hxxps://www[.]youtube[.]com/channel/UCnihA83bYWYt9d2J3z8f_pQ/community?lb=UgkxFaX8PdSwj5TgHkVmDjhdJxfYHylxq7r6

Resubmissions

09/06/2024, 17:45

240609-wbpx1sda9z 1

09/06/2024, 17:44

240609-wa8zhadg56 1

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/channel/UCnihA83bYWYt9d2J3z8f_pQ/community?lb=UgkxFaX8PdSwj5TgHkVmDjhdJxfYHylxq7r6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3148	msedge.exe
3148	msedge.exe
2648	msedge.exe
2648	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1492	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1492	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 3344	2648	msedge.exe	82
PID 2648 wrote to memory of 3344	2648	msedge.exe	82
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 4228	2648	msedge.exe	83
PID 2648 wrote to memory of 3148	2648	msedge.exe	84
PID 2648 wrote to memory of 3148	2648	msedge.exe	84
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85
PID 2648 wrote to memory of 380	2648	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCnihA83bYWYt9d2J3z8f_pQ/community?lb=UgkxFaX8PdSwj5TgHkVmDjhdJxfYHylxq7r6
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9272c46f8,0x7ff9272c4708,0x7ff9272c4718
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8043417082859812440,13923227477125514243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
07ebb87840563d9ab4889332316c741f

SHA1
60fddaa7b5bdfcaa9aad2bc316ea7f8a598d973a

SHA256
3547ba7ee18b34adf35e0f7ae0c3e0bbf6936f946d588b6111b90862535875b8

SHA512
a1931c31c5bc7d0935840af3111c7163f0fc743c3dcfbb740c728d2deff927132a5b4946bc93d1c3f31f54a4051e4671965bcd132ec99d8efe0eb92d56b6ea05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5552eb82b8e98656666de4e90670b85b

SHA1
d0d3b46edd73407618b9a1bfbbe72a2a3ab11e29

SHA256
c25f9bb3829a13b5792210a754e4ee8c47299ae8334c97386fd1b5327224500e

SHA512
1d47cac9322e26fe8a3896dfad9ee554bdfdcf31d2c79c9a6ab45a01a14fabcf4fc91e9730089c2af01b1ca5feb762ccb1ce551064b23b6fc5c739539bffc805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
535ec1493ee4803f351052ffc2309f2f

SHA1
1499fc5ddcf5b2298e97d25b4bdbf23b6f75767b

SHA256
a330bf54c636f3cfe606df12ad4fd9d19f0294b5d019fd675cbaef4ea96c2b9c

SHA512
5389062f6ff775da53958a4d6a686669e89a6ab2e1dc82fabf61b88ecc2cfc286b8da4e386568e7cf6f9de00398193efa120b5770af1e8be8dfec36e93ab0d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b63aaa6f7905dc6353259a509cb8fb0

SHA1
d916adfea27c1a09fd805ad399096f5190fe636c

SHA256
b7677a02e513fc6b3d6da5c10ac9c8cc179016f862949db7d030ff5ad5da12e8

SHA512
02a3175b9d0bb22457b697a2595ebda3efcb23be3ffe6257efd4c26da003b9f0d384140250cf7aa93c183b67e2ba373ef9151b1bbd597d757f6f90f219c3f32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d218804cd009595a153474f44c313f7

SHA1
73384a2bbaf9bd6ad8dcfb024871896f9a0cca64

SHA256
4da7d3216e7c62de65ccba09c9cec1565dc2af57799fdf34b51fcf3dbf034f7f

SHA512
ddc63690ea132793851ba9fced551551c5d435681a304d30a1a13729c6e85b8bbd6bf5e4bb129c51f1b389d426334d282b0d12a779105fb179fed852405a9ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a07a07c5-5712-445b-b322-c987770e0620\index-dir\the-real-index

Filesize
2KB

MD5
078a54bf027cd42aca595457214488c1

SHA1
7a0fd68b73f23cb24ac1070ecd333aaee6e05412

SHA256
e095979b2e6698d238a176035d130a9d8e630c92c9adf28c97babb62e941f28c

SHA512
0eea9d02a434b864193c0fc14053c76dad92f3c25b993ac7b26ebba0ef2aad5e9402300c6a7a2b6665fd58b2ae1dce8b70e3a7d3d259b61b34db738c2ee88982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a07a07c5-5712-445b-b322-c987770e0620\index-dir\the-real-index~RFe57ae9f.TMP

Filesize
48B

MD5
a6411922701fa8d0db9da459c87c336d

SHA1
9bad4f4d85996853470e47cb2bb91d0efe415eb3

SHA256
055dc2cde519f6305a8523b6541a5b6f67494e14479ec7e263fe6f8fed44a029

SHA512
35bfbcc31b4c1af439f42f2963b23b5e5ae8da96ee9939baa6ca3223dcfd5c59ea409d145b74c3d82b7f145a37e5b316d3ec525034bfb6448f4febda8ce4aa49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9efab7f-dd2b-4c33-a526-5a1f072938bf\index-dir\the-real-index

