hxxps://www[.]youtube[.]com/watch?v=aQeaztXRhIM

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=aQeaztXRhIM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4688	msedge.exe
4688	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3732	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3732	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 1052	4688	msedge.exe	80
PID 4688 wrote to memory of 1052	4688	msedge.exe	80
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4336	4688	msedge.exe	82
PID 4688 wrote to memory of 4108	4688	msedge.exe	83
PID 4688 wrote to memory of 4108	4688	msedge.exe	83
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84
PID 4688 wrote to memory of 3416	4688	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=aQeaztXRhIM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0ed746f8,0x7ffd0ed74708,0x7ffd0ed74718
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,514501945743046138,2680140679924613734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f818d52a59eb6cf9c4dd2a1c844df9

SHA1
26afc4b28c0287274624690bd5bd4786cfe11d16

SHA256
58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61

SHA512
7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0331fa75ac7846bafcf885ea76d47447

SHA1
5a141ffda430e091153fefc4aa36317422ba28ae

SHA256
64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a

SHA512
f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
0a9e54ba7de1c4b5d00889877a3c6724

SHA1
a99b8c8aaa371a07225f39a36b3a9abad934968f

SHA256
8f0e32454cb3f23251e8b874f38c30d64ba3a4c63b9889e71a662249002ee013

SHA512
85439aaea90b7d2e9be01ccc66ad2381568e866d4d8340941b6b831d3cce8cf2dde2262c71b029346fc46e6aa50005c9a1b2b96f26e53a292dd9aed212410d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c3d962c644ac7ce489beda15acc3467e

SHA1
9d3777db244c36f692aaed53748f16106b2b07ec

SHA256
fe1d9471ee249c21d0500a004cf907186d3e9edacdbbcc78e4bb3259257fc491

SHA512
c57bb19c082bdb6c4f31f3297ba942e83a2343206a0541e44304d982ca8fd2ba8e1d4a24489b3a5e0e3d39ddd32259aab5cc3f308eeb50bbcfa4ea134e301e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0d3c64dc4fe13839a608bcaa7d72b53d

SHA1
5b79cf01d3921af37e2a99f3b2b179b30e45d5af

SHA256
ab8ce73eda8afb262218657bae1e41f4a41fb57b7b1513d3966e86eaab40ef4d

SHA512
12d5eb3712cf54f69b1966b463e40ed5b66df19f62ff3bfb9466628dbb65ebab9d4137c997b934d940776e29b308d56a5d359e5364ff0571ea6afb0b5c8f422f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17bc813c490115a20d8e53509942d3a0

SHA1
96f54c281a5c0c86a3fa10ba401fa9530b0eac36

SHA256
f5e2ab77a2eaf5376fc43e7a02c209d29d459c74a783ce7b030313c52e6a4a89

SHA512
ec9235c431dcba5b4de85f6e5d5626889b3fba4342828441c748cb152e8575e6e924476d05666732a5657e40187ab7cf32b2505b9d65aa81d0ee4b7c5e737846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84744301e76457790316395c82b91938

SHA1
35cbe2ed1518beadaa5d8e5f947f045af92804cf

SHA256
59109310571c3e44ea3770b042e0f9ba78c84f9b880153f06958566bc417f537

SHA512
eba033dbd0e5864d9acffcbc84b0a465bfb26df9090f5b44e4c6cd4aaeba3d93b54328c2036db7eaaa78407f6c0e8db59c8d4a6c9371ecd949367de747f77efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5d20c0d-d7c2-4767-af5d-596b46a31718\index-dir\the-real-index

Filesize
2KB

MD5
bc6335487f1ec0badf0536f9f7bf1801

SHA1
21650c6f101cdd6abca10a8d2e9f3099c900e0c2

SHA256
5c744567435b7a3b1be656f9b624098d36d7a3859aeb9fc154d55ed08b66b1bd

SHA512
8f3f2aa5d9b0e6bd53b039695cbdb76f96af205d4f57ecffeb6f1d3243798b082cc82533bf08baad9f5353321a3dfc73e764cbf5d09fa69a7113065ef5f01c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5d20c0d-d7c2-4767-af5d-596b46a31718\index-dir\the-real-index~RFe581d86.TMP

