hxxp://youtube[.]com

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
1996	msedge.exe
1996	msedge.exe
3068	identity_helper.exe
3068	identity_helper.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3340	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3340	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 984	1996	msedge.exe	83
PID 1996 wrote to memory of 984	1996	msedge.exe	83
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4428	1996	msedge.exe	84
PID 1996 wrote to memory of 4940	1996	msedge.exe	85
PID 1996 wrote to memory of 4940	1996	msedge.exe	85
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86
PID 1996 wrote to memory of 2968	1996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a1446f8,0x7ffe1a144708,0x7ffe1a144718
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11401842030676824364,5503734382904003545,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x520
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\056aa298-de41-4d73-9aed-b5c71e828987.tmp

Filesize
2KB

MD5
cdb4001322496b8989119defa8c86f2f

SHA1
2d324eb93116cbc99abb807e43ea7b1773325f4f

SHA256
cc7b069c13b2e8f6e43683dfbd0f28276713e8731053e20b6a498d929152cdee

SHA512
305f1aa854443cfd0a51e4e59fe4642a31f4402590cbdd69d8145e0a667e155bc6cc3c6c9940fe9b03a57e73a749d4b7e6585927b61b7b8b806bc7906ded30a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
211KB

MD5
2b9776807df1c30ef66c45ef60237487

SHA1
17e925fab39688d0d907687da86f566e283ee63b

SHA256
58a7c2031d7dbf5bda9614b64123996aa3bfcb5a783f901145baf087066c04a8

SHA512
e67162fb491ca513627e9fcb69a5db19a15129856ea3d01c2f0b5add061811bc5a0d4b6d8e53e4d7fe155b3bdf4a786cff697df5165368616589b411f8fafcf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
47KB

MD5
709f7544bd3e74c424113e6853948595

SHA1
a8c1d9e6c8493091727f0e303e45ab92b773343a

SHA256
0f2a35c8b824d54b483d0b2ea10964bb7af8eb6b1c86d40efbac4c55e1123a2f

SHA512
c2ed4cbb5e48d04eeb63c94d7d88acec5af101c2da003a34379023d8454d810ae357d0b4265da7027af38889fe307ca597f815111295ed62520f39aabeb2020a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
775KB

MD5
7378f426d93d2f806b536db7d5d1ef37

SHA1
3b7a025816a583f4d77e2d446666cec3d280143e

SHA256
d40eeb6f1bcee392df7288d7ebb484b3e8fc769fa52d13a41804d59573799087

SHA512
44fbb6d3b806dc28ad340c33163649a12fbae9bd70823ad39da45a36e3325efaea3e4d060702d0aa08f417592b7a512b967610e361b08101e7f981bb9cedea5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
86eac13ae042c5838d20274274d5d82d

SHA1
a1edc2336435162d57edd8e9a4a2b7ce2d693fdf

SHA256
2c700f68f9355697fcfb8a1be428158cc2937d2e0d01c0afbaed92cb2cb0c125

SHA512
313452f845e01faa3b45d9b37dd7db8bd1f2596684762d9affd50c1479c73592f06160f459c1fb11e4f7f38d185208b9c86c373f1abf34349daa3314382e337f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
33KB

MD5
4c44a4c4705e1e7ff214516345726b38

SHA1
c50da19ec6fbd99ee4c4f305e9ece188e0d19233

SHA256
7202e097880e3d2f06bd216cc9277332b95ff8b7d3a676d3ce89b869eebed990

SHA512
58c1de9c2d940b1d6195d96320c3b15030439ab71b1bf6a0d9e67c88213a3d1d29602a3079fbe4ce9cde6e6879020c05c237e1a7517c942b6c26f9da681da979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
5453ab01b36914ee8b1f92997230eab6

SHA1
47242e3b48bd3aff0a39f48f169f049f6ae90c73

SHA256
18b650649aeacf096a4f019b370dcbab9125c3f6ebd87a6515a5a8118a1c152e

SHA512
cfc0b0cacfcc7233837320da6eeb9a82b93bd611974c0d4b8f857bc0ca1c887d2dca4ce0ef02198cd39959ffcad170f6e3dd8e919c6bbcd53af341fa1bed3baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_lostgamer.io_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
0d0641515d8424d67a2f966af75fde0b

SHA1
56acad517c95b3d394377bb517939d741bc6b45b

SHA256
98d23d75923160921b01fec290aca6a6b5e415be5cbe5140c2772d5126754bfd

SHA512
e784a0d0a299dd4b7a4afe59ee40e3adedcfd47ab93612f6133e79282cfe9e1b3858d3d4413447b77c4e90ddefe52014f47ca9e5da424a6ceeeb888489cc02f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
63a9dafad859a134a9cabb267ec018c0

