hxxps://www[.]twitch[.]tv/mr_hamsterr

Analysis

max time kernel
1798s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.twitch.tv/mr_hamsterr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
932	msedge.exe
932	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4080	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4080	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 1212	932	msedge.exe	83
PID 932 wrote to memory of 1212	932	msedge.exe	83
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 4788	932	msedge.exe	84
PID 932 wrote to memory of 2848	932	msedge.exe	85
PID 932 wrote to memory of 2848	932	msedge.exe	85
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86
PID 932 wrote to memory of 4908	932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.twitch.tv/mr_hamsterr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf89b46f8,0x7ffdf89b4708,0x7ffdf89b4718
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3906426373602255313,17299960408237635469,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
366KB

MD5
2c2409eb208e1945c42ab1491a3ff7fd

SHA1
41061a0248699c65c10f18b15dc3e9c7a07d547a

SHA256
6685f515953fa8471a1f34a748bc29862aff3292c0b4cabf179cb167f2f94157

SHA512
c2d2430b3a91bee5abb0defbded0a300112a09bd0f519f491953e99df5f78394cc14762ceb1811581af5a53c154006bde2dd4562fa055aeae7bed1faef48d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
624KB

MD5
87cdfb6534726ea1cfc9508d9d6108e9

SHA1
115ce0dc2ed420a30a12a5174f169c733a3b3434

SHA256
46311e44135b1a553e9b22d9fe2a65d24344086b91388e71998fb466a60189cf

SHA512
40c5515209d60da0694bb29e69d1c0532f47a28ad69f4dff566205f58af38a9bf342f56b6d49aeab62ec799a36e9dd1ef7998548eec1246d1e01535ff490b7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
72KB

MD5
4de735e89e1e0b68ac84770bfd34cdcf

SHA1
da9b1b547d86e2634e2fb22617bea2878c04c309

SHA256
d0bb64a565b5352c37609269b642e55154d075ed0d790d4f1928fcc0e75d453a

SHA512
85a5ce2e54f1517dae9f4f0cf2d269e5ca6c4f8af8cb8cbd65d3255987629282803edbe76786481f12b53ad3dc915d661d4d34a0ecd7c540aba100dc8f8fef25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
272KB

MD5
53997a009b60be0747c08f14d600bb12

SHA1
316e53b9ab0e29c2cfefcfa16e7e149a25fcf58f

SHA256
5867e2d3aac71c9d8d5b4b3a96658ec8a1c88ec70775d4b7c313c93a4a352ae6

SHA512
ee143d4fff990e9a93530e7327ca171e3e0c10e727eae514f3aea3c32d6274a64438c485a4558ab42bf5f4320143bb5debb83c74660d75834f349f11e8da3362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7122746c81a0e040eb521c904694b82

SHA1
45401c5cfd21043a85e7921445400968cac2ed5e

SHA256
66f0d6179cbd12553059053cae06ce64b96604260d090c9ab7880fea8d3e0d1e

SHA512
1d3c1a9fbeeb1720bb95481e371cde7286146fb3947ada8ba2eb1646d94444937dc46d64079de6a05bbf48c5b258a5e148b30408901fc997d6b0f4783a676f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af821d74140eb86476e02ebb5bc0d0b4

SHA1
af49e73e7c09034d50f6931d81310a1d1a20f92a

SHA256
76e17fd445620e22eb8163def0f9e5a620e31b7fa348f8ba6cae0ff6ca454adb

SHA512
727e2efb5084d7054a92e83cc62edd77eaac585771599d15b361627477316b52d1a875640ea21c4795ba554155a8b2f1e1615e8eb55a0d644430a73852a93571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
48ec86d10721db11bcbb2eb472a09435

SHA1
205bbedbc9b55333a0824a2e3bdca65f40b000b0

SHA256
e1085b3210ad8b785435e0af5bfc802a429ad126f0457affe3167c3e23f39a0a

SHA512
eb917087ee7b06bd269dc788bf210ac342f45a7c75a6b00530eb28972a3937de41428f573a75af9dd465deaf429956d688379bf091dc3c257bfdcb5c6b2a0797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
631bdf9ef1fd962de7a8b42b37e2b7ca

SHA1
1b37ee1318f4c41a1a5083ae0717487d3917c468

SHA256
368402591397e90955df85c7fde8a53a2a503744ed2fd27defe819b1c7b9d1d0

SHA512
2a2419ab5bace5263a900e6a5a8f5e7ebc59761717d63f2c04cbf5be8f59fdb8ee2d1b821191e185f39fd9c8f5ab11951b75cbaa62520362906051f3822ecc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
3bd1fb96f5d01e7194d0a5af700d5012

