hxxps://www[.]youtube[.]com/watch?v=P4oxUrZCKuM

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-de
resource tags

arch:x64arch:x86image:win10v2004-20240709-delocale:de-deos:windows10-2004-x64systemwindows
submitted
16-07-2024 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=P4oxUrZCKuM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
4696	msedge.exe
4696	msedge.exe
1444	identity_helper.exe
1444	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2496	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 2956	4696	msedge.exe	83
PID 4696 wrote to memory of 2956	4696	msedge.exe	83
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 2564	4696	msedge.exe	84
PID 4696 wrote to memory of 1716	4696	msedge.exe	85
PID 4696 wrote to memory of 1716	4696	msedge.exe	85
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86
PID 4696 wrote to memory of 3624	4696	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=P4oxUrZCKuM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eb5a46f8,0x7ff8eb5a4708,0x7ff8eb5a4718
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7771325659221875260,5854663850882750685,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
b6c32d15f703dc3944628c2537d5c923

SHA1
dc3c0d744bb49d3c603d5fefa846305e4d97534a

SHA256
fed757c61176ef167ab410934b82fb8275b03ab1b5fa3521cefcfc6771a50ffb

SHA512
30b3c474a04a9a4c0a78329728b064378524713b84861bf8e2d93ccc23fa755cf04f70eaa0b06de68de47ac7050dfdcf77fccdeb6005db419de12d1dc4303ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
47KB

MD5
6f430b356c450efac8573610a51ac989

SHA1
c7adb5b1daa170fe038f45e522151b0158e2a983

SHA256
44dc93e647cedf4b7382658e892b77b1f99c86a9d97679f6b1cfa67fe4784907

SHA512
a8f9260e1f3f2e8e69249cf9e1c64cf149ee6b5a9cc95481f2395ed0b811adb13282c265886195286f42a1de482951b7a6d1dc64b4c1a8def182d0d1d2dc2310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
975e26ddfc0a78c5a27e5b6533c7c666

SHA1
31fc1e6f8f1f9d6f9a11e8531f5ecbaf6a64cdfa

SHA256
7572e47efebdae8fc9d84476b91a54c111bad3dc55ef6de353ef07ecf0fce603

SHA512
c9617e6f559912f3d7f92f8b1f786541d9698443714f49a6511c9d4d31ec6b5eeb8f87b8c5b49ae878771052b947b07f8ca40c211d4aadbf5f06845511eae500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc529d187e2ba66b8b4a8b5c85a16003

SHA1
33d19ff029d15d4f595cbda2562fe6e37c98c3a5

SHA256
aefd47441a8714c8b1892945f94157c4775c3a093d55d29a25b4016501a86a3c

SHA512
fd32387059da1c1cb379e9afd517fd02bd934d35ff6c05f0db2429a59d51ceef75ab974f81e38e0c2a5ef0c891b2465bddf582543eec0eb05edc88d41bbdc0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0487cf272f03f56de4eea2f7bb16e7b0

SHA1
dda3f23ca8035c2a037623ec0fc2d36c742eb346

SHA256
3f49cc846cdb17ea4cfa7cc478a7c7862acbbc16a623c9097ba1098821230a85

SHA512
7c4445a4277ce5e7f48758d5ee9c53282fd555a53e5702923dc276961c8a20982af5f75bde30b004e12ba160b9ee25780dace5a2477081a655d88e912baa0d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac49a060552a17d83babe39a9bc25c05

SHA1
b674200731d5ae4ba3904c0807888fee2f0e4754

SHA256
dce7482cf43a537b997198344ca8b31cc03fdbffc047a30c2d2fa8671b305e57

SHA512
f06d4bd444aef844880d70076524318492bb5d0080c12bfb78ce18ae00b1c841e0792f809c7c12bd0e2d5d3fbc5e625202d9806245de1c80e88a4028b226ea70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e4a8fedd73baed10e76b8863837cfd2

SHA1
6abd3013b22acee9547661e229fb30306c289dc5

SHA256
a7672dd6450e3a32fe68f9bdaa29cd032874ebb3ed1d4bf304107c8a5e8af1ce

SHA512
1dc8f24726a2166c534ce65655a46e4c10e100f29d2d787312ac47a4980c977ce5f969913cf02600f8b33f4618db9b5375bf06a19d2dbfbbbda4d457d0013680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\86901f89-3403-4d55-a7ec-9e831e23ab2d\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e4935c4e-d5bf-4859-8439-a3055ac5102e\index-dir\the-real-index

