hxxp://youtube[.]com

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
708	msedge.exe
708	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	556	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 708 wrote to memory of 852	708	msedge.exe	84
PID 708 wrote to memory of 852	708	msedge.exe	84
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 2072	708	msedge.exe	86
PID 708 wrote to memory of 4244	708	msedge.exe	87
PID 708 wrote to memory of 4244	708	msedge.exe	87
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88
PID 708 wrote to memory of 2456	708	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce49a46f8,0x7ffce49a4708,0x7ffce49a4718
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,134905035453814089,16852588263505324372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x3c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2edc8451b16e57d0e5519728d7749a53

SHA1
a03845a2466ed072052eee8b5eeb1f001673ec0d

SHA256
916b2494b6baa725cef352fff30d25c30cab137d9b436e519170183165b79a58

SHA512
4295d377712c8daebab218371e015d3e9a4df20a9677cbba58877e8c18115f0bd9cab2009721cdeef78f2050c196ed5eb6051d1b69f9d77cf3f202e19424172e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
58812378e1502a737d1cee5b6126364a

SHA1
64036833f2be5a15e30fdbbe3e670ae87d805750

SHA256
fd732c75aca412f8147c580e61cdd57367d1069d446c209cd6a6d249d355d2da

SHA512
80419690acc659ac032fd00ac825c5927942611dd2652c0e99b18239ab53a4cc6bb230f7786d17d158e4928a081f28d40d069daf0fbbac49a6e0785237b0ec7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d6c3a1d33297cddb2a8c80f57babe0c2

SHA1
82477af4122ac00cf961a8b20a128713a35351a6

SHA256
ecc135da5f115d166440c34c0048704feaf5bc0eb0e3a3956d67070c4c1a2a53

SHA512
2290561a5a23b9af1f747cd493584e4d420114e7f845d77526265aae65d318826965be7f24db626fd5621fca2de1b168476e206dfacefb12a3df117e947596fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a6e7256d1f975f4c2fa543f84983295b

SHA1
5e06acd30c47bea12082bfc80be29b9404828003

SHA256
4cd09fa175392fe38b04fb991bfabbfaf7b103971d647ad227ae73656fb9fd3a

SHA512
718f0c38f4c66140c6c01081686d5a4cbddd40e896f4c7e450d61f22507858909ca309e163ee7aed13da0e8884ba40d7cd201d6cb7fb4fd97c2b468c1c59e6d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce70b9719388305752b5682259c6d924

SHA1
6d676d63026e4520c0384f82c1532a4d9751ca66

SHA256
2e9bb4d5a726b18dab80087117d78b7ff46034ab28033b3e76bc5ad206a97d80

SHA512
0b89de3bb8bb2a68c92ca8d50ad7a99581dc7916d49dc214ec68a4f8819ea19208810bc48f31ed53765cbf599ba088ef7eceb8ed2fbb9eef3ba9644c6a4bc949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1e323f9a0e31f70b610f26ef39a67bc

SHA1
01e571b25623d67c1db2404e6c5ef69baacc8b1f

SHA256
3b98251f7fd5ee6870ddd94ed84253a10a99adb65c9df44c48a645d70c042202

SHA512
faeb968ba1127b7ac4c9b13c863fb6e91055dadc3be927f58be222bad237e3fbb0ab4236179d1d953ea583acf4822174ad5f4b59538853e55f929eb4f8b33c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a552846163d94b7956fd1db046feb10e

SHA1
7c500b43fb69c4760cf9bc15b4493e24adca95b7

SHA256
bfb7f5c4967ce9bfa344701c26f75456c9f24c20af8ecc3558575c9b4a8c9c49

SHA512
92e34c7dabea3c4713bb7cc27d17cf46d29651c5c4a64ff65f84d3d06b66df70c3a7338a3ac749c3e4f7d2db6c065e057365a21ebcecf9ebc99c5b6198e244a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c87af4db-2bc0-4fc7-ab78-aa1f60f9d83a\index-dir\the-real-index

Filesize
2KB

MD5
4860f78d987ca2780e19fcfa46e14c49

SHA1
827bf84743263910587bc5b419e45f39dfd23759

SHA256
7376f5a1e8365ac65ac078bf027116201487e1ce17be0ae0e728a256dafd870c

SHA512
092c211079be215d7264a605b137f945ec2e51bd1f0b52f89268060300f762989f8fc950a8b307e24f95941646ef8e2e6594b69084161391b6dda91a722d1b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c87af4db-2bc0-4fc7-ab78-aa1f60f9d83a\index-dir\the-real-index

Filesize
2KB

MD5
26193169b1e5a4bc92b2181a0231036f

SHA1
509369d9e2a3bb0b878a8c79caf50bdadc6930ae

SHA256
c3d76f9e32300d8da7f55389fc1826c16132296e30797ba7f6870a446c1e1fec

SHA512
9b0b0ae03e08739d98f02373ab16d8245de0f3dac19753fdc72c0a41b6aed53bb7f960d3f022942b9175a90eb5b94e461e9d679cd358e6847dd08016f54a3b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c87af4db-2bc0-4fc7-ab78-aa1f60f9d83a\index-dir\the-real-index~RFe57d978.TMP

