hxxps://www[.]youtube[.]com/watch?v=dQw4w9WgXcQ

Analysis

max time kernel
165s
max time network
169s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
03/04/2023, 18:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=dQw4w9WgXcQ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2256	3808	WerFault.exe	71

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 77d59bfe5145d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7310e2d15666d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "115"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000068c77b058ae8e2263ad1e38a5d336e56a8b897dcbe2471e187ecd2d735711345314f90ae31710e3724d7a584001baa699f62f6fc94860ae43d31	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{BEDC4FF2-3D32-4068-A4C2-DC3536CBDCAC}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\youtube.com\NumberOfSubdom = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomain = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "208"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000c2569f2f7c229ac8546bf8fedf8ca14122344acb501a94f0d1d35ad45763c91eca80254c67c449949a25a32830168003f966b6b4cf809bf6ab20	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 829de4d75666d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "93"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "93"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000ce6b917458137f868008d8679b641745f69c6a95ec0f6d68fd62e1eecb65c13a57695ae0c33a149f9832c8322207da2c9554c071a107bdd4371b5178965cb3c4aa2379252b2bdc2846018482a2d58ddf32947c77d3f4ba02bf6c	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = d9e8e2da5666d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4180	powershell.exe
4180	powershell.exe
4180	powershell.exe
2564	chrome.exe
2564	chrome.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4292	MicrosoftEdgeCP.exe
4292	MicrosoftEdgeCP.exe
4292	MicrosoftEdgeCP.exe
4292	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeDebugPrivilege	4180	powershell.exe
Token: SeDebugPrivilege	2804	MicrosoftEdge.exe
Token: SeDebugPrivilege	2804	MicrosoftEdge.exe
Token: SeDebugPrivilege	2804	MicrosoftEdge.exe
Token: SeDebugPrivilege	2804	MicrosoftEdge.exe
Token: SeDebugPrivilege	3808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	504	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	504	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2804	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2804	MicrosoftEdge.exe
4292	MicrosoftEdgeCP.exe
4292	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 3808	4292	MicrosoftEdgeCP.exe	71
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 4292 wrote to memory of 1320	4292	MicrosoftEdgeCP.exe	78
PID 2564 wrote to memory of 3948	2564	chrome.exe	81
PID 2564 wrote to memory of 3948	2564	chrome.exe	81
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84
PID 2564 wrote to memory of 3972	2564	chrome.exe	84

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://www.youtube.com/watch?v=dQw4w9WgXcQ
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4180

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3808
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3808 -s 4744
  2⤵
  - Program crash
  PID:2256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:504

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe76cc9758,0x7ffe76cc9768,0x7ffe76cc9778
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4764 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3796 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3220 --field-trial-handle=1856,i,7542832389495150978,7029163081362736283,131072 /prefetch:1
  2⤵
  PID:4940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc4dbdcc4c45bd508a76fc563ee82c4a

SHA1
8424ef9301e54d9ad6c5d8a5aef73c4390c44b70

SHA256
a742ee8e03511dc87904bbc2dc90247db9e6eb058c7fca9ffa53e901f710ef54

SHA512
ce8dbfa904ef5802e904f2e3471e8a1f8ec13a712f3afcd25337644ff41aae2682ea340e1e3b8e35f0adf0b9c30ea52586c31c55525775a28f6a9f96a5f3baa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7265f23d9daf2e03caddd0d12f5838c8

SHA1
9f337521be224abe7d15af90e27eaccb6d4b01fe

SHA256
0b0602427022934f136a3ef96538733b63a22d0ea2628a0da6e3e5054b97029e

SHA512
a06840fa4734786e9247501cbb89f566b9a09020ffac0391b55e2e3b8fa51b5cad0d3f781ac1cf1123fe6870a4358b2bb02074270ace6aafeae5fd043414dc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
379ec6b1e1399d749043e8f3fdcc93de

SHA1
663f6acba8f3dab2840941af67754738259b8199

SHA256
5ab729276d1e9b725b43bc91c5ac31f459a2d931d32cb7d3e97e670e77b275ee

SHA512
6cb1cb3a4c7c48d95d7bd01626b4681148f7180fa63612334c35f1f48ef4f114f0883eb3edd9682e477a6392575a8716feb8e24c4a5a77ea336fa96d9a1b51f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
67cc3328c0f71829f68e4cbf07c50d1f