Filesize
624B

MD5
49b0f618386f775757e10d077a06c935

SHA1
0bb108e439ea08614c43355a5740894cf998ee78

SHA256
1dfe412712bdb8e8ae99b383f91fe9fd54501c78bf02d0e24a24527b5b559163

SHA512
ced0a953836e96a15d571f7bd7d64d6e8a5d8e778b0f1d70782708e9476c15c521d49af33a3544810fabdb7c1ff081415d80ad197546f8adf18d6c57c1748411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9efab7f-dd2b-4c33-a526-5a1f072938bf\index-dir\the-real-index~RFe57b1cb.TMP

Filesize
48B

MD5
2b55ca1c390dcc41caf7bb7e898044b1

SHA1
0e9e4af8c15bc3e650a25b879630b7bf466d36f9

SHA256
47a0ba3688f8ba884ada827d8f59ae00ca450fcd62671bbd5d4edf80f37be9e1

SHA512
fe4ba3371de50c0bba45635df0d074515d62749bedfae4920c7016ce3e0fb194a6d88cffcd0ec17ee9fbd67e49e7f41a19b75e35883453e2327eaf4089e7db5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
f137e6775d104423ac7563d5c4de362e

SHA1
2416723fb57714417fff8cc074500bdc1de23a8b

SHA256
8cb14c4695abb78d70ac3adcb6eccf7757585a2739412f40052145ecea427d28

SHA512
fd2c6a7fb4a8e248c67f587c60972af87b1abfd8bb6fdae9a0be27037febb2cbbd894da95b27b2360ebe3b9f5c7d662e87e28bdddfb9d41f0fa5ab23323f2138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
efd63061400f10000f61b9c5e38b64e5

SHA1
4a751098ad965cb904ae35fca589ad41559f3159

SHA256
7d877037859a12ecdbb3502854c12ddbf574fe22d2c39880d5ceb49f994c4732

SHA512
63aa685716f28e80c0aa49bd908e4444130d0e9c03090dadfa7013d4ff79597406d0ac9b843175913c361ac338950e9ae13f9216fcbfea1006ffaacd1a74d022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
4f609d220a4a84e7528636ad3479ac3f

SHA1
d666793734b97dc59ecd63a50b0c8d0f06ed7b31

SHA256
690d9c3ff3bd978ca7ec96250b8511a563b8be7dd113ff19db783266ca5d3194

SHA512
4bc5374f62c181f02a9203657ed41f47ba19dfe6b3e05306b6be09ed5e63feb7f3e134ec6e9b25ff30cd324faf73eee6756d8e32bd26e3b2219f07cd1ac4da0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a30aab7ad0371d81bd32430bc72efc98

SHA1
3b59afd9557b3e76275b252e3c00e9a1dea6818b

SHA256
010dace46a04c733d4029dced0e1988dbdf45676ee21665b48dcdd04a3009ae2

SHA512
c6681f2a365108c3ab51740b39f8429df2180a13557ae173a14c772a640b66ded938b12568f78adb873a29176598ce2e1f22ef31ef4219e6208343876aa97b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
153B

MD5
4a6ea5a593dc980023b2281efd583b65

SHA1
85c0f9104f2d5e8e39640bdad50f3a95cfb3b018

SHA256
14409182611f387e5b7529e29abb2d75823dd416a3abc148421970f80f2e1b96

SHA512
fe969249c279663e56a7b3aab5a5e996eac987ac0d5a8d0a5714238c1b2f5da68f128edeeedecec837f198a4cc430717e8b0f2b88f64712cb6bbd7f04e51367b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
adf42fec83b136dca753c5e38c9cce9a

SHA1
c594b51094650c2b76a47238f6e518ce528961d1

SHA256
cce55e32ac129209b57e4f06a891bd66ac562c9830c7647d03323d84c4c5c5fb

SHA512
b8906d99759c7667aaa109ff0e4132ac5a6ed399a541884e459a6bc4cba6320d102c7af864f0ba356ee1e1c79111d0447533dda97cf0b51cb5fab26a62e40bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a8e2.TMP

Filesize
48B

MD5
0e1493a03f531c80dd1778b846440ff4

SHA1
90e6826f3b9bdd7795464727550494a7da1c71b1

SHA256
c6337c963c50b91e8eba4f677228fd188e1e465f6cb19521c57417a11e3e5e52

SHA512
50cf65a239d34e0ec581511193f3641b76929a2bb4135506d6388422fbe726e20350c79d70c126f901c49a8f052a2367a103947a8a9d369c0d0dfb6446919a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
03774fb5b32b135897b12c8dddd28dc1

SHA1
efb6d289927bd197a51cb210ab8a9ae52a72042b

SHA256
998940e4261941622e21f8f5994f9944cee887886806dadfb3bdff213e2a8781

SHA512
5a112a004356bc55f16c7407dee6a997b81b3f15ae8eaf64cd8b02611fbc5ecb66202c7143c2669963075710283c6ddc1b734a91c54845c2f276c416b200233d

Download Submit