hxxps://www[.]twitch[.]tv/mr_hamsterr

Analysis

max time kernel
1681s
max time network
1797s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.twitch.tv/mr_hamsterr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
972	msedge.exe
972	msedge.exe
1916	identity_helper.exe
1916	identity_helper.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1124	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1124	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe
972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 4496	972	msedge.exe	83
PID 972 wrote to memory of 4496	972	msedge.exe	83
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 5116	972	msedge.exe	84
PID 972 wrote to memory of 4500	972	msedge.exe	85
PID 972 wrote to memory of 4500	972	msedge.exe	85
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86
PID 972 wrote to memory of 4944	972	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.twitch.tv/mr_hamsterr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b4718
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4403759834129096185,9671596521492616142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x2cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x2cc
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
366KB

MD5
2c2409eb208e1945c42ab1491a3ff7fd

SHA1
41061a0248699c65c10f18b15dc3e9c7a07d547a

SHA256
6685f515953fa8471a1f34a748bc29862aff3292c0b4cabf179cb167f2f94157

SHA512
c2d2430b3a91bee5abb0defbded0a300112a09bd0f519f491953e99df5f78394cc14762ceb1811581af5a53c154006bde2dd4562fa055aeae7bed1faef48d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
624KB

MD5
87cdfb6534726ea1cfc9508d9d6108e9

SHA1
115ce0dc2ed420a30a12a5174f169c733a3b3434

SHA256
46311e44135b1a553e9b22d9fe2a65d24344086b91388e71998fb466a60189cf

SHA512
40c5515209d60da0694bb29e69d1c0532f47a28ad69f4dff566205f58af38a9bf342f56b6d49aeab62ec799a36e9dd1ef7998548eec1246d1e01535ff490b7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
72KB

MD5
4de735e89e1e0b68ac84770bfd34cdcf

SHA1
da9b1b547d86e2634e2fb22617bea2878c04c309

SHA256
d0bb64a565b5352c37609269b642e55154d075ed0d790d4f1928fcc0e75d453a

SHA512
85a5ce2e54f1517dae9f4f0cf2d269e5ca6c4f8af8cb8cbd65d3255987629282803edbe76786481f12b53ad3dc915d661d4d34a0ecd7c540aba100dc8f8fef25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
272KB

MD5
53997a009b60be0747c08f14d600bb12

SHA1
316e53b9ab0e29c2cfefcfa16e7e149a25fcf58f

SHA256
5867e2d3aac71c9d8d5b4b3a96658ec8a1c88ec70775d4b7c313c93a4a352ae6

SHA512
ee143d4fff990e9a93530e7327ca171e3e0c10e727eae514f3aea3c32d6274a64438c485a4558ab42bf5f4320143bb5debb83c74660d75834f349f11e8da3362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
117KB

MD5
76243e4765d1f3dfcea8aadc4af6813b

SHA1
6497a71ee9952501b5eefb5718c74f23121deacd

SHA256
8177a0bab1ce3ff7d56f5819d8b21a11369debed58000a00e1a2db42d98d7cd7

SHA512
d5a6ae8743cbc215aba38b2ada1f16626695d77220020aa97d33c07c3187d8dd8a0bb91fa0406fec2b6bfbff82c51349ed25824f5bf0cb41a6a1d010e94c9acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
1.3MB

MD5
97f709fc60a5e1e431e2495ba367d391

SHA1
50923dccce05a87f9f3be8228b5b26e2d2d613a1

SHA256
09c6bcacc0e45aa7b647c870b8cc894e0f4b108e42da4c6db56b0dab9afc9c78

SHA512
6642732af91efef0f93a347b4f112aac7220c01f44f004e3fdee34d2f7c1a4be2da4be0260b76d708b564750b6c93c9d971b666545cdd66e1395ce07795e713f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1.1MB

MD5
20097de43b13122d446a5f51091315a4

SHA1
ef88e1ded5f05e8d839400dafd169a55ac5c347f

SHA256
d164b3edc3df3d182cd402838a1a092df0001275db3700a49ba367d01eb2c8db

SHA512
59b6b8f6b6e1db0be4f7a17a61e8c60c56af8468cdeb405338ba98f3a14374d6d8a9c8079d4913d02f94d529483b04794a4e4d5f3f2d832d1500b40b72897905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
461a12fe500c09238f5264eea6fee8b1

SHA1
50e25a1ba7f873a81e2845bf0094ad60c2d99c9f

SHA256
0e390bff1bf8aa6cbbc23e865c7d45c5eb3e5845959299b61352c290ee83a234

SHA512
013c5299d51dd612a1060d77d34e3fd5a94650d4459a677b630e6309ea4e9c6696d53776538d77449f9b5c7315023074a9585e92a67358eff217b6f45223ef80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dd125b12f7e73ae8ae4c8c564b1f1e9c

