hxxps://www[.]youtube[.]com/watch?v=2WjO6jVX6LU

Analysis

max time kernel
597s
max time network
603s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=2WjO6jVX6LU

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2200714112-3788720386-2559682836-1000\{D7F9E0E5-27EE-44E2-A2CE-17CD70722A76}	svchost.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
2608	msedge.exe
2608	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
5416	msedge.exe
5416	msedge.exe
5416	msedge.exe
5416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	400	AUDIODG.EXE
Token: SeManageVolumePrivilege	952	svchost.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 1428	2608	msedge.exe	86
PID 2608 wrote to memory of 1428	2608	msedge.exe	86
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 3012	2608	msedge.exe	88
PID 2608 wrote to memory of 964	2608	msedge.exe	89
PID 2608 wrote to memory of 964	2608	msedge.exe	89
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90
PID 2608 wrote to memory of 3544	2608	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2WjO6jVX6LU
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ff9c58246f8,0x7ff9c5824708,0x7ff9c5824718
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18445522978409088181,11938247075054280480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6684 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x3c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault09df969bhf0f0h4bd8hb7c0h9a645df5a3ee
1⤵
PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9c58246f8,0x7ff9c5824708,0x7ff9c5824718
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9535094236030082088,14140319908335943716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9535094236030082088,14140319908335943716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:5632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17e38ef3ec09d0fed52203593574ec81

SHA1
38eee82b065344f8081052b0f41e93a82228dfda

SHA256
b26f836821bdd3162da6effc04dab2c00e35402fe0d47064296c31555214c1de

SHA512
b3d71d09dd2a5b8bf3198e3d23489ea82439b82360dbc308a27e8e7a89b47e1bbd3d897eb6b24323796ae52d61e26a44d81b416c25ca8454f484721b93fae665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
4c47f67b4f8335e3dc3a778fa84a3637

SHA1
4e2aedf7cd05fa7e9bb469b02e9e9c9e5ee25e81

SHA256
c2fd94c17833abc2adb5f9e6095e08ca8aa14af9821d1fe754327f7aa73cb9b6

SHA512
119175e24a55fa84ea58cc72e7dff7952f1281d1d6890236b9e37e508005e6ae931907ac86bb07d6b5b5d8b737f5657fc7eca3c76a9217ff76972dc31f957349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
33KB

MD5
63f8ce93cd5b30f76b0a6cd029b7d354

SHA1
3ff83134ad10ff1e5c8da09db619a0274e5e8546

SHA256
35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab

SHA512
7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
9eb7de8c0fa7f23e016eab8f94b70c84

SHA1
d1204205d4b1f0e86186dfb05cfc312c1815a65d

SHA256
40d9bc5bcbe614270988e8e6d180f20504ed458a7f4938dff60173fd5a851103

SHA512
32d4842e1fc1f2ccd81f369ee7a19c1c8c8f15c1d6ddef777a50c7d7bc93d4e2b5dd387925c579dcfca4f8f6ae6ef736676033a12306c978fa42151bdb137e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
113KB

MD5
edc029775ffea878d8fd4c39740eeb6c

SHA1
6e8106159dba041d558a39b17d529bc898b38da7

SHA256
d11cb1b1a8c1d6e1d0444db31af2668855a1a6a4ece44aef06429442dd47473a

SHA512
59ac1292810b08eac2708e143fad9144fe394841922832a41c6cac1f7ad6cef66aab8fabd3efbb6db47fc89d2d0e6386e468b1786c1b72793f5773aa4092ef7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
120KB

MD5
b2edf5525daaa9d5c8bf0d120588a90b

SHA1
3430b507c04f372b2387d1e073c0681e40bfa174

SHA256
8e12a7281801d53231838bcb761758e6db8b9bee31653364627b16840a49e321

SHA512
27fd657ade9c0ef507bec8cbb55eef2a27717be0d662b6e7f97cffc8f9ba01b439a0cef5981e32a7b60838ddb46de9e073d650dd4321b6d82d396afecf27366c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
31KB

MD5
a6c1fb2c758e62a4c35a4d73d127deab

SHA1
c343ceab5496ebd3228cf500e0ef34cbbea4fd35

SHA256
9a69dbd0720ff0f312939dec8fbdcab3fa50e7ecd123c381eba8a4c0b1d07eb2

SHA512
203a4ad06eb947caa9883bda8e2d829a940354010a008f18a98effdbf9e282a7fe29009212f3c777c0608c57730196aff896bace222932ef43f258c361ad6d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
f41e2dc6c918ae0076533d034561a87b