Filesize
48B

MD5
9a387e0f909f7064ccd2f98598e2261c

SHA1
b406f50662a95122994e8578489713913a4bf18b

SHA256
ba4776e6f519ce90ea659b348f8b8dafa17a8cd42a565568d67ddb1495a5e341

SHA512
9442d2f61d993580463d355cf9d98bb75fb802dfb8774177ae4d3a7e776ffd4fc033bc6c40e16fa79405e304cd0f0b3d7c06145f1f7650259aa014de04d7cb4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e5681206f349ed773fc2e3556c0174b3

SHA1
c4526a4855b8e250c7af3a6fffa2861f504d163e

SHA256
9b91ac5427139a53bddde3d9e2470f8dfe83cc909b8e7bbe28a024f72b46c3fd

SHA512
05f1fe24c6bec4e4a2e1a6a756eb4ef0ba549121d3e2331323f52ecbbf8397747907a225911a4ff55844099fe88de2007a2e7917fb771dcd8369fbf641a9e9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
0c0b935d9aefc5aa8c616d6a70cb26b0

SHA1
b50095afc75a1f7db0736d8e313247778cd29165

SHA256
af4e81cda2b57aeff428cd2937b2c6f1f740af819b527f2751a30dd375a766f7

SHA512
8827ea7dd9f3f0c70d63829e19367159cc4f12ce5d76afb942c8be72e7deb3c508f3904e22cf1da4b0d0f417299d5867c61fe0b292897822c4369035d139aa23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f1190492db42e45b56761e53aebf2067

SHA1
391b9bcf89540d7fa8b1e54e31e1d43d2ae3a3f4

SHA256
a33199c69d7371abd8e284a01a5cb388c2083685c47d34b4b8aef3b26a177119

SHA512
bac593464f4872c5d4f1f3e73a72dd94bc4181119d1337aa1d7b27aed26eb6aea6fc0c7370a8ac03931b161f62eecb5b05ebb61e93fbbd104332a1ac1a5e4c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
1b1d6e7e002a60b686a13dfbf0302a6c

SHA1
432c47008b90793567b306b305b857324a3931dd

SHA256
64016052e230a9c8844ca434c4755e2a1368e1231cb7299fe495639a6da011f7

SHA512
8e9c142ff98acaa953c7e175a8ad768afe34ae8326be6aa0582444bfeaada0f29f07bdc2932d01d7c396f86bee8a1804f7f5dd2e12f0479853697252eb39a27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
8c086aeba4b12b9a579299c4ddc87265

SHA1
dad09ab4853ba96414adfe1ab43c736696f4bfd0

SHA256
7a8ace66b32fb2330cce925e47871013ecbae02be69b4ea7f1417a3518651355

SHA512
c5a14f7d1b61190333dbc4a9309232ed9a975638d49e1e6681d9f545fa20778ad17381c291befba872986fc0fdcdda25a64a7db7ddf4e63eabc8f1c98ab9ed21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2b927e548e92e74ee3006f0dec75ec1f

SHA1
679fe8fea9cebbdfd096266d0d0ce4a455978a39

SHA256
37a9c594b7d953cf80d87c687ed46ae6458b200647e33d55998c900bb19717dd

SHA512
5211c16534cc6d086fa5f963cd8e9834c258939d5b34d56adcd1aba46c5af4747b51d3ff8ab273551a06b7a93f9bdde380fc9833fd73f5dfe2f8c8ce20395f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5ce.TMP

Filesize
48B

MD5
90d87fed0b51ce36758089704f6418ed

SHA1
05a8e5e4ff78c4d55dfa439b831028f38caa298d

SHA256
ac2c1d59cb5853246d0ddda0dbbcfc445b0fbac674fae02ce9ac2a0ef212ded2

SHA512
8592474cc6799702bfe1ffb1ed03fa5be00ed162ce3a17c058a6f73ad5ae5c09e2c152567277ed1ba695dabf690de1309d3210ae2f2b6b285f59ac3cc6a9f954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cef8.TMP

Filesize
704B

MD5
45597fbd68f1c0813d73a8c272cff971

SHA1
48baba32c501ae7a53e97e64fd1094ff22d39217

SHA256
5a6cf839f63f381b7ecb9c0edd5f8ef8ad0feaf43b5f7e54facbbe46f4f6069e

SHA512
b1bdbfecc0e9f3a9182983045a0d5719a1c206da0c75a8ddb137cf6dc4dee0529a95a7ef6f0a3c58c6ff1bfc0c54870712a053ba8df8f4f64a03d4aa8c10aea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3198404-58f8-4f63-bc7c-0a40777eae56.tmp

Filesize
706B

MD5
9579d9830230379d4a32b650cb7684bb

SHA1
f9a19da7d16baa4ecf6ced221c7b4520b91e8b0a

SHA256
ef3a3546e3af498fc7bd0e9190573722055967deebb24343bf6fb594a55a8dfb

SHA512
9a0cbaceed28d14198156c37da3c5b7903ed2cd961b0269b26cc812680086027ac1cd20600e41bddab6d1ae8cd21d4426b8a816a05d495a1d88d8b4a161bd634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03ba8044528683681d67d89c13bb1964

SHA1
cebd41fa90f18baf445af9a653bc942d7c484832

SHA256
74a50eb8d6e82cdcf644ed6b0fd99404e36175a5fdc97e368ef23ede48dbcf9d

SHA512
4a673048cc075bd5523b7705d68866b9f51996abc486e3c3dc24e0f1e80151c7b6b836409a2d698d3ea1ce66ab18a46bb557dbb00b4ee2165587c221908c8423

Download Submit