SHA1
3c29dfa09911399ad1e4b3fa5d6862e9883e94cb

SHA256
1a8aaaf625b8fbb0086c6d903d86f9aff1e372ed07393f49c45d6dafc9fb4245

SHA512
40e712a157efa6feeab34d4406cb3a7399a16f07976c7050516bff25a9cee1da5d9ecd2dae04b6dff18f20ff6ba6b5d05f52f6dfb98611d990009882ce2a2b32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d0ba481946a2b107813e603bb70c66d7

SHA1
68299bccd68075bf8e9d33f244f53855783fc970

SHA256
f89949a4a37069d7af4b3d0e1d7d1c0be5cf57a45ff58c9b8a9d52d753fd4452

SHA512
215c2f100a2c0d1a989954cacbfad623abb560ce2af0b46a8d7599ab141cdfc7809858bf4a5e34d6e6ef64050a13ec25590e2afd95d43c4ca97af4786498fea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
efc225a88ae6b03340922d38f8b51666

SHA1
2f539ab73470ba0509c66b54460d499d5b036222

SHA256
f78fc89b936643ba807a8678b7da958d4458bcfddb13da27b8ccf2d58af79f5e

SHA512
937b434bdef4b5935a41bf49e627a35833c5aed11bd747bf2a38567233ac1df47b5498aff08325cab0ddd9fdf1bf40d858f1c9f76ec1950369323bf5bcdb3865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
d349bf73916e5ef4c5ad91d1b76bf127

SHA1
38950d79db2852db714e9d3cadec58ba97cee5a9

SHA256
ac08e9cf9178997399645f3b0f5c3fd3ab36bed7e969cb67520247fdd98ab9d2

SHA512
c3cb2e18804313dc21982f42feb8a1366f1b1f3ac07a2a40995ba9c4be7fb4affec4dd82b2227cb2fdab04b80eae77b9d9606ab6b4869e85b3662644200525e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
76783c25244e22dcb5779f34d1231ed0

SHA1
940a44bfc424c842b9396e5cae47b83be92a34f7

SHA256
9ef34a1fdf8e2cb507f12930eb17bc14a8671140ffc27936849b36de3e8759a3

SHA512
a1e13adccce47c7b22295d33b8111f12774f0c63bbf04757c205f771eeff6d1360484e8f112f9723fc76c01ca8249aaedd1fcc4f39658d3843ac240528d2d190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HF6Q3LJ9\www.youtube[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HF6Q3LJ9\www.youtube[1].xml

Filesize
423B

MD5
0f3e6c6a763e7bc16f65c37c10d4a269

SHA1
a136029d2ff7b4866348f197d3ee3a37054aea2e

SHA256
89085c2df49169bb041fc041aee7a9f11d7bc9965acf1c71c453d7bc2af0ce3d

SHA512
998775dd85e57f6bf1142082814b6a5f434f328ec9692d57b58c2bc518ba3490f6a5dce45939e71b92b09fe585a5afd12f12f51506045be1a853e865382a3a90

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L64T9OXW\captions[1].js

Filesize
68KB

MD5
b250971ab5fa9d843ac22aa0ac109b01

SHA1
bfe0ab719c9d5a7d85945503ebeb5ba08bc3a8e2

SHA256
8c9f4c2a6189bfe85991524fa7e31968a8d216f2a38b82ea9dca13b355bbcb75

SHA512
2c770585dc971b70fbb21f4fa705cee96f3373868068b8df6394d53ca3ab10a3a4baecbec72487a5c67e419d577d13b04f0cdd022165f5320488bc54e68b90c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L64T9OXW\desktop_polymer[1].js

Filesize
9.8MB

MD5
c769c0c6a6318c17dd30462b0e6cb9a7

SHA1
c1181d29ff12f0c68338059c9b899fd6495f2ced

SHA256
998b6abaed0838cd2dc7a64ceacb4a7827153512bb166cdbac5a68eb973a68af

SHA512
69c8fb7c46276e7b6fed9089ad44213983580601760c4fb9ce5d6fa0e55d1c9a0ec77a7795ccdf6be44c43671876ea163acdc0b8956c9c479ad6bf6c53f6571e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L64T9OXW\intersection-observer.min[1].js