SHA1
7e6e44c7f02fbeb4df53d8bb757faa0a2d064e47

SHA256
2b6baa5157496aa98422f765a7b9dd5f530d8dc379a60d7a215eb8a780e95a7f

SHA512
0dae6e8c9236d3a59288e5f73e1196f0d7d58ad676214022de220e991a0a9197f2abd5b3a11be51f0b721be50797a1dc722cf88f5ef7809c8bdef7146d81c003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
624B

MD5
863875c50c6e54748d963b1aad26858d

SHA1
64932069d88c5561e9fcfe610db3df53d3c7dacd

SHA256
a369978f3d7a7d2447542a13fea5336d87dbc27506b5b8be01a8487e84d379e0

SHA512
12f757d87abc5c19d3fa0e02b0fb8d18a489760b17f34f7a012ffcca41add057d29bd71eaac80edde8734cc4c451c679e3c991bc58008b17dbfff09c715e4635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
682435003ba2fa8519544d05c960b907

SHA1
739396374e234958a0619b9ec105a93a4130f664

SHA256
9f241a881f01e3bb5a323ad58db0eb916a2cfea4e46a0557780c5a4cbfb9b9cb

SHA512
3aec4c6233fd5b3e98ff269e79c14208b051c96a46f1a17d7e99d501a1fddad24bf313959b87c1610f62137ddd51112c1f577968e5a80d279e0de9fb7029e244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
4f76ef6a21733757f07b851b80294eff

SHA1
8be21861b4c3e4f6bfc44bbee97ea79a7c4bb11f

SHA256
ed61d637a7ca29f1710623f037a0e0229530c7ca3bb21744a5141bea9c596ce3

SHA512
f3c1adfde8b545efb301af54e6a4f57a16e96fc2da822662aa61440647917a52126aba35d24145126701fe82ee89a540fce7ec2c6d82a986443b3ba8e3d4dcfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
da8fabc5aacd023033fd3f28a5316c56

SHA1
f8c6354c7eb11b3299dfff5c71ad930bc05f0258

SHA256
bfb69e6bae1517f7fc650e58fa5fd1b65fb2867bb1e252b01ec24ea1e25a53c7

SHA512
0b9983bdeefb6272dacfcd492cdbc13c10461fb9457e931a67e539dbef887db8e8fc2b62f94c3a123fd25a7a1f97f811b81ba51c0a70496f873d9a733d9fdb9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
ec1e6e21b6ca8dfb0d9f552f18ff0cd2

SHA1
54b3fc528c7bca881013e0b8823afa377c432cd9

SHA256
cbc93e8ed33b0992353529e8f97f95c0691c640acc0349362512dac63db157b1

SHA512
fa1fa442f3d70f620835b1fd12861edfc8785bb306b9ac55976fc57df5ddc44ac094b429916d3295108decb43349ff0c8be09244deaa72ffee5283921c211201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
db8bd5584c6155523daf68eaac4193a2

SHA1
9e353fe5e22aaadfd1c549cdb67d58a1f7ba7694

SHA256
0d3d30dfb0c36135308a82b1b91bd43a25d773082e5c7a7ff40c703d775a0115

SHA512
0795f6e9736176fda56bc3cd551b4eb926e2dbfee323b57e5065897d753620651175c2aeb1fdcd78eac0ac2eb183d6379792c7e9b72a805de153dcccc904d04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
79c092fa34bdedbba7f1913f0fdffa6c

SHA1
50e3d733bde7907c24340a5a22b9481f81683cbe

SHA256
de3d2d758daab8e6d1d1637ff8197b09cb2f23a28e831b38e2d1b97e5f05480e

SHA512
0ccdeaa45f2b2428052904bff14a6252b7a01145dbccf548e281c5d07fde01d4317602ec63e96fef48908392bb7150303c87fb210a6d515a63def7b0f75d8902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a246c275df218ba8b612f8f594fa9644

SHA1
16bd8415223d534d1f7f440a6f3da544faca9fbd

SHA256
67671ca59f123083a424c69dad2f19284f09725aaea6b44f0c0a6113e2d44516

SHA512
277cf9c9666d65b12a73afd650504093e3bbd9e0658c0c55c798b112301b34f26ca2d3673a5d48f164e8b1c5fb7be42bbf522327b7a53834d9e9b91044154c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d05f51655fc3cd5ecfe16969b2c3aacd