Filesize
2KB

MD5
338a812352fa4005aeb87d95a94eb32c

SHA1
d87c7ba1d4dacf59716ccacb45d3c025a4c60e44

SHA256
a64439be455327606034b0066a569c167bc4a4c9455ca8f60beb6be3cd2a3598

SHA512
a9ea214ce8340ad521e922db6236a53fb0bbe7c03cac44aa75a38b22ca76a04aa80a3d746cbc489e61c4d720d4989101417ac925124c22767099aaa8fd542bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e4935c4e-d5bf-4859-8439-a3055ac5102e\index-dir\the-real-index~RFe57be20.TMP

Filesize
48B

MD5
a645e64c146ceb2604cf9756e3f2f6a4

SHA1
f7669becbbb094cf1b5c5c141c84b3f60c711efd

SHA256
80dd75262e1f4005f34f9a7c5e3ebe8cf6fa6c4e9215448a944ec445f988b7de

SHA512
bb98c73cb9a8f12a8bd4f42c4d0053e353bfa632d7ee0975e7c862cd22d83d39c7e633684c0d0fcf1d0c9ba0bebf8cc7cbbdbc27286a765633e3226ae3a0e6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3eedaff-8d65-4f79-bb3c-959be6a6983c\index-dir\the-real-index

Filesize
624B

MD5
551d3f9dde768524237e2390041db033

SHA1
8fb5188bbb8f9435ac454aae7c8c3728dd78bc52

SHA256
5027c741c238b582ae11b13a26375e18d793a0f6ab0b31b055d7363e5042f507

SHA512
13bfde1143d93d2c0266b0d083c7691459ad5be1ecb1b86d610f5604aa7e07625dd489f835e434ad04a923865197f0c928c69da02933dbea337722bf08e15bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3eedaff-8d65-4f79-bb3c-959be6a6983c\index-dir\the-real-index~RFe57dac0.TMP

Filesize
48B

MD5
3c39881c4fab4e1ef61dc4a8d08eb5ea

SHA1
afbdb8e11cd22831d89e8877c622aad6cf47d417

SHA256
cdd36c026da643f43e98c1a9642338b7f5b25131942f0bfc6b7f0fcb25d9e8f7

SHA512
62fa2d8bc1348839117913db939e4805623ceeea1057f228e7c60cc78276378e9ad7b933eff6145df4591c2b1160d39aca16c5ce12509d01bd3e0b3984f077e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a1a982ef295332fdf0187026b43cc21e

SHA1
21fdc703da2c343a65e6255afae7473dc148691c

SHA256
40aab77d987fbe4fa8c3f701b21b56f237e2a59c5d8e404d51b7447f92611d99

SHA512
aa8d90aa43ecdfeada97c6a95ff3cfa0a297518b139b8d3cde43c84ccb67231dc99cfc75a09a6f08a7eb7be26634724aaaaef8b780f86360f68dd7ef1e761dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
c8f8a610687f0952aa4f76c3d2fcb773

SHA1
91178b559e6965c3266d96620c3c803365df8c76

SHA256
1bf96723483491dbb77ad9d94b3b3559cfe54513a82ac5d45b0476a66d0159ab

SHA512
22dfa1f29ce952dd426d2846e3dd8e1e251f097150fc0aa5cd0ec5477bc75a2a5f18a56c606f6ff382e82ee194bee2f4e78e67918266c0a1b67bf44042a0439d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
c19d69c9eb71437b416fe4998af01203

SHA1
3a5ae78f0fa9bed60ce540ab884cb37cf4af3d35

SHA256
395390d894483a1459a7b14b19fe46f6d9f9cebe395febba5ad3b0c4e132a6fd

SHA512
6b67f1c2a4066c345eb8917a1ec581f18a9454aa6cd6e97718ea25db67dd101df542b6519b0d867288f1a96003b1664b79f65edbdf7bf94c641f6cc997cb4b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
97805946256bf8f1379de024e581c700

SHA1
2627e4ed8816c57b59172e3446a2b1363073d0c0

SHA256
704806647f8962a1cf012671950eee7c0d11a9f5ca5b2fb946d374c353611486

SHA512
e8097ae190d5fdeeecfea86034078ec5db9118049c31397a8adbc30858b4704de61bfa69126937042ddf5109350e817374b51da8463b021236e8a5639fa9e139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
22e063ba53f85de2c443b37f671991ad