SHA1
aa45a56ddcd65c40f252d03c8e3a4f1522af0308

SHA256
4823031620570c62fb0f3ddbd604c17cbcb5bf5152d0102f497520f2cb2bb9d6

SHA512
9ba837374828e68f6597e358924433cde9e431a0eaa585e6a2ab8eb5d72630fbb748d402f4957c7c5d33cd8f728798853b1be2f984f493513344ee16e08c5649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
b5a39dcd8dc4fc0de8fd7c2675df1851

SHA1
e93d1d2f51c1729702926b95fcbea9e3d2ff3c73

SHA256
7a91425728b34dd02518352591a2a61c3133eaf96430689ce084dbdd48a18a69

SHA512
c52670b846d51d08daa995956b33ce788ead57000a78418ce9ba85188ee6556be4e0c761ba16d97b77d139e1e3fe3bd29f98e154f7465f2401daeb9c847e50b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b9b8f046e3e77f9385315f79b53f7f88

SHA1
69b7b282d6502a4e8646f78722b3cce9fc9d262b

SHA256
2163df7128a9456a83a9d077a82953e1305e5e331389b290cd234f4dffdd1b37

SHA512
35e7ed59f10826ad748118ece049256c7a610377fb43b11cd5202313b8a2b99b7204004568227b478f48019db8cb682b73534293a7c969e063925bf3a82feef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
020e1d4726c6262316785a11db2ab9a2

SHA1
f2c14f7f32843009d89a3ff2b6909deaa6677d42

SHA256
d044f806f6c82939977955c0c35c4c78c3bfb92dc52430d5d1136876374399c1

SHA512
b8b629b32cbf3da8b5213f872c4605596a65312e752549e0b4c336e34db9b2eca7df68d79524ed55b0a27c408ca09a1934777ab061dad8a64c9faf3722864b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d31ddbf5c98e0810b4135b24fbbcded2

SHA1
899df3c73b1c983fc59fbe35d79b7c3d81aa8c2d

SHA256
95280dcad74d7f616ffec1875645b6eadd7d92f74cef980df21e74bd12bcfcf4

SHA512
c1f53de802c9a376ce9da23baafdcc1d8b7563a27397cca78cf2be5fbe383355fe6b06d29847b306bf8750dcfd17e058fbe6f60cd3c02f8c18f856648ad0a70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ff476352d3104ea134e3cac0c0aa45ba

SHA1
594a1435bae586d2ca1d31ba8bd33250e00b6654

SHA256
0bd1bd72c0f1a231db6f559b72a6105cb094ef231b609b88aa158c176e684a5c

SHA512
1a4a12f24cb0ad92378560090e801a233e7a294b84d8d5eff3c17ef47dc17814b5068418f70c5267a13bd7a6773f478c7089df903c78e05e26742e975358eab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72e54ad5780b57632a8ed8914b917a18

SHA1
8f3414e57d3c72212986ca4625bc89154f8b5f0a

SHA256
97fb5a518fd8b20f5fc27838af2b24b4814b794b707d7ae3541b7a1fda66484f

SHA512
399cf5e9db37f1f7318f877c67446f5b5f769cfc6a9f2b06c148dec3e50e76321073179081dfc5d6a84bf1feb8296a697eb4fe7205c00f32d188438748591ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74847e326e581781bff81ac14b7c9057

SHA1
6c70d94bd94b4e17f3e2c9f067cf05ec4bc9ae1d

SHA256
57de063970557461cebdd571e007db7633d73416e5e90d72bdda4cd1a2f31a16

SHA512
a1aa438e3fc85671388bcce06bdb0105a0118c5bf782ae3c8f8e2ad19cd4419cf6e8093474b42c72fb1f7db3e918a97e38328d7e08ff04bf447ef8429e4224b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
219b29081186536dec260ce3c8a305eb

SHA1
7d26846c85b4304c1e0aa4a2efff24d3afe6ac81

SHA256
dba3e5ce9bbdd714d7a5de8711655fefbdbd6e8e15b9a9e21bc62db79e798f91

SHA512
0f621d7bd4488fbc55aadd2d810f37a780bead69fa3098b42c49506405c6b9aa5e7ee44083a8d7adeb063d1c128c8caa9541d852b8b0dea91bb315c16c015c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2c8aed80e8cd23513a90392a21f6c6b

SHA1
385ecc8a916fa5ef4f4cdfc92eb39eda3aef711e

SHA256
0cfbc5b7103cb43441ba504cbb8b09abb599d66fa24bca65e0b198c37edd38a9

SHA512
5b5df051e6269c143882c9ae7109fe4fb72f1ac8be8446e2eed8f3fa6600d3ae2ba64fe8e4e6bf5838e6fb594764294935bb1d9e1c68d6b4b40d0e7ced23c6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bdb38998347d8765874c0c93e9a97a98