Filesize
5KB

MD5
936a7c8159737df8dce532f9ea4d38b4

SHA1
8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5

SHA256
3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9

SHA512
54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L64T9OXW\network[1].js

Filesize
15KB

MD5
719a49d6bcb91cf96a374209205fed38

SHA1
be0339ee222eb11f62ef2134ef8dc45c5f3923b3

SHA256
a48608ea85c73247cc2a1e24a20dcdab9b4e6bfba273b2737d7364bf7dabbe73

SHA512
316302d8d70afa77d84a5b81d8b92ec36beb755670571aaf91676d3d56e99de89276857f103b5b12f94074c0427e1f3eab324806d782d41ca5f9bbf5c84f6908

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L64T9OXW\offline[1].js

Filesize
127KB

MD5
627812de8a22d3e3b158b07e086b2389

SHA1
c4d6af1edb8e15a381854bbf15ad2129dd3294dc

SHA256
7058a10dedb842177109e084b70d344673486a9c6d2d0fc36835ea7a46fa522d

SHA512
c0788db01375a4a2b12da00e00a12d6ff6437e62d0e5193cf953aabb97100ffb31be103521637757b426f8ef2771a24f33699f3bf78c6c3b1fc6cb4d019cfd38

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L64T9OXW\webcomponents-ce-sd[1].js

Filesize
95KB

MD5
b410f18f749df0d2eb9010c67eccf787

SHA1
2cab0b8cf450210c68a5cfd3a7214de2cbb64ce7

SHA256
608ddef93ccc55ee53c88b274e5b1b74257eb6d7ad4c30eb9c5b2efafb463098

SHA512
298f52991042a9ac5a3c8bf7e422cd6b05ad77d0c244c967a17c2496fb326d0c48265bd6f6f5ac2c051fcc68f464331b73a7aba8a29a97887d97c44f01848320

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\annotations_module[1].js

Filesize
67KB

MD5
37f7fc5b8f6696a7efee9896183ea110

SHA1
e82fc41a346e1b6ff5ea68b913fea4d8f3f4de47

SHA256
998f70e1be017be52ed15b7cb68141a9bbcd4319d8f494d6958939fd9af5f125

SHA512
6cae65089a31f965ba5a30cd5253d17670f36774b4a0df6dbd2d090f078653864371aead335cf5afb2954832053ec5929c4efceeffef82ba2f3168597681fbc1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\miniplayer[1].js

Filesize
6KB

MD5
74d28e6d4f5d1d2b80c62e58233fdd3a

SHA1
7754e6f911b8deeb6877a810414f4e801c425a9d

SHA256
85e2b13bf44206a11ccb84129bb81114f78e1af8c569ef4a11e931d719cd0092

SHA512
361df1f7454c7d064f4f960569e86a4f374bd57c4c79dc10c3ab14eb1de358fd44ca552759a418f5f22167810bff16162446ceaab6e0e79a0096d0a0d30ab484

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\rs=AGKMywH0J-y6iLyu-K59tMAxCqVWsE6cvg[1].css

Filesize
117KB

MD5
5611a7d2e5db6ecf2b0a8f6158e156f4

SHA1
3967b238dd8faac8ba552e3a0a2c1e65c62976b1

SHA256
ae0ce28d138ec9fbd664d7e1ed6253a3293b0e0af040d4c6e416d81276768289

SHA512
50d5ca2883d8415b19220ef399ffa68f3088369529ae281ba63ae7722c0cba209260500cded64e81243b919e21ea1200d70712b59dfd0dc3407c1f7f30a3a827

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\web-animations-next-lite.min[1].js

Filesize
49KB

MD5
cb9360b813c598bdde51e35d8e5081ea

SHA1
d2949a20b3e1bc3e113bd31ccac99a81d5fa353d

SHA256
e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0

SHA512
a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\www-main-desktop-player-skeleton[1].css