SHA1
24a6feebb2e8f75c9389b9c9fc392af12cbaf702

SHA256
064c271d306630c5c9f561b7d284187899d6e914a9d63efb2cc134ae777a82b8

SHA512
332bef5cf90c612da7f2441992096ba09bd9124853b148f4e14060527cac5ce46bd0bbd715c02d4f037dd24b7b90b43e38c6128ae208bff15bc0bee4232028e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11703577a871e2c749d4205a81697a7a

SHA1
fcf378f3dbb5a9089a10e05b7b27c6cf467cc9d2

SHA256
b0b2f23e5cd44650d5f7fd1d567ac3b3698d5d29b5d7969c7080a3a7300e64b2

SHA512
552a3a19fbb8bfc9b236bec3e65b366c2317a612dc4baf6f73d8bd7e07ac0f227b06a3c51922dc32f2fb9b4f4046053035a8efbfe5a6e9e126d5a230edfa99ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
865716f1fe604943a494dd7b3cc01024

SHA1
ef55a3400e2a8676343a5e0f37119547168c184c

SHA256
0cc06c12958036ab736e445b7c5cbfe1800e0ef180d8931fcf2f2ee597419be2

SHA512
d6f62e1abb95e15202e95ee7df485191198f6f4ad01db0cccca09d0953f072fb2e86b822835301700e434b1a319c14eb8b53dfe9b7f230468b82cbac0ef1d91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04cc588888c24fcbe851eb05d69bd9ca

SHA1
e613ca05e98ecd66db89934e9c202fb94d925784

SHA256
54174d351412582b19abd6bed41c298ffadc39736b0c39f2aa031686cc9ba621

SHA512
53ac3e188e1dd229eab9c518e0e60eb52b7650e2362f0b81c3d2fbfcc86e1f50ae6e41d3a992ea53be9a4dd6b9265b464257ad28c5618a7e303d49d3df7c7b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7a1320a83d775866eb123ee0be1048e7

SHA1
42296951d865a57fdd809e05e0365594234666a9

SHA256
c5d13eac94268b83d1a20767859d1fc71673edb4773c87eee6f114a1a03c32f3

SHA512
d19f7e0d5933422d3cb362108090ea37a1f64b593879fc319d51f2217be6914112cb19e548fdd331cfe22dfd3fc7a89f4defd40024091bcadae5413cbd843ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
472270d192c679911234678d3d498fa2

SHA1
5394ed415061b3a4dcf04f2f4c9aca68371544b9

SHA256
f38ab9b660e2a914dcd5ba4917ce8589be227ea36dd56afa9e856f1bfdecd1f7

SHA512
190348276662833d06d512c06d7634a7e22a3bc1f216f47e54e12d7cf02a532376b5141b09fd29f4b984a1e8f126ce2d93dd3a34509b4cede938d7706846e50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05d87e588708f0eabe1ca41e0e354f33

SHA1
9c5cffeb9739e09f88e63eaf5b9842fe1bd8ea82

SHA256
f317d67049dec2ebaa86feaa63965e939de7e74a06d65d4c11a6957554643afe

SHA512
3ed1d15ca6ae98792e304b8cda9762ac51c0a4df4efa555681b187edccff62faa463b6304488a4a955ee4d76fc35d2dec85ffe82e74296b5cb676e40a56d883d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a34bcf34-fb66-49fb-b24a-ca48e7a27f95\index-dir\the-real-index

Filesize
2KB

MD5
6bbeae27f36462ffe176341527134028

SHA1
fabc64069357f518bdb3d4e2d118d840ae5799c1

SHA256
1b887b91cfaa47f7082d5af8484d824b8296a4e2b6d5414828f644f851c2c05a

SHA512
f0443c3bf53541afa5e1578b9a5cc9ede4111c3043231cd9dace3dee12ca86027a19328f3c3ec3401cc4a197f564bd46645fa6ae46a6f33616918fd7b965b60e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a34bcf34-fb66-49fb-b24a-ca48e7a27f95\index-dir\the-real-index~RFe588b91.TMP

Filesize
48B

MD5
2bae9030bcf28f2970254312ec9c1938

SHA1
992f4b3d4549f44b47e6a5b368c2d866766e0739

SHA256
4aff056c4b3243dd2907c1dc4968b403ea71f6abd924e7a37140d6fcf5cce749

SHA512
c612fbe82ead9b24989346904b58545ad7a15c1f08d90db1eb3ab21a1b93fdfa51737287b4427b650d171ea8da57d3c28e8e50c02fd2a7534157edd4cf8a1978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db2ba341-c450-4e42-a328-cf6749bbeb2a\index-dir\the-real-index

