hxxps://youtube[.]com

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
4384	msedge.exe
4384	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	216	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	216	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 4980	4384	msedge.exe	82
PID 4384 wrote to memory of 4980	4384	msedge.exe	82
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 4144	4384	msedge.exe	83
PID 4384 wrote to memory of 1504	4384	msedge.exe	84
PID 4384 wrote to memory of 1504	4384	msedge.exe	84
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85
PID 4384 wrote to memory of 2412	4384	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d7846f8,0x7ff84d784708,0x7ff84d784718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8313323797654117329,1655891908955912953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
08cbcc8d4c2ca66488d88e7f3a1f165e

SHA1
03bbde0fc01ffc2929763a083fb1aaedae0b637d

SHA256
e9579eb683869aa0d7ac421e2df3bef53f342cd3335d09c754a82f892ea91750

SHA512
58a29c5b851f9ab8fb32b91dd50087c785c91c96e58a632c37281ac20502cfe43a6c5afe849fcc3b775bb23225cfbd27256ff44170bbf917ed7ff5a62138b420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5511d29c5fca7355f7f0684f98949c2d

SHA1
d2795f43f171ed6fa4412f9765e38c805a1f0a20

SHA256
bd441e76ee846095727fd1e0460195fb45f4fbf6bd6137d38dc3d4e9a07ef986

SHA512
7d7afe36555772f5944fea6d356a6c5b52d3d7b4a3a4fd3fb1117aa6721c3e08f10f516626ad16bdb106f012c6df40e70162d2f388e2a4d006702eb887fdc81f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b06bbdfc898ddbc36cc9557d1505bcf9

SHA1
5037da4c171980d8b3122d408c9f6a8c549f8428

SHA256
4e931852c2366c9df3b1d2d7020873bb4bc9fcc917013e4583927dd872f5d444

SHA512
267b085fa88f0ba8ecaa1008805bafef067f5a78fe18963c20bd3e2fa06068578f10b29e2ddba6239fe6a81f71af692aa99fa1a2c0a3c674b6f220ade5a26d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb11939c400af7e130e967aeb194de59

SHA1
5c87c1ef4ca635ff654dd70f2536834cc19130a1

SHA256
0d24f555bf88d86d3ff315939007db61148bf4e232cb8d4d189207d8df193966

SHA512
eb690f29e388f3f36108f4194f6389b6588a917204c9bd2cf7f2d41abd843f8231ad6b40f8f78afd7315b6c5b9d3f102d22021f753aa2dbfe55d49fb48ad35e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe9cea43336259b72d405219eee442fc

SHA1
2404b20f266c2021d06ece6a276580670ba572cf

SHA256
cf809b9c62a349582c0ae293240f95c2b94dc9106fc94e2ed171c73396deb177

SHA512
d3b4b42230b17921dffcb656f9be0b1bfd581e1d93b53ce36ff1620545861a606129c8f05b2776fa48562532c841092f0ce6fc36be365aaaeac22a717de6eb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37f6d4b9-c76a-4c68-880e-85343e10650b\index-dir\the-real-index

Filesize
624B

MD5
653cc2eea8567aa7c4ef1f46203ac9c8

SHA1
61d328dd65deaf4414833be2bc9a512a297cd6f5

SHA256
5d9e567646a2c17cd397b24010aafb7ad204f41765dcb1960cdb537a53828a6a

SHA512
310c6fc79ecf592b89677aacd4174aa1a0bf48c690e293e18bc9c99991bdfb3bc69c14f362eb222a1c051013e3be2992996319fcc1984eee884b6560c6115cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\37f6d4b9-c76a-4c68-880e-85343e10650b\index-dir\the-real-index~RFe5791b1.TMP

Filesize
48B

MD5
b7048228ff5c3755c9a0c06ba704b4da

SHA1
4231fcd289c0dd3bee2635deca26a8f0b90ea441

SHA256
c96c50f46c2234e9b88f09683b2de414f398aab9a67fce0da22b3b91ea664de1

SHA512
8a7d06d32cb6342aab85597c6d483196138abb802e3e3b19a9f2f1dfff0839c3524d30bbe285ead0ce7ace16037c3faa929057cffad9edcff58774bc669a58f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f2ba774f-146b-47ec-9090-70c1dde725df\index-dir\the-real-index

Filesize
2KB

MD5
fa84fe83264c094dffe5b21b5f0ba98a

SHA1
08e845826e424113adf9bd4661d8fa6a9a9c855b

SHA256
5c3b0e254df1ef8fbc0f1b1912442927f1f80dd49dfadaaaea12ba5fd837a900

SHA512
0036b12e44e98c35c3275a58110b76a8adc024c5b3706d301c3dbb269a63def6e533242070fe1c652375bd2404809c89281d385d7e386d13cf52e494f4b3a1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f2ba774f-146b-47ec-9090-70c1dde725df\index-dir\the-real-index~RFe578d5b.TMP