SHA1
4891c8a45c997e19918ab611b676fb02a41cadba

SHA256
ed8184a494e6f4671928b626d8cf47cd388bab8a14391559cb758f396316a304

SHA512
a9b38cc556494b7ddd285d4d4d850de8158a30302a70a5446879213a712d49599bb8dc7fc3ac7a4284b1e6bedbe77c222c89bdae800ba5dc75af5688a1caf6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d7b0262c2ef98d9f79ae976a41e213bc

SHA1
4b435172a774148024b7d14079c7507231609b84

SHA256
c1491e1f7254e98d4f8e5ae0761fd987522a3b1a75a47792521da915bfe538f3

SHA512
06737fe07364e97522a8c6855737ab151cdb352d5ac8b520da09b7fe8406fb7978987ebb0339fcd2fd75dea6183e441ebebb39b73101f8d1c49157847ee846e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
09214a12ab6baa41ed6b851893c096af

SHA1
67ff481e5b8b86e4c73c6224f3090ece7f01eb2b

SHA256
355896ec9471a36ddafc0e6e263e1a0e0b47b30f27a6c7d7a9bc0cc9f2267fdc

SHA512
396b935ee2e9faed63b1ed724cfb24ca34673589314709c11553b7080147c653e0cdb53f5dd7a6646e3496c53b5845da3ada430ca7a9514a04d3e7fd584e8f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
a90261a7fe3f526d914944fa1744ecb2

SHA1
6134543ade0d455c915e8553a30e5519b9b01fa5

SHA256
dc68ef24920b7ee14f633074aea70c764f5e98b1e1c0acbdd039445128f5da8f

SHA512
49f4d230317dfb89dcdf43e3a855424676d8ca32bde8c5305304bb20316802152e693de55609a973eb6981956cf28f98405eabeb153eba6baaa94e78c07e1a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
94176b718b3ba22adee3e78c298f9a32

SHA1
c54caff47730fd5a4964fb69da87a100db6d8c0e

SHA256
cb314d3bf84c987a650b421f7edc0d24de9918d379dbbdfa3f337025876aea61

SHA512
ed1241600bc6e6e09816d1eb15799f077314d18d92c6e2b0f7c0c910d0b3f21775c20940ebfc9bfbc4c9492e4c4f18408cf6c6262160d91c0d266a4e07dbf1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ed48cd910be25af54faad0125d70b80c

SHA1
3d100adffc2b63fb37d9452ba550dab9c7b975db

SHA256
f5d81df4beb49a02ebae553827a576f127f50e452bc5a6096308b8a2b8bb20e5

SHA512
67af6d5c302bd7a6d488c22d451a31c79b7a09722d546155c12bccec9548f6effae6292386dd2a2901a30d48c0ac76d9d82a45021319f544801f0580fa69b55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30a397fdb88a4cff0534bd56330e285c

SHA1
ccb0aeb1d9b1af47691cae519a71afc1e2954c85

SHA256
d3fe7f248c9e36624d2ec86544daefcd9c584a22e098e7936f39689d6060d19a

SHA512
8dd982dad169e997f509c4942ad1154fd31ff66407311e819fde32ca166680c34196d5531e42cfe955087cc20ba653bc31d60355628b79aaed9733d327736b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
176d6e8d947eea55a2425453a5914035

SHA1
d54ffdee59f71c45d1f4fa9e662c4ef9742b2241

SHA256
fc6ee02be00516d1b6abc23e97f520fdbba2c46c5093af81d33cab97c96d5448

SHA512
a1dc7adba64d317e77a2f701d050dc8f3c41e123f4dcb95b37cea76296ea89eed4f1453db20618dae32bf64518fa9427914393eba32f5edd16d3fbaab53d365d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef81666989ac2d1279e049edf0f521ff

SHA1
9fc11c8dd994796cf82c94111c075305828aa8fd

SHA256
b4223e00ee6ff0ed9c54f2bd0bf5faeafbe1d53127e123fcd443244a07393a23

SHA512
68b15536b816a019d43886e57791ab5ec4f0031a0fb7244f8e3d1b194eaa64ce72e1d966348833363bb9708d37b2f4577c03cf15cef6393b91061bd2dc5cfa7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c8d1968dc1bd98ad98de3a2ca272f5c

SHA1
9206d2189593460d46891a37344911eefefe2960

SHA256
043bcd65475bb7790fa79fc1fdd051dba04699e8a572fc24aa540cdbda6475f8

SHA512
6f56986afea86bfef787527a38442d6b946025d7da9002c89bcffca3b666c6b5e3162b56d36803fc22492e8bae5cd69fae5293e967af73ebb2611caedfdf1706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
945cde0b54e8cecb407218e4df4f3fa5

SHA1
b1ae8b16b6fdcb5dd66b3b56205390f298af5d59

SHA256
f2032d7830a6a22cd028c5e77ba75c3eee2c4ad0250482f3835152dc948c20b3

SHA512
11911ad1e57db61d49fa63ce6bf05dd45a327f5d40b144ce51a9752084af9767bfaec1b73bbc4d4ccfe7134334d7eca256806c3e8e8e8546fa729f22a854356c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
106483d9e07e53a9039e39ae3db0884d

