hxxps://www[.]youtube[.]com/watch?v=Kh9T_tPULxE

Analysis

max time kernel
840s
max time network
844s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
26/01/2025, 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=Kh9T_tPULxE

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
420	msedge.exe
420	msedge.exe
4156	msedge.exe
4156	msedge.exe
1096	msedge.exe
1096	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe
1168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4192	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4192	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 5040	4156	msedge.exe	77
PID 4156 wrote to memory of 5040	4156	msedge.exe	77
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 4860	4156	msedge.exe	78
PID 4156 wrote to memory of 420	4156	msedge.exe	79
PID 4156 wrote to memory of 420	4156	msedge.exe	79
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80
PID 4156 wrote to memory of 1644	4156	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=Kh9T_tPULxE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe8,0x104,0x108,0xdc,0x10c,0x7ffd662e3cb8,0x7ffd662e3cc8,0x7ffd662e3cd8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,1489381547071149646,1046163086541357527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
f27aada3933da496f5f3cc311f282f6c

SHA1
6077693891f370c8cb14caa4430419fad81e7ac5

SHA256
b37efdaa854a5a8ff9c3f43476805fb60d1e2b9f930223cca70fde8ec41afcd8

SHA512
157c25377670dbc6a77c0b04a96ef7b4f975fe4c7b2eb6dfeca8894edae2afc8c472a885c62a47dc511c1f2a7cc731c5e0b011d1daa9c949aa40842c94f4c7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
674716e831d3c75e691468ff57c5634c

SHA1
215e60ba4a72fcc3ad8d09fb6302ee24d87745fd

SHA256
ac36d44e65b0cf869a48f401cd33c66ecb7bb9156d332f3f2ee651b625d609a5

SHA512
aca7b41b5face7c4b5dd0ae854a2265173afe5bf3b8d7d33b875e60d022d06377ef4132a088c379cb783b6942c0641d7bc8eb31b8673dbf38c7d04b2c6022640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4a54849922827924da457a5285391f80

SHA1
08945570f670bbbf5692d86219a8724a43fea474

SHA256
70da0b1b3b9a15e2c09bdf736d54cfdc2c627c4950fcddee12cb3b455eac5f44

SHA512
764b0f173f6aab5ba1fac4dc04b1ec0123aa318fa659666ecffd08cdc144e4e1b773d515915202fb600b52a305d96e293f89a7b549944cada2780692fe9da8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae98270ad9552ad361fdd3fdfade5019

SHA1
ab9b65a31703f9c6d0a073a40e63ff01e34303f8

SHA256
adf799647ec159f7f691d248bceb96756a712261d42027ccc41f6539287208f2

SHA512
92abfa16b92bad3387d2881ee48ea55a91563d79d604b5f7bc3e6bf13a1d35e72a1927919a48eef19d0ab7ec4ede8edc445ad5809b1383f104b3b6502511fa4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
182f764988b6d437987ac6e6378bfbfa

SHA1
8b26d08d2640dc07c92db372d5a58262df0db459

SHA256
7b274bb8c5833d6f067676afac5e68ff80890a5027cc9232b28ca30af9764e8d

SHA512
08eaf0a94c9cd0a5edf60a86a633e8569a4afae5f9821a5546a33f2ac053f7cf5a9706d6ca3b3cf5583216a64bc65c73b8c9c9880473c77757519f53aebccae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\be95ab2e-54d2-4857-a5ef-9786a79b15da\index-dir\the-real-index

Filesize
2KB

MD5
542d33b5d72c65a8d5ba14108ea7cadf

SHA1
25d7e3ccacefbe115160fd221a9f2358c9b0125d

SHA256
423f169fb2b126fe0490ace09e1a259ca5d58407d8c61db31ff2ef6c683e635d

SHA512
cc5feeb8ad0e4d8b7b56ec6fd85d2373de4579b93af5e4d41f4adb7555bf5ab99fb2903e2fff7eb0823b3990476b38700d5724a6ab9f1f49da88ad1ba7d301af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\be95ab2e-54d2-4857-a5ef-9786a79b15da\index-dir\the-real-index~RFe57d5af.TMP

Filesize
48B

MD5
b7475b9ff063db453d7c06a35bbedb16

SHA1
44f351b1aff8dea35dc33a848ed01cee3d538b0d

SHA256
b3ba03c6448c67348171ae03a9743280b8fb65a9e844439c6b7b7c5714acc069

SHA512
67369e59c320506010143e698a46297dc85d9532785569d83793f407638ebfc16f22fe4fc89af04bb1863fe2c2bc54a42559e5faf719f55807ad4b487e9559de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5e1777e79c02ab2124284daa599ee5ba