SHA1
4de8c65e215459befdbd04c9ffb28691a558e53d

SHA256
4511e1e69da67336c533d7743e0e2b8708de6462f508ce2aa983f4c57a624300

SHA512
17a4f25bde147ffb00879257bc1bfc343787a571b022dbfa21ee9d4855760297ecb06e2d2aec7dc8b518304116b30804fbea4d81645cd4892fb171e5b50602ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
424c89eb1c6339d025ebe850e6e18904

SHA1
533faf900825fc1fe7451eaf653aadcc8bc646ad

SHA256
881604ce42c1b32cd8b36f60778332d1797992da000ed22916fe5633f5021f4a

SHA512
27e165735ddf5e9107de3a0b6ca09d5acae0fa6726e587fc8d21101ffd2f760cf9b7f4ae7a1e72f57b328411abd39a559091aa87f3eb6116b919d100fd95dd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f374d6a3d3bfe4ca88ddb40e27b8470c

SHA1
ea691fc62d5edf05a9f08124ab8306fca8f0cbce

SHA256
dd4681e4a4ce16efeeb14fc1240dde1c8ec92accd6c57ef04336378616d9506f

SHA512
7d2439b9eac08bd87acd940bb0d62c0adc6db957266287368b85d0cdb126f2496db5bb2ed888907b7aaee125eac8049d89f35230e010c8f7821986475ff84426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8786a2e9f22220c0721dce589f12b7ea

SHA1
ec7e7192599874c30336ad4c47391515718b61e1

SHA256
4816fd3b781dfb003ab187605da9daee6a3b2e12d8d61e3977659415ab37578f

SHA512
70e96759eef9d00d96d4a9d11229a8ec4906179c4547f5e177e107c3cc558560811bf96a37a63d4e30ffa04dcab28f43e63d3f7109796be44c186d725715f1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e9ae1a83268f81895a6c5f09e1323b1

SHA1
387ab14cfbf540c06f169ebfb937bd11f73e6910

SHA256
d714e55865e03627bab9c0de8e01bda341cc11616ec1b1ef59a480938c7cf742

SHA512
f138a6e9e053eda95cb58f62fa1ac8a941e60b141b7a9339d86feccd5ca39342b46011285ccbad772abebd6d0958e0002fdf6c2bb50ee97ca0a716754fd1f55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f04aba15f627db9b6ad369345d698c5

SHA1
7e61db011c5d0bc8f4d85054fbde501dcc05f39a

SHA256
65364d109fbbf772cd5271724023c8b4c94169be192fb7ef21ae4ba855a71248

SHA512
ce82df40fca8328b0068adc1a3042c874efd1e5396349f028331160032d5ebb1a447126c3116a92c1439faade5be5d351f338e7d6d7a2f46a59fc152cbb3e2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49a45693-b295-4cb1-bf47-110334dbeebf\index-dir\the-real-index

Filesize
624B

MD5
df0687cdb241a684a2f7a5499c3fdd9d

SHA1
dfd7b1c813d76de67c511ad17427aa32a7606693

SHA256
9f4cc87b50bbd6131502b08db0cfb2fc1d2a1506c75c9162c3fc9dc243680ae6

SHA512
9dfe7cc6914bb5c5d9af1215709b417d76b9f5918af71d598104df28f7c6a4c3955364b66a205c8fc97bbfbfe3aae34de4e0aef0b22b341c8545e4bef30faa25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\49a45693-b295-4cb1-bf47-110334dbeebf\index-dir\the-real-index~RFe582ecb.TMP

Filesize
48B

MD5
78d774610c3c8e1dda8fa78b991c78fc

SHA1
a711c19473f5de5c631128e5fe86670ba0c06398

SHA256
3fd04b8311fcfeab32b84807acbd14e84464872f77fa4a6ba61f659680574d80

SHA512
9c85a3cb3c54dc413ab2cc3453f80420f80294edc2c61d8310ddd7fa1ebec129764de5f6b2de7d6ffb7c2405cb313f6ed73402b33fdc1cfba6ee3b01ff81c99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\870f0164-3509-45f4-82bd-b47165d986de\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c617e59b-d708-4f21-b195-e56cb0eb2898\index-dir\the-real-index

Filesize
2KB

MD5
a4b006f64da39ceb523735f251d65390

SHA1
1fb33045a95e32102abf9d51d3a7a38525402aea

SHA256
02b232c4a9405616926d48d86ad5ef121dd98fa4df4737953dec679a57bb53ed

SHA512
b44515494f6c8c56e4661b832fd33eb5861d2a59c0acbcf47795e4335c4f2f95db1f26de6c7fe5a316cfb87c1003d8f7ca9877e2c0cb6f34351d1bd68f4496bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c617e59b-d708-4f21-b195-e56cb0eb2898\index-dir\the-real-index