Filesize
48B

MD5
ba8a409f45232fecbdd07d2e1cd173d2

SHA1
1ccb89c29582b7937cba2d0cb5f0410eddac973a

SHA256
1fbf80ceb5cc1988378119b7027758f0622b9383414f214ada6b4ab27a9f245c

SHA512
bfdeb0e2993e4526cf193d732c84d22114d8f176e3f250e0ec880cc8119f70a5ef63e02708cb10a4d19c2ca76275c38cd9a66021d99fb0e7909df971bc89af21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
30858b907e2b8c47777025fb75034da6

SHA1
3a4de6322776ca9a712ef9e977b4ead28af0873a

SHA256
4e78aee73360a99f3af65ce79f9742c26a0d49dd52b42b2030ab3b609f2afdc3

SHA512
4d9bc9930eb67e9476aa193c68925dcb8c11a665a211bffbfd1cb106ff7083f14d5dd7c082099804b6632dd1e2cae85edc8f40e03a791c8e4118349cc3bc7fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
aff3c1c44aaeda5817d932cda57e6c8e

SHA1
a7d63c111fd277df50bc1e7ce58147de4a5b0907

SHA256
2b0a5a13315e18b4638e5a2baaa169c97391fcf2e11a5a158b7586b7691e3b47

SHA512
dd9e4866dfb733a0afe8a37164074d270779d867a436aa30daae9a040a79c08c4a9e6572d6efb8a2f3b864b90b1ec2b9185f551f1f6dd02d14c12502654c2255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
9ee130b4dfd66f5db772fc23bb2a95f6

SHA1
8a5847a136cbdc140e51852894a61c310ce1bc3f

SHA256
f9ddc302f70e742298d936c1fa106fb6b33a51e0ba460ae43be8cce2d38bf896

SHA512
2eee6dcadccb90d17b677fb52f78331d903be2bbf46cb2d50a479f5edbb476c478105ef219d8d976813690076b5816747dd68a3c55a2dc936383b355e3f9b85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57bc99.TMP

Filesize
89B

MD5
be60f8d48b160cfd6ed23cedb4502337

SHA1
443b986217b4355bddf5665d0f6f9802b8b79222

SHA256
6fb7653991370a5c1b5d9104f8fbef266f9f44473e13dfda5db670024860636e

SHA512
086dc6bb50c632a50dee443180701f4544bbc12003b04248debcaa874ebc0c5a73e26b7b16123de27cd07d46cd34fc9add167ca0e68a6e4736424ebb26d188bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cebc1564ab7a434c0dae4830ff591158

SHA1
89365c98ed1f6951fbb42df466e9ffbe7b42a72f

SHA256
925115052248cb7546dcf852d07e008aa8c73249d265017aef10bc2ecbff4518

SHA512
69815360d390c530917c1cdebf3da17d789e78b616cc6002c06082bbd44a6a303a4c19bf2df594d30f41616e57125c948e8546988c083f16885561b92099aab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580bb3.TMP

Filesize
48B

MD5
b1d11b27756769787840d6671475be8e

SHA1
da5b597ebd322d356a4238ef865943000f66f7e9

SHA256
ec22fce5e0ecb5b4984e044d26b6fe63026177da0a1021f35071ac02c80f5f1f

SHA512
12199bf7693f53914cd221f0ad986b5f2d58d691bef5504238febceaa40eff684606fd121ebfeb1092047061945288ba51459ec91094e66a96128391f4f8fe23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be385cbf16b0a2bdb45c8793e3725a73

SHA1
d7ebbc706305163f3cd74027ab5314deff1fe552

SHA256
10c8eb8ca06d3aea4110a166078b0773394efca6c553e49b83568bb0bd964092

SHA512
e3e0dfd1a4cbad62b5f309fafc3c6cbc21eff4904b2ce6d2a9eca5f56716d277cd860fc37699925e7252782f9615dcb21defeddb3d034836462270a79a6ea03d

Download Submit