hxxp://youtube[.]com

Resubmissions

31-01-2025 11:33

250131-nn49gawpbm 3

31-01-2025 09:59

250131-l1kdqavkel 10

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
2084	msedge.exe
2084	msedge.exe
1128	identity_helper.exe
1128	identity_helper.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2412	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 4960	2084	msedge.exe	82
PID 2084 wrote to memory of 4960	2084	msedge.exe	82
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 3408	2084	msedge.exe	83
PID 2084 wrote to memory of 1136	2084	msedge.exe	84
PID 2084 wrote to memory of 1136	2084	msedge.exe	84
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85
PID 2084 wrote to memory of 4152	2084	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe015246f8,0x7ffe01524708,0x7ffe01524718
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:2
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18120336475813838338,13014967707304647211,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2b9846d9a6702cb82abafad88203dbfe

SHA1
1a10dd05cbe71eaf5314c0a8e837c02f72a9bf9d

SHA256
f4b44e2867b261cd3a97e28970d0c658b42559efaee39859840ee889f171036c

SHA512
3519da312ee2100678ee2b2bb78c140d409a1b919e2ff4b411ca0b28176a8bdee7f2c0391ee6d7243a9d07f7d0ae4de9006b800e23d194cf2916a7633a2b1e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5ce652c129cc2a4d81601ff49b0e561d

SHA1
a68c022580004e15358f83b406e62655a11ab20c

SHA256
1c9dc21f30e6f5334522949cc4796f3bb70a11a3cc6475fa9e1248a3d2e0af78

SHA512
81541b72f2d3ff4bcdd273a258b957eb1bdc92bdb6ef261f1017bbb95aacf3dbc88d49ef502cf2ce1cfe2f1c8d080225fe190ab6f28d11a6c34ca0677fc7308e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6365a8f915fe06369a2a612d1a0921fb

SHA1
78730f87488ed671ef62af0a6522131cf7918cef

SHA256
41caf40a7b690f3ef54d22537e97d243f37603bca62e0bf840a349c5461034ce

SHA512
1ce1e1257b2ee02c69792cf60a41a819a71aaecd64a4a12ab152425fbb6edd18105352b0c21a521252f0ac4632965a5b2f61bea985dfce26f7531bb407bbcc8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66ba08eaa9cbabe191384157300bcd8a

SHA1
3baafe458a6ebf5efcf5281087c28d58ffbf228c

SHA256
11e28a6dd2cf3746b4cd9db968c79aed855e74aa2a230716cd301691bb2bf124

SHA512
92ed063b65c2393e32ad1aad3c3d747a4f9446371fe9952e62625f5264d4aa28ee317542687780d8e88ba6d6ba519459726cf0645fa448bca0b16d803be940e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b18bedb01924c22254e04f69da928a6

SHA1
2e5ed0cb98be3c5ac613e6e91c6fda5cba3aa936

SHA256
42cf6bdc3bb74c57bc9b68b607d405c0db5af9b096d3d5240da2ec96cbd792c8

SHA512
67b9a4d65cb7eafb7afe839404c35f66185b0aeeaa7a8e6f4c6429f6ac6ed5b4fbee6607a611b5bb103e20af0e5ff63bb2e94261c1ac53faefa026983d51a720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5dc15df-5f6d-4a22-939a-bd35bd47bb0f\index-dir\the-real-index

Filesize
2KB

MD5
547edc8a8fc6035c74771ee6a057e796

SHA1
cb5fb08451669bdc045065299f874b1057368bd6

SHA256
4317fa14b4e3ac1bf4262946bad4c665caab2a07f944288238fb833edef3e3b0

SHA512
fc5a3f0f2656927768b538881149f59f97f16289070e522cf921d05c3927c04b74094049ea7aec122da790763e17e4d24288689c4892cc2d6ad7bb9b8ab41152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5dc15df-5f6d-4a22-939a-bd35bd47bb0f\index-dir\the-real-index~RFe57e9a4.TMP