Filesize
624B

MD5
0a1578c43dd701f9eda6fb1bcd056263

SHA1
124d8a81f7dcf1a031d344f852348dbd21f93272

SHA256
88b5ca4a3e13cafc1cceadd5f7f42c2eb579319e094c03807bc0f0f9d75b14cd

SHA512
6520aa9a25ed878892bc5b081363bd2f6cc5a7911b32aa6caf1314fa25a5962a98495b6a305e3a57ed1747599df34f5bf68c3e0a8e3c52bea3bb94a65ad03199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db2ba341-c450-4e42-a328-cf6749bbeb2a\index-dir\the-real-index~RFe59045b.TMP

Filesize
48B

MD5
f38c4bd39a37d0d60406f6e384d7307d

SHA1
6214a40d62d22e74f47336905a31cb01ccb09a54

SHA256
4dea17601ca0815e39d7fe7e64e31f802357a8bd7d8f361b48be6d242da394f0

SHA512
0dece192b7f9d184c7a877c252bee7699b9bb8fa95e6a7bbab8890470b4c66a2215f9981deee66560d1fbf5107a4640bb9215e0218f62a44bd85b53f6f75210a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3be5576-d414-4fee-b03c-942acd236c3b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a039e230490f6abaf282b5214b180586

SHA1
000c2b2683a895a45da27edef96e443bc6efdb41

SHA256
d4a1fc86dadb5e95f6f2e546afa786719b916f76092151d38d9c6db61313e063

SHA512
d37682852af81a7b24b845aea4c38e211c7e9aec4bb7ef5e00c771fd86c27bf647e7f7c506058c66667f7ed0205bef150c8c16c473c4d6c4130f869fb60428ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
1b5349b0357f315ee300c8d9d64ec135

SHA1
7c34351a5a568f4ca292eb323bc189f0c8684872

SHA256
91df26163370475d178a81eeff602f147b2453a7895f4d370c934ef35c2cac22

SHA512
f8f90e780a0531f8d1080e5e5952f4b48b42308bd915b7b665ea0d09f169b92522348667e2f9e1514c401b3bddd22a50fdbfba5809c52ddd10f6cfa4939e7911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
c2ec780a08e51ef7eb0a739e447b5d6d

SHA1
ea723f19d2645b5d3329f8785b94a7aed956d6bf

SHA256
dcd6ac836f801fa43115988dbc9d7bd29687361615cc25290a55224140903ae0

SHA512
13db1868605c1a8c70686dc2644ac2e7847b91b12fb94b91b7c46d5e481a20345594e7b9c51f1d3cb21dee14866583a5f462a88e4659fbcb856256b0dff85f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
445ddfd50912f7df78f98eea02b5d190

SHA1
8de476c7509ed62ac06594c66f6501a3f3a8f045

SHA256
e2c43bc77c33ba78abd6e96eb7d7389f96728afe0f9b3a5c9834fc175a24261b

SHA512
3a3d86ee9e12ad40880a1780b2459313e90466e0c5b742cd36b766a09fb39e1b4d1633f55f491078d447b40f6f270504eb12c9b1a863f9f912aea195d66fa95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
24c37e17dc0ab5b7a1e405e51b1b3bab

SHA1
22cf422d2a0f4b5edec1477bc8513762925481b1

SHA256
777b003b1f052d3dea9fed18b1683ed50c1370924fce907702cf94a9da65a278

SHA512
d958ede8d04c351795999404cda8cf5af7ff24b4936dbd779d532d1aac2c1e6321520f9fc00e2326fc07aa95b81219fd821de64f462a633f0e7fa03df737c28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f047945c14b1570e4834d094de52de7c

SHA1
e2f90a6e2b68fc3c3049e45dd78199529997b192

SHA256
fbcf5393e3afe11a0511a03b776a4b02b10cbf991564a727b2abefe1d0f0b2c9

SHA512
a749c91a5850f35d456fe6e088f671d7607d235b13eda8f0d873211a60d8e85c1ee483fcce30ebbc50b820ae4de9636e3b19725371a68ed398c1b9e5265d4122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
148B

MD5
ba4224d6dd3b05c9e594f2b86c766b67

SHA1
74f6b55f6bdad7dec0559831679dc84952bb8b99

SHA256
235bbbd455cce3f880b829cd478e6061c26c467a89f22a20184dfdf07af42fbb

SHA512
dd986e601edcbe25bece4164ca66bcc5e348e9508761a4f242fae08adc5cb3eab40116d97b599d6f14e492166598af0344883171b66a073acf161f9cb5af0073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7771ab3b51e57ada39146f51c6a7725d