Filesize
2KB

MD5
03d18db0d1768a83040d99a62d9c7729

SHA1
4cafc7fc9f051269cfb94f849a2b71b3bc3fd73d

SHA256
d573e07924dd56cd981b479fd8b090da94524fcab66484204c2b39b04d87b1b4

SHA512
6ae9fe0e0e8785bb31dcf7623c64b6bf961be44963c0c9a8bc5565c4cc2348ac8a63a76878290001dd2bff05df82b2ccfffa6e4e804c780f68d7cc7ae68a34e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\www-main-desktop-watch-page-skeleton[1].css

Filesize
5KB

MD5
5f197634e3d476aef3bc1f961ff67d00

SHA1
b191e083fd20b19580eb48955e0c547f4ffb0498

SHA256
fa2f74f4978bddc2f1213c8827000c320aa257377516d8e371499b94d89db3f2

SHA512
de66bd3ad00d618850b9a49412b61621952b74967ab28061e6f320432b13b576199220d2522a845fb9e5ca72c396f3286b9d01078e56056b7c83c71b6ce74319

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UK7Y59AT\www-onepick[1].css

Filesize
1011B

MD5
5306f13dfcf04955ed3e79ff5a92581e

SHA1
4a8927d91617923f9c9f6bcc1976bf43665cb553

SHA256
6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc

SHA512
e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\KFOlCnqEu92Fr1MmEU9vBg[1].woff2

Filesize
49KB

MD5
08c655068d5dd3674b4f2eaacb470c03

SHA1
9430880adc2841ca12c163de1c1b3bf9f18c4375

SHA256
4fc8591cc545b7b4f70d80b085bf6577fad41d5d30ddd4f0d0c8ab792084c35e

SHA512
b2fce4bc018fa18de66095cc33d95455a4d544e93d512b02bcb8af06aadb550cd0f4aecbceaa013857196c91b6e3c4565a199835cfb37c682cb7bddb69420198

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\KFOlCnqEu92Fr1MmSU5vBg[1].woff2

Filesize
49KB

MD5
8a62a215526d45866385d53ed7509ae8

SHA1
5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5

SHA256
34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d

SHA512
845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\KFOlCnqEu92Fr1MmWUlvBg[1].woff2

Filesize
49KB

MD5
90f0b37f809b546f34189807169e9a76

SHA1
ee8c931951df57cd7b7c8758053c72ebebf22297

SHA256
9dcacf1d025168ee2f84aaf40bad826f08b43c94db12eb59dbe2a06a3e98bfb2

SHA512
bd5ff2334a74edb6a68a394096d9ae01bd744d799a49b33e1fd95176cbec8b40d8e19f24b9f424f43b5053f11b8dd50b488bffedd5b04edbaa160756dd1c7628

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\KFOmCnqEu92Fr1Me4A[1].woff2

Filesize
49KB

MD5
ee26c64c3b9b936cc1636071584d1181

SHA1
8efbc8a10d568444120cc0adf001b2d74c3a2910

SHA256
d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368

SHA512
981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\css2[1].css

Filesize
2KB

MD5
f7aab2e4f194ab8d1f396c0c40318299

SHA1
969ef8e2bdd4cc8670a281270f6cfa6850d04b2c

SHA256
f57cac4f1bfe3bda19f853a4c497b0186481fbb5f7b786825da4cb0edff79d7d

SHA512
042ce410c42c494399547aafcd8df73275175ea076cff2ca2504a01ed49dbabc594c21157fc3a64d6fd081b2e30e4fb1237a0b836d57cce81546d68242e2a98a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\scheduler[1].js

Filesize
7KB

MD5
2c741d303e5ad03fc5c50b8ec6f3be09

SHA1
1b48c16f18bc4a293ef0cd4777d37b3b039536be

SHA256
2520f559f7bc4e171a9826769bef6566fcca1b70061c610832778c2c366e0778

SHA512
c3585d8a34b5b71440ff4b5706a92c26654455fa1a778441c18f18dc344c3681f6d71d5a169b15452ea64e504a18ceee3f60111033cdd5abbb90e809b559a18c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W8BDUI0H\www-i18n-constants[1].js

Filesize
5KB

MD5
5eae7233ffd6b404a912fedc9cd5f033

SHA1
9ab8ee6f71d53087105b8b277a774c18279d9b02

SHA256
b4809d3495c2e0feed0ae9501cc7fae69f0cbe5c251d51d4cf6d59631f20328f

SHA512
ffe893c89a660937d025db636001e0eb6a2c84a893f28dc1a28fe3750f3cc8ae763dc3110e7232a8adf7af0df600968817257f3217815640114833077e7fdd88