Filesize
48B

MD5
e6f2d9ca2ef012c988c199fdc297c845

SHA1
ef2545e6eb1b7e0412e341b5a8d2f53e58b17a40

SHA256
1346995b0525866bf8eb14bb72ade06df693775c8e2c5404c8ff3151ea96121f

SHA512
2a5a59b7faec92e33db9a18b44046168da7900cf1bdf6289c9d842aaca9ba032d2df72e988f5934e9acf91db384ef95153df64ae62f1f237e933ace3437ba173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
f578b0ac3d3fa7e2e1a86a694dddb4c3

SHA1
6d5c9aee5266ee2d4d5bcd4d290edbdebacecdab

SHA256
fe70566f57519a2c7bba4cdabec473a5c7769fb82ec5f762e34f931cd1153611

SHA512
221093ac820976cd2261c3ccdf8a2520477fc74b5ff5aee7b44ce899be69f5c317f3813a85a4909d39df7a7be2a3554292715c838e81f2afcee10d13e34fcdaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7412638ff7753a5bb173d676fbff3f9c

SHA1
3af92c16ebbb78a48db7b0d4420436d1d890b2c4

SHA256
071ef8159d523d8d9e3e84a6e02dc8ed6de9e29152c083647acb7bb566dac4cb

SHA512
8d400c3fe93c16e9ba759ce4490a0c6ba5d543d2e6be40e0c60442e7a51fda8da6dba8ee93a9bf99639ea8c3d4bb97c86b8802d2033da7cf3d45975a90c94498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
2b759555eb736cba61488559f4ce3488

SHA1
d4d674c951a175b5c16fb910fa3897358653359d

SHA256
aabfdf38bfdd0739e04f6e082b69732bd437c2b04aa2c1eca3277d3f7d38734a

SHA512
70f37897a42da2ef18ea7542257d876efa39cba19cad67b6a11c3a85a3cb8986a5ee0d37c1613a947c892238701464e7cb81507f483a7df8572779ffa2f590f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b5f4f3d28cb9a52c1282290f08b21de3

SHA1
dbc3f576546c7103797defb60355a66589f2c9d0

SHA256
f790a25933ab7c11e1a7cdc100d76a3116432a3fe189c401c21997af83a30c54

SHA512
007fc64ce902cee980023374abfd6741d7bd82b952e56c2af49bf9e9972b2b5d69c7f3d10e357bb543ab12dddec6017f34e990c193c0a9da1e1ea39013594461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
64fe2d6676df1d6c9a5efd7ec3305045

SHA1
a7ddb1546522b1f5729951a958bd1fd38c1c2ca2

SHA256
cf095be2af761d41a508ce9d5383020d0b7c022ec6a5bde2e4683b5a9ea6e757

SHA512
9edb59a02820ad50c90e60e8ee21cd0c9dfc6ffea7e1bab10155060ec545fd085adc8fd0ad3128fa7a3373fe7ea65d3276e8ede59395e33e8e84211e90ab2966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e399.TMP

Filesize
48B

MD5
089447cdb12efb605047565aa0aa2bec

SHA1
9fca2d72bc895abb3432d97736e3a845ca79f5e0

SHA256
05bee530fcda5364d02b7b1f68d25f0ff2ba6da5b502a9705ca9f2127f7cbfed

SHA512
8f180bec28c0979fc9d31b12a444e46d5e64c2c89288d50ab36c29166b462597f7e77b6ce39ae8e7db10afe853b428999220be84bcfd745b37d65f2ce4ab5709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02e2aae5895fb3cbba43f8fc6cef1716

SHA1
f553a0c8c09acf7c24dfe7df39f58c9546fe99f1

SHA256
a26d525701b5531999140b21679a0787cc328f927b1a9474d2a8077ba5e9db0e

SHA512
9d0c06cada72e9dcbd412fc02ff28d50a0f7573407d25409f7b9009e73208df44b7e8094399745a5223cb1b26c638c945a6961d28bf219da5dd0e8a570fa638f

Download Submit