SHA1
bdc822cd12117fe64d5944e9e011c4564b67f8bd

SHA256
ff6d3291822d65b053b97b9e8da2834238c31a3d1fd6f2878b1f4da4358f89be

SHA512
24ea5b369df4490c51459c44936e897edec5b71b90b57ffb004a4f93dfa3184c6e5adce5234e17c34340c2f92853822468c0cd80836fbf7e0c0cf17f757d836d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
78df81545fd403117f82b23e35a39b33

SHA1
6a6d54ffa94a44840a041b3530838158f355cf1e

SHA256
a0b8542bddf928e055d983c254925bc60fb4f2b4e262a3d933b40ad1d27c0522

SHA512
f3014205c203ded303f107a342002531900ae08d8f878c638e742062667e29237de7e867b20ecf5afc51a9035905c2411d8abb574e14c54eb53c5ac4c58dc746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a73c.TMP

Filesize
89B

MD5
789954cca52ff2633d44b16c43db4ff0

SHA1
94936aca087590067755a0eef17a7e11e809d2bf

SHA256
30c3a171ac215815ecc2eaeb519569fde241e0c493519e189ccafe4713cf2d55

SHA512
1f9acaf30254491b727374ba9e0c5bd3fc779497eb957f32cbeba42f8f37c5f83c42f47b46a6e9fa8f2a5d46da4d042f08c3b1aadb0ec3333405586b800a0657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8ef713ae5283b215d609082469d19847

SHA1
6dd0e4f92f120097971653f954afd31f0db87b8d

SHA256
7a8a99003a9e2f849e5bfd7345a0b839ba685daa9d7925ad0354dec8d5ce49aa

SHA512
830dcc016249adae3d40bdbc4652f6cec008b50c01d40f4f23bc41385a8f0da56b95ad8ee7e463ebc44084a8ecd5d3d86494af6c0524f719b830c9ab993f5577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dac0.TMP

Filesize
48B

MD5
04edb8067ddabb930f8e81bc340aa24c

SHA1
2028e0b7d82ae69498c89cb7018bad840d6dae93

SHA256
80458cdd947f13f24ed629ff3c88951116fe6fad51302d82120aeee8d95db2c8

SHA512
0633d44340cb9f2297de8629926e68a2cfcf0dc0545f9ba9b68b363f389b710fa72b98b8bc65f73f974a748b05a12882b899439f868c5657b27a8a60c02fde39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
dc89208358515311a78a5f5cd4aa79ab

SHA1
48a58df2784b95b9f8d7fef45fd9667b558fec52

SHA256
9d41772506c97c5ef078ad08df1c8acb991038135425dcaca840f84f050abbc8

SHA512
c55796008a56b14da3decf6dfc66f81185ed9d666fcdc3eb0b22295e5bae911478c2d912c8c642010dc786a86dd8a1886aafee15a202f41fb0aaef7073fc397c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57daef.TMP

Filesize
706B

MD5
2a198b91c0fb73ff1996a1ac4db638d2

SHA1
fa4187065a50399825683b3bf194f2010b1a7f1e

SHA256
e11eb0400d45a1fef4d1b9740eef157f2498aaff256dbf3a165eed6861606043

SHA512
8bfedae4a38da8df5a636ad1e150240cb395950d7f70963ce254e683f8b774186cac1a1c398583bb341fde05036c88c53b241ac9ca30336b2372bb29521c9202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b964fa0351e8b689352ff9902f9f469

SHA1
ee55c3957939f07407b9149fd6da4c4bb4441a6a

SHA256
7da9197442addf12b7ae660c12ee948b62f5a8272b8afab6f6d7a23792776ff4

SHA512
2c5a76c76dfd7cf1a598739a739b745d00629d6286255def04b4d81820c561589c8919fa346222b5249a7bdb96b915245b5119e2cfebc8a5ad9ee2b9d96c8234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5543e770d95c06930d3ab6bd5dd75bef

SHA1
c86e588552fe9d41c0d6881599012313c1e93c01

SHA256
5dbaf94a3081669af1153b62be9c4c596ab3bd6683482c6174ce1fe0934f788b

SHA512
c7a4f3256bc570e31af9f2b67499fdff6ca96f7a7e9eaac2d3c04079f9e4748d995e1bf044186370aa5dedc00d2f528d7ee6c32ea7fa6aa5739b0a0362fd42db

Download Submit