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WUHMQTT5\base[1].js

Filesize
2.2MB

MD5
36f0e3f3cab32cbdeccd026a3204b821

SHA1
abf88a52a912cabd9ab4c427d969befed799b016

SHA256
5e8480acc9367123050f71e79061781e38035c56a88810433204678ddf2a1cf9

SHA512
3c53b511087f17a2536e40c8249618c711695316afbb3bbe070b0d0e33d9d203cb9de8ce6acbffdc88bb7b3c52abc4bc4c543d240ef43293435b78d60f477276

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WUHMQTT5\hqdefault[1].jpg

Filesize
17KB

MD5
074e969bb4b56acd26091b19784df7e2

SHA1
0b8f66fd70f29859ea25ee481ff33f93bb84d512

SHA256
405893b0bf0b3e87141e7048e1cb6665ca5593fea1b159ca0ce90e77d049c51a

SHA512
0e7286126446b64efb16d8891ae2a649e4ccce337510eba812294e78b78d3d2680f4504bfcac7a8347e809c2e3fd905215ed711f60894b25a5beeff252372c8f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WUHMQTT5\remote[1].js

Filesize
115KB

MD5
2b89e3135027302691338f5446a58e1f

SHA1
2042141dfb1c5d3deb596d9ea113d59254c8f96c

SHA256
6e4e8b68e1ce23047c594d8b5326096467c457693e9b171eaa8ab9d7fc7942c2

SHA512
8252b8e1cdab29e5d4ff6c364f9e564ed3f3453ebcc4b33d87112a8333c0ba2529ef1d7b0a00070b9541a83bffea87792630b80fc1ac87e4c61ba7d6a0f6b31f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WUHMQTT5\spf[1].js

Filesize
40KB

MD5
8c0fda0bc13127279e08a2300fffea85

SHA1
ed3e299a6e40e9ff27932bb76441ff10d5586838

SHA256
c35e47efc5ccfc069a9980c584d47aa778f7192c2dd2ddcde19872b09c82f635

SHA512
a34fec062b2108d8262d6a2deac4dff475f8811f5b8e0f415363e898ea017d09e1079be56c0650754fcb1060b9436be4d8d349ecd7fb6e861fbe356dc96ff9f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WUHMQTT5\www-player[1].css

Filesize
400KB

MD5
1b6b0bb6130873dbbcdb54576bc3d994

SHA1
820bb6bf0c004834ac0baa330cc48730c39bc476

SHA256
e0fe6fa1d16c178404be0b676d3dee54f067b9ffe0aaf8ef4aa0012a6b2f3dff

SHA512
8094ccbb1c2e00076685add970d5eec9b251226446c228f93a5666e54ee554a3d56f1cef985a094f9d31bf5694570ea8c01b24a89ce37620ec5ec486d7805056

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HF6Q3LJ9\www.youtube[1].xml

Filesize
423B

MD5
0f3e6c6a763e7bc16f65c37c10d4a269

SHA1
a136029d2ff7b4866348f197d3ee3a37054aea2e

SHA256
89085c2df49169bb041fc041aee7a9f11d7bc9965acf1c71c453d7bc2af0ce3d

SHA512
998775dd85e57f6bf1142082814b6a5f434f328ec9692d57b58c2bc518ba3490f6a5dce45939e71b92b09fe585a5afd12f12f51506045be1a853e865382a3a90

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
359f684dfb4933228f0eb855e493a39d

SHA1
5a975a7029293c2ce655eecbb5a0df1b0c4297bd

SHA256
60c23c4f23cec430297006a7fbb9c1ce29c7d24bb0ba32b73e0fda651e15e355

SHA512
c3b9627f637c7734abbdd695f5829bb3723caa20c7711cf216937a0e0695f1b4ac43d02fe12ecb9c7f5f97e9cb6c37199f17b8ed3b5de9a5b6dc8d455d55481a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF

Filesize
471B

MD5
d5ba0d24586872fbb887f9ace5b204a6

SHA1
748b10c9a747a90adf10b8f8dedefe59a22ed072

SHA256
5d50fe5859a98b867ef22fd65c4ab3652d46188813256d43ba7ac61e2b7c9a18

SHA512
07de9e9b557799f7e957bddf31ffad54c7ef3076cf25cd884e8d17a4e830f131278e768b7fbad3a3dcb10bca99c1ed60fd23245cc1bb2d60bef04e2ed3434895

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_D4D984CE2F722C428A917DFBA46E5C25

Filesize
471B

MD5
dba2a52bdefb15713a0fea827a2443c4

SHA1
2a11a3acdc0296e8e3da51031fc3d4db7450ffbe

SHA256
cf82a044c8095aec5c33023c42b4ce2b7f16f09ac9e9894063a4084ff71e7d36

SHA512
294f644350e404cd27140bf23618e040e3c5b547c1ece112a13db47c4427629f77bdfaea9851b7e2112fe1832d27a3add881c9fd997571d8a0083955ab1cfd7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_D7C546632196AA193400926180B87F4C

Filesize
471B

MD5
9582396ee5b8971e9bdd5181b45a9d5b

SHA1
30e01e66e28dc4ce92b4df04f39ad2edbcad86dc

SHA256
4446f513d8955d51919096030a215f4c06cbd511d46d711435180154c955e8f5

SHA512
73e25cbb22d2c18748121debdc2f82c36bf9d1f653024720815cbbae4c9691efde5eba0f65ff8ccc3a8c553b14aef65423cb97163213d1f7aed575f02cd9f6ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
80b94c32f860ad88dac236c6eff54ecc

SHA1
0b17f9c7313f197831a9a747bc5ac59ac0bf9d41

SHA256
849500c82323ebe4f31a65e2e4c407049a0f508c99b71315119908207528ed26

SHA512
d042f9a93f3e07bfd540274e9c94962fdd1b20234da67540e938fbde332900eaa142668a0b97ceb17533a61923a6b05019e16ddaa4350272345b61a73b1521c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
9406b91457b7bc9e8701467c4e4cef1e

SHA1
f7bc5ad65572c0ef06eace74db9fdb1a3e5486be

SHA256
58b5ace07431236e08d591230bfb8e9092ee77fd515548779eaf37ee300f5671

SHA512
96349f491a721b93f800bac0120705f82ee1a012349ecb2ee1677d47a7bbe9bf4c5f7e755add387577a65b4e7e0ee99631b727c90b8ad5f2579b8f24272b542a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF

Filesize
406B

MD5
94c207905a00e9b21477bc2c63ebe217

SHA1
ae6527620ae780b873ec5f48722d2155826f23bb

SHA256
9366c07661a0184b25db8eff92485694d96655c0e6de651a005ca93f95880da1

SHA512
8a2cb2e99298b9129e14817afb6b764a5718a3d83428d215a32d9258101f9720646a971b40fe0a18fa868fbfa6050dda22a68b910be601bfa7e8d3af3e0ed3a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_D4D984CE2F722C428A917DFBA46E5C25

Filesize
406B

MD5
94d57f4f6feeb439fd486d4decd343f8

SHA1
9de5ab865194e773614a0decb5578ee0769f7abe

SHA256
d1614abb185372184d541f0c576337a956200881b5ef62b22d4f541924c44562

SHA512
52bf3fe2066042f93bbf562c10cd28bab384a93c66c6431a3d94be35a89d9ddeb35b0cf5264c844933d3b3a0e1bfb19eb5b6a0261571ac39afdb1fdc23c57221

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_D7C546632196AA193400926180B87F4C

Filesize
410B

MD5
951949d8dbc927ffd407bcf31b22449c

SHA1
3f004528be1856480c6c3016855fd9f7fd7b8fd0

SHA256
a59b256e39db1bae0b52d37119904eba5f17c14dbc7ba94b20f57b2f2b23ca01

SHA512
2199532aff692afc34de2fb23f96a387272f0bd35fe5642d079c6b76cfcfb90d5eed8476075ac5c491f41fc3343100b5ac212df4560699823b6a8f1861dc1e79

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5clw2ysa.wf5.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/1320-589-0x0000025190F60000-0x0000025190F80000-memory.dmp