Filesize
2KB

MD5
a480d51b8309ab01454a1960e348204a

SHA1
8c2c859dcf77274521b0d014c28b2172fe502998

SHA256
2026846207b7709c2bf0a5a63fc111bf5f4c2a9d54b081abf38f1ee929706c3a

SHA512
b16a374d1ea0b936ae068ef1ac1ae1dfd3590aa474c21f9a3a20cdff385e224339eaba9ee3b97f6068a65635ff651a1f3f86d5d3fcb33fb9d342bfb07a4f9a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c617e59b-d708-4f21-b195-e56cb0eb2898\index-dir\the-real-index~RFe57b342.TMP

Filesize
48B

MD5
db3cab9102e47110f27c7acec6f412fc

SHA1
9c4682fb0438acc41970085e5097a505a0541a14

SHA256
1995a4cedc9b2c20dadf4b47026d0bb0cff1478f0b229642993f66ae6a2faccb

SHA512
4a2c11c5fb14d5caf7782681ae146c5bd338731c799c11ea2f7d8a889fac277750601a55dc58067f2a7d057b940ad94bfc603becefc844e4a8c6d71db9b6d8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
fd132cf5e1dbf381043c045b0f1e8f91

SHA1
6ce697039654313131f19f138b502ca49debfda9

SHA256
28f8891443c3d8569d6c0c7bb952b81da53477dc19fb159fbeae26c5b947e974

SHA512
256de9587db4296653f4049a7a3b637c286fdafc4e6775f258af59ad70feb28dcd40c38015655f4a8f3393fe866d10f0dbd2e385e23e6e767dd57e56e26096d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
18256badca461c2b558e246fbb840cd1

SHA1
cff90c4f043686691bedee39b3d1abc7cc7c4fb7

SHA256
acfd9be5d30678f5efc2712769a5b360adc911ca53a264ee4d43dd2af4fec356

SHA512
7af819336552455d63df280a7ac0b3b497842737d52e81b9ee58781d330cf187f39a647c4fe29cb990e5c3c55f21461920ef8a7e7d08a25428c9a125277532cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
b7614e737411b81055ca59d52731fbbd

SHA1
9770c4e35a8590f0ae7ca11567c065e8062d17a7

SHA256
3fe23d469e51e9da33b546e64fc64d5110bf815e72e9dc072f84d9389da8d4b7

SHA512
1fe5cf1056c837371fa5af284c90c623c6d09bd60cf5c284622a2ab801be8fd2ae8005bad0caad7859740bc60a3f50e9d57b27a9e62770d5bcc7babc06f3c359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
c5c8ffc1a14facf8f55aacb3a93dd104

SHA1
65a7bf59fa38d1ef1c8148e071b1f66a541a8346

SHA256
6698b0008b84c12e90780d519d7bc051fa12294277f85bb671206f1e27fbab80

SHA512
8914776397f0e2977f70b431e7b6da79662f84e3b457063c55f24beb0e2e156dc6840e1bba07436c5f0238ae9a187e16bfb62175942c1a65bc89407571d0bc5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a61b32e8ba018eb165b659dfbdf4b8ab

SHA1
d98ab31b61557c86d28fcc00f14f9e30ad3fde82

SHA256
f8fafbbe507563c3fabbc3fbe4d8fb8dbb75cb81de28a6199a886b5011640e93

SHA512
55e81fe02c6552d93be33a192482b13ac8c18ee37be14559080778d554f3852cc0d6c7967a1b64db06a15ce8ba7b015710b6c4c32287d2cf95d458f3a4eda0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
cab09e38961ed173cb2317f54f91c296

SHA1
39a40406a45f3477a46ceadf942ec611081f6ca0

SHA256
5ff0c2caf082d1145e84b560a53211443e21aaa6d351f98fa5132f1771ffa153

SHA512
c9f38b80a99dd0d5fc3b9715b0e40bbc3635ba711efc14c55e5fba709d7124d932c3a969b9f09a57da181e5b783c3b8dbfacd556a68aaf8cb2f79f5fc196bed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
6c90753f90cfcf841a56b09bcb69de84

SHA1
457ef02be5cef4679e4858fbf4c7eb91f3c9c2c3

SHA256
30891c365e0cf8e640b66cc93182ae890f3b1125691c19409972e65777de5e92

SHA512
873b0abb7846084702017d52536d2ce271432befe17cad4bd29d26f934e2d4328176bbaac52ca3c76423734a4b427c2098bacd6877f03758289759fafa87137a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
57f9a56b250d846717fb73b814cc4971

