHA256
b1f618803ca44b31827d7c449fcd80e212219d9df13f51d479022073fea424d8

SHA512
efa6a0559892a586394c6a760f1f8eb66ec19a0296847c4064ccfca3f5d59a0211ea89127b1c67f99cc00af7339753e44517c08384165603397bd08397e9a7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5694e2a2111c9694155e4d4a251939d2

SHA1
db63a6ca03586ee8b7b37d83c909510970bd01dc

SHA256
1560aaf74239e3385386f192514d021a1515072fc629685016f478e233ecc3d1

SHA512
2bf71319ba2b6b28f76256484bdc437464e9c0e565316cd6c7d70640419261fafc563f3faef6e028f63777909f9b5c4fecef1f4d3e61fb2b31cdc7edf82313dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57beeb.TMP

Filesize
874B

MD5
f0ac318435fb57ecd6dcfbe0d9cf0b94

SHA1
39972ef2fcf3a0ab612ab6dc79dbab57338fec2c

SHA256
63dace38314f15e4e860c2dea9306b563d20b36431f6b9c6055b924de19be1ff

SHA512
4fd5d943876e0b4547af8e95aad4705e10832c368b1ef61064c485af7dcba0e9e2740f4424550c3c8ad1e6f9fa3441ef431c797afce4d6f61b17c1e661bae175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ae701bc9fea7036a18ad2e7ef8c9bcd

SHA1
414d927a603dbdee1521e550fd6a4f713cef655a

SHA256
9573562b3fa691c6a3b93d0e52a7ea8477f0f3e767dd9fa59312775829c72b09

SHA512
867659277dd963e0e36081b6b4b72b5f7490c5a6941a7cb08d4a51fd04af14e4f95aa4f0e2b7d5cecaeda14a627a7fd136d45413ac97807695cc1134df813733

Download Submit