SHA1
fbb478ad14eb16f6a199a5599f88b9ab416fef99

SHA256
89faa63360b552b1036d5d3f3ae5364fab0b461b540fa10702460fc4d9c11eef

SHA512
0dcd649d4bb7c4ded032e84fa8b118ce7f51bc8763319953c494158dd59a7b7a7304d41f0ba6c3a017ad593ad9c98aaf7655e180cbdcf3d2894781a7ff035dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f75b.TMP

Filesize
48B

MD5
2dd0b2287a062f56df3b616cbd404c84

SHA1
1b1a450224cda8ed4273cf75678be2dd169d5463

SHA256
a74632149db5a2ba0d4874e99872e853661257286a7fd758d49143653f61e542

SHA512
3d836ea1f34efcfae712e802a0383ca6b80e5a21f131b939ba627389491a1224ff2334b7a2aeec7868bbc25a269cfd4272404de422f9d47953551a1ac38c4d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23d22cc81bc4fca1fb907bea87580823

SHA1
7cd569b559547eab6bb81bc2dae887b195b8e23f

SHA256
1f323687b6f58e29d66008735faaadefdb4a0a74d7314205e46088178b6d5c73

SHA512
4f0201e8b5552f414051f944f659812d978fc65b0d670f5e7887bc771389869604095d176219faf1ca18c4d618b7526d87d8f5e46c4ed75d93f76cce9826c3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c428af3e632088eeb07b773ee4139028

SHA1
2d03eeaa8a83f440cc3da531ef1ea183aeee6869

SHA256
1582f0bccf158665d18f582a3fba4f1ccabff71c1ba7c77a12f3a52100aad178

SHA512
ace91786bac956efc8a5bbbf25453a2acd47578ad5d8a8eded739cf7c4633c45c75a601c7305cd265ad764f6b632965b5cc78ae510702fa1a87c7e4058efcf1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d6ff35c37e7e3514fa707b2283f7e33a

SHA1
d4384bfdcf7ca63a135eef60af0ed052856e48ff

SHA256
b5b36aa6b583fd64aa193266e9e2fcaec1788c0ca4ae67a6cb2a4bdea322360c

SHA512
66462daf05fc7142841b4205c7c133331fc8c3c853e38e694252864a7f7d6e820a5cdccbe93804f828ea5e6708e9c04cf4c8d5fa906f3442f8d0cf1e65a5f595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
6508c94988e945f9695d6571b8c4a392

SHA1
a6e5a19318adfaade42e5076801dafdcb58ad97b

SHA256
d3f62180faf0eb6f4c7bae183605539e6a6b7ee472b25c614052a819bb956858

SHA512
5e7425a8ce25614899fe6115627d923e6d009274fff4596e25b06690f6216ec0854aa642721edfa7f396554139edb5c58605d615ff0caeed27fc41becea35ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c390df5065d45976e981a2a5c347c3b9

SHA1
831b5191f7a765dc7d168c068ea3fc1e77f54a68

SHA256
19dd38e0cd63c5e486bc2c4802bd9c2ad6bf1328792c4e649e52b27c1fcd50e8

SHA512
51e15fcd3d908afb0324595560237b42d5938f1009ecb395c3bc0437e860d72e8cf23658661775295f470105605315aa38d4d37f686d774fc23b957a4e736560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
04f8db25603b49f75f60a62eebb9602a

SHA1
cb3a9c4578d2eb7250ecca4808bc1888a82ae4ee

SHA256
a26edf61d9c230bf9ca825dfa7f4df44925068c9e9c8201fdf9c4ffc9b9dd481

SHA512
143b1eb9d171c5722cddadfeaf2ff08b1a1a92ce27e49534a49f1e53451d4ae1beeba5785cee5be0714013d58c569dbbebf98bd962d58fc7a72965f442bcb73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586e65.TMP

Filesize
698B

MD5
5bbd6294aea7f485a6463f62e994cf7b

SHA1
4c5ba4b41a05fa93a53393235596b07350dd5e9a

SHA256
f1fea35b3d9efdffe512df46f54eb9691fdf3f36de8c832900529fe2556410d3

SHA512
95e970b87bcea21b0f437f1160934bfb2c9eb613ced2d2601dedcff8f6acfb9a86c65cc41d80073491225ae889df492f2ceab85c04b2dcab2b896e1d908a17cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95106125ab95646f5bf6e82cdd8e18c7

SHA1
2f2062a3e9500a6b9e7fdde605a104e78b76b622

SHA256
8b410d522f111925ff1c54fc356bf41d5d24dd2b66319e9ae54ac644289fa9a9

SHA512
8036369e0338af804ba0e0778e48f689183f06a2d4228a21d70eb0ccf143e8c8f230b602316c7334e1ce93349232f96ecc4df9ddb5f46af59284c3c03fff068f

Download Submit