SHA1
09ccfeba698e290df938d9ce6585934aacf7b979

SHA256
aff4d1f46cb8d48fdd40532cff997031f39cea1fb51b526507986648f2d1dda7

SHA512
c53d22baa67fa29f877c3923b786f6e8c3ff5a8a0b990040d485c2628b21a2f0550e1238c3e23ee727efc51eb8340de42952e8a5b29dec771e2dab475dd1ba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58126a.TMP

Filesize
48B

MD5
34b7be4c76a0410b9386e8751137c252

SHA1
8255996184baa2ca26a4f5d395a3eea0bab60f1f

SHA256
e31c91e86d2538dc0f43efb2462bd69daa26ccea4e922fed4c562052623b4ec2

SHA512
94f531ffd072398a30f6929958cce7987883744cedc2c2e8b74aeea39d42c83009da28f8bc1567c6709b3a0dd7a0fe07e764a5718b6255287c29297c13948080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
8b81a30addf8fe5061bb44224bed36bc

SHA1
1663daa0809533a6c9e83ed83e7127e6ce823963

SHA256
07b905cd1ed68fd391ca941d34ebcf9ba19d7e0b739c232993c6f1219c1a3aab

SHA512
f31058bd6e7dc31f4fb3054b6830fff2341f32cd54713abe59cc910ff2ca0a11b250d17e99cec0a30f55a635e3f3d521ecbbb4d45e705e2deb224547bbbaae2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1145a79ebeb383512971a249a02a0545

SHA1
9dd72176fc1137e69ed3bb32790e55e4cfa70459

SHA256
7738145da73afc564dfb04c19c391a99d138b77e59729645a5a29cb8fb62f660

SHA512
2f15b88f6e4ab49eb0ba7567092739fd91877858a43d5231c873df47984b9da742c12d6c2a95d0d1b42c5ba2f019013e5634b37697b9f3f11b175dea40b51e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e167.TMP

Filesize
706B

MD5
c5f7ba1a302fde16b916345e8fabed80

SHA1
9a005dd6ddd3daa893a430f649f491f1a3459c1b

SHA256
57688ecd515ecd135f212a7a5c837b41041b7342cee9487711aad56c94894f9a

SHA512
4f508b7b0bb379d3c21049706081b554228b44d87ca00ce9a11b522ffa7a174f5ccd89fa0a61e39725b80419bab5918538726012e9336604411b713527526081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1abdea65b0a7589c18a09d52218b82fc

SHA1
cf10272c28826d9273810acd79c69e50de89f640

SHA256
a549858fe56bc2baded4eda524b6343fa07039f7771a66c52f96211f0fb3a337

SHA512
498e5e38d487398e50a5dba6f487d0de4aa026126e7ebd8eb2c290a41a4a1fb8a1b065361cff75d38ffa8c4b1feacacd8f2e0b3a2b5c7d06c35d0738df051618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
34c4ebda274848a57a329047dc50f367

SHA1
ed8545395c73f5066e8b9437e0db9ee4ff98f154

SHA256
26fca1c8c265c6dfe1b33fa0415b7f377a497ce5ac98a415d654c56425d980ad

SHA512
f9de81eb2e3a5dde8555ac9d7b579a7f43a21a6c059614f73d8b2154880221244afbbd293696b691dd11d4f3f80b390b2f3f6855d086089be9efe65e3f558e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
854f00038e897192ea8151ca08609040

SHA1
076ce53e86cb21f8558283ef7acfe3b849b2f61a

SHA256
1d6e27d4d7378e459cf815c4b9533cf3ce283e0ad5f815fcc77ce2867b55393f

SHA512
a4a64311f2cd7cbfdc69c8ecfab5b535f1d0d2ad19f78bd8427d85df1311323328de57dcd5c6e6f9413d8e5cc1bd9f1df53fac27cc3207ca117e6625d8dd3080

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/952-700-0x0000020F7C460000-0x0000020F7C461000-memory.dmp

Filesize
4KB

Download
memory/952-699-0x0000020F7C460000-0x0000020F7C461000-memory.dmp

Filesize
4KB

Download
memory/952-697-0x0000020F7C430000-0x0000020F7C431000-memory.dmp

Filesize
4KB

Download
memory/952-680-0x0000020F74140000-0x0000020F74150000-memory.dmp

Filesize
64KB

Download
memory/952-664-0x0000020F74040000-0x0000020F74050000-memory.dmp

Filesize
64KB

Download
memory/952-701-0x0000020F7C570000-0x0000020F7C571000-memory.dmp

Filesize
4KB

Download