SHA1
9893e42c2041ea6167b3b83fbc14492ad66ef274

SHA256
cc4f116dbd3e73e909ec42875bcb6c603e34631bd0f5ef25d12d60df9817d71a

SHA512
ac4b1704d8aa2ce50affd5bf2170207bb420326073aa3b0d24d53fec79997b199132a473bfb0b67b644ec26300e92f742f869925c1f9d6adfe0f9cb70ae2d5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e8f8.TMP

Filesize
48B

MD5
93f05820cd714b9753bf677d8c357791

SHA1
45ae65a639314f90304c170a05eadc3d15831723

SHA256
f46b8213e54455397f63c1e26332ccd58ab3c0c378555bc63c4e7e32d2338c5f

SHA512
c6a8b32c373c5194691b32fe49e3051cf6c036073593b33d26b069d5cd454933512638d1e96b7ed9a8d2a86977fb0dd527027ca4464e700d0f5906b453dc9ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ea24401919152ef0d9d6c67f0a6cc4eb

SHA1
73dfd7193d0d2e1bf1ab3eace2fed0ff3c3b1af5

SHA256
df9ed1e85cc923d4433f77de5e9e44afbbc12525618fb4d65738ed59f34ec925

SHA512
62a7dce96b70da6af4c0e9c82468fc42196f0cd25fa9fca24887f38461459491a8cc991c59b00ad93d500bc4105e9c2a58ed5676b7dc1bfc17949397713b16bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
17b144c81434497dd744a934ebb02d39

SHA1
07220d479169d1208fce804b67d900e9e6983261

SHA256
23a1150380a91e88eaa68d4c718a995c407198d5e47f2037e78f643d857d05c0

SHA512
9afb0bbdee1d762907fb65c4a8ab5aa6406babc5aefbc41327f54d0955c7d57edc42303e91973f58881390ea980eb3e19177083a4908cd486307c0ee9028c256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f4591d96d62b57cec8a1d1ad7e2d75f2

SHA1
3565a52d09a77eb76327585dc3b7282e676fdc3d

SHA256
649faea30b0ebc97f1d5737b5f039008b09fae42963c7645b5fc74171b35ed54

SHA512
09ed347860af70fbc5e1df64eebd6a734f26b263a706be652c9c0fb0458abf974fe66504d2ab794310dc8c414cc0c17d0e40197606367522a17b46903a11b9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
7e7d2ac1700404b1990a5b4655b35127

SHA1
bfb5f9ee02bdb2709aa7daa921a0d1ee317701fb

SHA256
c46be55227fc33c5d507e797d5d6baddaf96c0e6f316847af3426543c17a60e0

SHA512
141526fc85e0e53872b67cd0be1905c93dc636fee7fd9adc18fe9cf00264a205d6ba2c74cd659f90df87864621dee89190c6199bdabc8570427b2157b52504dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
eb48d907701f8b4dcd0053a5326fb4af

SHA1
54823b4a9b4311bbe410cd58a70fa1a122128c9c

SHA256
add964232ad4d1b1314064949fbe1f0f308036e435489712be8626485c95bbbe

SHA512
1942c9ed7dfc900b43a6bf574660e3d422fb3f5e1da9a0c93ca556183f75d16b9ea39a856c3eb1794016e5bb36bf37275d9a35a4f5409c9fe62df156107cad58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
5c3fc1c7f28f40ef9efb16e93f111a20

SHA1
00a73b631d5b62bf714e7e36ea4f2ea392fbdddb

SHA256
2bcd001beaf6e78b8a3cee69c55a759022250d03b01c195ad08e4fd398e3b01f

SHA512
61d0ee84e9481071c3b4ca6c2534af2e3e48fe39d5c8789df8fd4f0b3afec5056ce69525cff4e24face901b15c42fb743b93adbf04f1290f1aae5349d5334be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5843ca.TMP

Filesize
539B

MD5
7d64f6aa539350b27b12518380079d23

SHA1
ef1aa0616b3d5c77474f7345d577b1c45eedfd56

SHA256
a8b18cbc57f1a033ce4b53b1c992969f70ea3a0c6df5656642d0a6a4f68c0b4b

SHA512
4ce0f5fc6e892f792779e04594fb3db33e272a04b46956d6542be98e65638ae2d170d613a47cf6f39489e0ab8d5cf54068a801d822703b54d22990facd1da94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54e1297c813597ec7aa3cdfab5faeb8e

SHA1
6a729091eecd2164fc6f8d830b6e933517a53a24

SHA256
1440f9c5b597e0d124e30d7b5ead927f5ff519bd8f7bcbaef9f7e997411c4bf4

SHA512
b6cb83d5a697c2700548e8d8263f34dad177924ea44eade63b8815796d5d2a77442b8bf7a8dab9de9a7195dd467900fa15c934714c3e867104e706179d2ef3c7

Download Submit