Filesize
128KB

Download
memory/1320-568-0x0000025191340000-0x0000025191360000-memory.dmp

Filesize
128KB

Download
memory/1320-595-0x0000025191750000-0x0000025191752000-memory.dmp

Filesize
8KB

Download
memory/2804-158-0x000001EF0DF20000-0x000001EF0DF30000-memory.dmp

Filesize
64KB

Download
memory/2804-174-0x000001EF0E800000-0x000001EF0E810000-memory.dmp

Filesize
64KB

Download
memory/2804-195-0x000001EF0E0F0000-0x000001EF0E0F1000-memory.dmp

Filesize
4KB

Download
memory/2804-197-0x000001EF0E3C0000-0x000001EF0E3C2000-memory.dmp

Filesize
8KB

Download
memory/2804-199-0x000001EF13100000-0x000001EF13102000-memory.dmp

Filesize
8KB

Download
memory/2804-200-0x000001EF12BC0000-0x000001EF12BC2000-memory.dmp

Filesize
8KB

Download
memory/3808-481-0x0000022BF80C0000-0x0000022BF80E0000-memory.dmp

Filesize
128KB

Download
memory/3808-462-0x0000022BF9AE0000-0x0000022BF9AE2000-memory.dmp

Filesize
8KB

Download
memory/3808-311-0x0000022BF8DA0000-0x0000022BF8DA2000-memory.dmp

Filesize
8KB

Download
memory/3808-456-0x0000022BF9AB0000-0x0000022BF9AB2000-memory.dmp

Filesize
8KB

Download
memory/3808-459-0x0000022BF9AD0000-0x0000022BF9AD2000-memory.dmp

Filesize
8KB

Download
memory/3808-453-0x0000022BF9A90000-0x0000022BF9A92000-memory.dmp

Filesize
8KB

Download
memory/3808-450-0x0000022BF9A80000-0x0000022BF9A82000-memory.dmp

Filesize
8KB

Download
memory/3808-309-0x0000022BF8D40000-0x0000022BF8D42000-memory.dmp

Filesize
8KB

Download
memory/3808-287-0x0000022BF80A0000-0x0000022BF80C0000-memory.dmp

Filesize
128KB

Download
memory/3808-447-0x0000022BF9A20000-0x0000022BF9A22000-memory.dmp

Filesize
8KB

Download
memory/3808-260-0x0000022BF86A0000-0x0000022BF86C0000-memory.dmp

Filesize
128KB

Download
memory/3808-247-0x0000022BF8420000-0x0000022BF8422000-memory.dmp

Filesize
8KB

Download
memory/3808-239-0x0000022BF84B0000-0x0000022BF84B2000-memory.dmp

Filesize
8KB

Download
memory/3808-313-0x0000022BF8DC0000-0x0000022BF8DC2000-memory.dmp

Filesize
8KB

Download
memory/3808-236-0x0000022BF8490000-0x0000022BF8492000-memory.dmp

Filesize
8KB

Download
memory/3808-397-0x0000022BFA900000-0x0000022BFAA00000-memory.dmp

Filesize
1024KB

Download
memory/3808-500-0x0000022BFAEC0000-0x0000022BFAEC2000-memory.dmp

Filesize
8KB

Download
memory/3808-503-0x0000022BFAED0000-0x0000022BFAED2000-memory.dmp

Filesize
8KB

Download
memory/3808-417-0x0000022BF8DD0000-0x0000022BF8DD2000-memory.dmp

Filesize
8KB

Download
memory/3808-444-0x0000022BF90B0000-0x0000022BF90B2000-memory.dmp

Filesize
8KB

Download
memory/3808-321-0x0000022BFC5E0000-0x0000022BFC600000-memory.dmp

Filesize
128KB

Download
memory/4180-125-0x00000189A61D0000-0x00000189A61F2000-memory.dmp

Filesize
136KB

Download
memory/4180-130-0x00000189A6300000-0x00000189A6376000-memory.dmp

Filesize
472KB

Download
memory/4180-128-0x00000189A6040000-0x00000189A6050000-memory.dmp

Filesize
64KB

Download
memory/4180-129-0x00000189A6040000-0x00000189A6050000-memory.dmp

Filesize
64KB

Download