SHA1
4f48678c27a86ca05a053b7b671395b4b85b586e

SHA256
5d6dd0960fcab44e6ea4493efc96ddd1d2b6db764843f03fd4e85a2b4b506684

SHA512
e4f67945462f33f9bd8fe9e58fb102a15ba642a5826d14ea5c8ff1bb829f02289f8359915e70b4698004c179f7a88d5673b5bac88d5aca72395733138e0f8481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a74292fa69ac043369e3bb22abcde5e

SHA1
cec5cd6ed47fdfac38545833b6e0a5ecb6b54cfa

SHA256
13b9c44031634320f41d753578f877b9eda8de241449f55ab4ece1911f5c994d

SHA512
45742a20f1580e59fac70c948cec22340e7cd9af52c48a3a188b6d8e37a2d81c6b9c7f72c14fcc5d5afcaf02d3a0161e21ceecbae55e9292bc80f8ec6126efd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581d28.TMP

Filesize
48B

MD5
ab86558bb551f241dfce3a99d184c58b

SHA1
cadbd40ee27aceb5e5009c674d8e5b43cb0614ed

SHA256
19bfc2e77674c447213beafb488ab753e177602e8e43d87edf51135778efdb91

SHA512
a9c15148c74a89f420e3e3a81c3e49bcf64b3cf48a8d6b5a2a0faca7f4580e2cc81c50b8921b99ad00ba61dd1f9a29b62f6af624cd8baddd87cc8d2e7c641ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f5c0588abc2c5ee8bc87444d892e42e4

SHA1
80de4cd0decb82e35116551ca2f601ef2b41a6bd

SHA256
32afc62698b4d263034e8fcb53e505364bbf85582a9724ac5597947920a3bee2

SHA512
c575d76b3ddee5deaebd825d9fce21073eee0267abe0ef4b0c8228c62874ee53db93d76161ee15c1214c8381ffe7015d6ad66364cc0b3814efeab686bf44dc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
7c86516278fae6370ecf4fd3ce86d2d2

SHA1
426b395f38949b0d041a6fe0e43fa223e3f82e20

SHA256
83d4004ceea7eacddd9d980ae7a580376c4261135ed2c49501fd8aaa49371938

SHA512
3ef7c7436a446fce995e3966ad4e764f21741d01f1cd5421f0ec2df4d29b24d5a5125f7e3c1acbeb38d883d826a3898942447ada1518820b41eea9e967a3efae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c20a69c27b55b98ac9775dad663b2ec3

SHA1
741d86487d37e6456ad4909e04f580cee9a1f533

SHA256
440857035f359c41d03b3bdf9e09031136d32b04713f9d2bf137b5d78206f3ee

SHA512
d6376ef94a0f2ba66fda3562aa465ae56cb3b6343fec7ce7b6330f0f54d01c0420af2454fd6738a1800c85914cd5e64bcf24dedd35f641f1f12dbfcbc2c2e57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
9b08b14724e9c8037df3a5889922ef34

SHA1
1dca2cb5edf45bb6c659a19ff3a867432d3068a8

SHA256
07badb798122729cea1581ed3cfb905148e502558b87fb40892d72011f8ef139

SHA512
9a8cc99ca465ea6a576d0b8bbb8ddeb642275d15cbd07f463cb6f6693b8448803bfda5a7198233fb703a366e6de882c3107b8ecf7ddd23d91715c6d797d74f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
77ae435960e975d96b1d2749f964f64c

SHA1
4ec56140067db01f4ab16c98f6488a907880f26c

SHA256
6292cc062580100821831564dde5c3b3ca9a74d0d360f6c71657289ced7691d5

SHA512
2c729b0386bcc9c7c32706cb88dd0c3f81a3f79a71d05c3a12e9d7d3eb36d640eb1441b2f69e833809a313320705719b0c79eed406c8a4ceceb25632904da68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586e84.TMP

Filesize
533B

MD5
ab8c0543b04a41bee6e1eb9bf00c326f

SHA1
3020831705f41c320214742afb0c45bcd25e204f

SHA256
4287e2898f6511b50fdecd4b0f6eaae738854a57c400ff2b2a804cec28d5a4da

SHA512
94ec0d4ce6a9cb9b21817d61136c5d09fae950dab81621d3b1cfe0edb48a92fc47631e46b85fc81d6f7d03712108c2a5449c7454652dc9b92f7f8832c484fc71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9fcc1c3c69d2a291067b71370a44001c

SHA1
c23931bc1265aa238338abe0e760e2262233d9c7

SHA256
138635f4ec3da7f03fbef73cb5fed3426e69823b38ef8cccdc67c9f78e81e4b0

SHA512
f646399bc53e561d1e57a146b458c49df4cbb2b8774eca802cefc730eb2fe2ff57bc59fd64902755034d6ebbf2f2c457b03a013a9c726c2295ad8c09f4ae255a

Download Submit