Filesize
48B

MD5
c0a6948d51185836381f62ba841839bd

SHA1
cd3065a0277afa37b9579d618ba9a7dcf7cda6b5

SHA256
5be24137b00c1831413a4c0d4f401abbe3ff625ff601d72954514f54c4cae120

SHA512
b32762aebcfcdfd391db023c4aee1a9f1af7a4930174ce90dc38f0e2bdd6e53c6ef24bc0007fa29a79d75f6b16b3d0e1c22b1e799df456aa364dfc1bc49fa7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ce1c549ec9cb1fd241522517347e7f4d

SHA1
3a44b5cb5fb62f33cc2e634e2a5bae4b79692eb6

SHA256
4c228975d84a74681a8f54f06a2f480532ab5e5973ddaca5ed45f8cb36cffe1b

SHA512
1791ef293c808dcbf60f69dbd99f9ead188ec5c18ba231f60d0a81cf9eb0c577128569631e94466f19fa25d844d2966b3fdebeaa142d76415b9296288e7843e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
c5aa6be43e812548a5126913ad0d3764

SHA1
06f3603926e0a244dfbe0a2f80caab1f3b8a5185

SHA256
ba012e4938a4e35d6ab9dcdae85575c2dbea2cec66f20ba6d5137bebb53c1714

SHA512
667a517bf5943b56f10e4b62aa42325dc23b4de10da53d8fad5dc92816f1b22b4fa469e112b1b261e7c2c1ec2f939050049af6a368e4db165e4a7012364ec039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
cf8a6e7a7592381258d0a61b80315f94

SHA1
a026aee4b1d825b073cb7db4f850c15e3b3aad26

SHA256
6a3122d1c803410b799e80583861da8d5bd8a7d441896505fc3c3973919375dc

SHA512
f9a3ac2bc1a50414346f4ca81fac0cc0a171d3fb6c05a8ee37e51b778f49533678445186d011ae2953d5bc2abf9d8ea52c6e934fa15a39b8532cbf874b3467f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3bb78a2cbae09b9afa1a4563ef62cf4f

SHA1
b0fdf9804d7612aa53e8a174561a011e9fccf240

SHA256
9639a01f1ff6d93ba9fc5724377bbd02cdac7d3c011d1300c41fdfa17378b3f9

SHA512
4cc5d347b063f4b892cba3f80301946247dfe018fdc9391bf2d0ae5ae5e21cb5938d22ae078c76042a4db41cbfd642922bb98258e8f845f7ed3946a179c09369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a7ce078c6e1d1c9c64a89110aaa30d7d

SHA1
decf84cb8609d766db6bbf106a52a57768e5bce7

SHA256
5e517d4f8bdf6ef74092d8c6c8cbce99f3da5bfdf77d3a75661e74c8f0ee3c04

SHA512
79aba87e7fda01162822a4ef46204a87e9a1180cfac22ce245b0d41d5603fa73834caef227d4ced5f25bcbc31c5f55625075360a2a46576d4a46db822ea1a200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
27c1b14feb1ba8c1ff21868c66dbc23f

SHA1
fb1590569580a728fd4c637620dd68713996926b

SHA256
e5c1abbcd86859fb291b3da7829d85f066794e702d97538db2108b99926f59e5

SHA512
48955e1610074a9229f3f1f69f39fa1800d89554299cbdf4694c216b98210c7449f1fc0355f066907cae4da964b2bfe2ed4b029e90516fb2d67ea57d79608773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5787ed.TMP

Filesize
48B

MD5
faf76bbcc91f401442d496f01c3de489

SHA1
4ef606aa3bdde8029905ed469d7d9bca5d5e797a

SHA256
1340b87d0c7f4e4703637ca6d64aa3816ee33188db4364f7806857d6416eb264

SHA512
d615754529400d948f013e95dabf8fd3d6f3fb276edb68cf27708a1094e7b9e630261503a5a9db738a5877a4a65d6203c04206e5020e3bd6972aa7b21818aed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c658f85962bfa2924699f17725e2db1b

SHA1
1f9b631680f9a64605e8f056278af5f7311ac1f2

SHA256
15974a4ffa4f2af2662573384f47010a62e635b2db4db8e2c9db92a53cb18e00

SHA512
80582d9744730a7a6e190365f9efc6be6ecd856bb6ae49f39af119787d24a9437e89c1822ae88707a11c12d7325a94db8f627d1d9f0fa74546cb70578d8150b3

Download Submit