SHA1
9e30e3ee6421b9f861bfbc0222857a4f097d45e3

SHA256
c8b3bba6e687440fb34599b4c8a2aefe17fbfe6b0c42724365a3912215d1e138

SHA512
6a75fe7f3460bfbb8727b98aa54dfd0c45e7def46fb9873c8618ed3040a0cf1a9b5e10cda0f85e7f92278719456f155dd9eda2b7088cd6abca87ef3fc0c6e827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
7a9ce9f874f2e47db0500afcd06f5c65

SHA1
0fb67cb45b27812a2e0a57cde2cc0b896b35b87c

SHA256
737a0f02f7b157890a18bd01ad652987b5e54e0a8c7d4bd4451d115728f334c5

SHA512
9b1a093452c6e90d4c5fb8def76ced0c4d83e70193b1e35fd6bfb4b615f34db0dbdc3b5644b5c728e020a350c5efd0c2d2015e968f38da6a05a6305a12cd5c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
86c6312f7594cd8b1e690451c714f73b

SHA1
ad2c6ab006cd845bb4e5471a99aef9c8f0ebf63c

SHA256
7a1243e783f2ac87e8a8c3967d9d7efe2919b07e332799819a853b60e1ebf63c

SHA512
4408c03592c8b5f8f62c2867cc4a6c8ad727c59c7ff532a37e4086c5acb9bded10ba576053e4fb5e5702aba3b570b31ef71b3e1b56862c4da47cb93ccac96c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577ba8.TMP

Filesize
89B

MD5
15a82cc0a96a6f553e0be81665eb372e

SHA1
46286c10be9072047e21357ffca76e029e2041be

SHA256
0cccfd541b740c8f7d15f086ef6ffb463150d437314fa0e89ee32b4150a844a9

SHA512
7754a16faad6c0c6426193fcdbce45c9535d1362c7bb991880783e07606af2ed50b2d00369b9110405d49c73b27fd29f48ec804401fd640f22e2f841e8904aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f7649a0538dd27bc21ea67baea8fa7b6

SHA1
9ffb8f992c13ce34ba8779f0adb4f5e06ef8a579

SHA256
c3717ebd5c132291b17d04a6b52a9979a43839b17fd3b002f2d14646e2add212

SHA512
d450bbf4e2c12a78ec7377aa7c324005f1fdef4182240cef113b03fe61c2b9a44646ef96e561465d9fbd5bc86cfac23054bc916942a8cdee76edb48c7b139dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cae1.TMP

Filesize
48B

MD5
e1a741e233fb3ce7cfec6c8540cb1291

SHA1
3287e72c9de80a6533e915201eac41f8e8d34ff9

SHA256
85907b2114e8b65bcede809e2bc0c195deca42ae654ca42c52553d3b00376c2a

SHA512
2c13d5b1531fb072ef52a51c0f04dff4c5d019f949d8d40954052668318f301cb561237c95b224cbe3fca8185375c05ce8989d90b3984bf201d0a0fb222b5888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be9b8ad8-015e-4b3c-8de7-667baa4868be.tmp

Filesize
2KB

MD5
5a441dd56730c0b40e06f20b06c36a23

SHA1
be0bf120fd903260b6003ef0beb129a79302b87d

SHA256
27749d8646111244c77a32e8592f1b5f2e20e376e2749bcac123786055de8d0c

SHA512
70c2136d2a6061a789e78cf8d3bcb9c60802bfa2c39ed3a9bb4a962434d8deda39278585a540c101a6c71c401511bd1bd8f143e45138fcdbb6a8a0e3be33d139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5eadd9d35c4672bcdf771a673764647

SHA1
bc663ada77a21cc945f1d4374b397791dbcb60bc

SHA256
5cbf68881733d18f19a868f1fa0b1a1450abac0adc0de661c7b98c520d9604c8

SHA512
35a1144d6247cceba9addd66e37dc7e25eb5f3574a4ddaaec288ad5b1dfb104949fecd655ca418438fa29b4cac7eb9eff49a356b506e818b7711613bb07ca095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25ba01b20eea8cbd8f75082bc01c6c6a

SHA1
dd22aa9abce45090643f8530e4217c9e777fcce3

SHA256
e2b6cb3388669a15a8a16c060e9bf39e9579180ee8b53c6caa5376c98e478c18

SHA512
2600dd0278c734f0c2790872e2e301ffc0c8c42840797ba77ed0a06dfa33587e20463f372115fb40183e7b38278a7ec11239fc476ec3b03c927921a109e227ff

Download Submit