Analysis Overview
Threat Level: Likely malicious
The file http:// was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Enumerates physical storage devices
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 09:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 09:42
Reported
2024-02-23 10:00
Platform
win11-20240221-en
Max time kernel
855s
Max time network
813s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IconDance.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{885D9A01-FF0E-4F66-A6AB-FF49006426FF} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 788772.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 940220.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\IconDance.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8
C:\Users\Admin\Downloads\IconDance.exe
"C:\Users\Admin\Downloads\IconDance.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantStop.mpg"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.194:443 | www.bing.com | tcp |
| GB | 92.123.128.183:443 | r.bing.com | tcp |
| GB | 92.123.128.183:443 | r.bing.com | tcp |
| GB | 92.123.128.136:443 | th.bing.com | tcp |
| GB | 92.123.128.136:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| GB | 184.25.204.49:443 | tcp | |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| US | 13.89.178.27:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 184.25.204.49:443 | tcp | |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.166:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 66.133.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myaccount.microsoft.com | udp |
| IE | 20.190.159.67:443 | myaccount.microsoft.com | tcp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.159.190.20.in-addr.arpa | udp |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| GB | 184.25.204.49:443 | tcp | |
| US | 13.89.178.27:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | ow1.res.office365.com | udp |
| GB | 92.123.26.66:443 | ow1.res.office365.com | tcp |
| US | 8.8.8.8:53 | arm-ring.msedge.net | udp |
| US | 4.150.240.254:443 | arm-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | arc-ring.msedge.net | udp |
| US | 172.202.64.254:443 | arc-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | 66.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.240.150.4.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 254.64.202.172.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| US | 13.89.178.27:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | a-ring-fallback.msedge.net | udp |
| US | 131.253.33.254:443 | a-ring-fallback.msedge.net | tcp |
| US | 8.8.8.8:53 | 254.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.33.253.131.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0e10a8550dceecf34b33a98b85d5fa0b |
| SHA1 | 357ed761cbff74e7f3f75cd15074b4f7f3bcdce0 |
| SHA256 | 5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61 |
| SHA512 | fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a |
\??\pipe\LOCAL\crashpad_3924_VHEBMHCNJYXATVQR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3b1e59e67b947d63336fe9c8a1a5cebc |
| SHA1 | 5dc7146555c05d8eb1c9680b1b5c98537dd19b91 |
| SHA256 | 7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263 |
| SHA512 | 2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 85e3e17c70d5feb208e3b2cdfc510a6d |
| SHA1 | 8ceef55758d6414da3327beaee86f4bc90155346 |
| SHA256 | 13c1cdc15cae0cc55f31642cd0ff6e49f2cb1b7edce5182a321e2bb7a1de2754 |
| SHA512 | 63ad117a82b23faa87a05efe6cce46ee73d0a1516bc8dca9b747d17ccff23ff508538d2aebd1cf887ef6daeebd667aa07f1c53d886b823efebe699c94a8171e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c69522827d8913d3fc84b88887faef6 |
| SHA1 | 803789004fac51d880e0b45ea3dfd50801782924 |
| SHA256 | 04970cd41e39cd6fc6523e7486cd64e692dc0b6c5683ed5865e1153e0c3ccae2 |
| SHA512 | dbe45be10b4db027a3744522b749c79a1e423af543ec53b6b5202c990e10b4799dd4c7a482859291a48ab8e15f029dabab8a07d0588fc502c27ac49bf7eff193 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b79abe9-5d12-4fe2-be94-febf116a2a34.tmp
| MD5 | 9c7640451beec795965d9f5306459304 |
| SHA1 | 7b394affd3eadb72cf8551c1c1616de496271745 |
| SHA256 | f30d512c0944de2835e88c4900213988248c06a56e83a25e3f897f478f93a2ae |
| SHA512 | a49f47e4acc9769ffe5ea5accdce24ede198c9721452960035414bfda56857e5ebbf1cad3546d82d0865625bc6f7e1a6f333fb9d4404555810103e0a2411fe49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 268413a6d3ad87bac5e5619479114168 |
| SHA1 | dc2189739e3bc9a4034ccb2a90057321ca5fb3da |
| SHA256 | 9c6b5da4e8641dab3fd1b8586a6ac2126c5bb051832639b2a45fc51bcadd8826 |
| SHA512 | 375fa6d4b36ec719e5ae60aa1adb9eab4afbd0fbcc896c39de164d4f9819e77413c3e8a1abb46ccd2b0ca5c9648d67de1cefa886f68d5e031f9ad3ee76a600b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 47c64c6a4d85e10963c42f0c96cfd276 |
| SHA1 | 07f29f21240dd8f296be1f78b35811a520245ecc |
| SHA256 | 2c304c1d7ad9ab0c8bf40e495eb9631b52528d8252da958e7c89e07cd018f31c |
| SHA512 | 073694f76495e2dbc33a030a4ffc4b099109cc7a393512350f441670ab911e4b3361d324ce04b32a060d0c4c0dbcf46bddd3d3ca348e133443b98fab3cf5c6eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cd866.TMP
| MD5 | cd50f7ddd80fe366841ab24e5dfd5428 |
| SHA1 | ed8b59554234c0b1d2ccb000206db416bcf647dd |
| SHA256 | caf01f6f0b98e43d10af8e7069537b9486d4d75f34f950aeb48cb624deb8eaea |
| SHA512 | c44afea919ebb814dc752fcf20d0e9b9d1c76691411fcf14f3f957c157c59efec5e0dd49435e56b79dd3ff3be78bda477d7cedab9eb19254ca5a7e7c4d7d9503 |
C:\Users\Admin\Downloads\Unconfirmed 788772.crdownload
| MD5 | 13f4b868603cf0dd6c32702d1bd858c9 |
| SHA1 | a595ab75e134f5616679be5f11deefdfaae1de15 |
| SHA256 | cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7 |
| SHA512 | e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1d518b4473325bf5f34a832c76d3a066 |
| SHA1 | 424a5dee6800d4161b09c0643cd4064a79863488 |
| SHA256 | c03e9db258f44c4874165d27b3d4d674a7960fc8034391a1bdfc226fdc19ca5e |
| SHA512 | 1ead2ec85fbd360628dd1c64fbab462ceceeb2607351addef499051fabb4696d4f29e10a497dbfbb5f48cff2c12f066b0c60d370b60eda25aad14a28af05b73d |
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1cc2530db496d972cc896acb38d37e7f |
| SHA1 | ce7af611e572ada1246ffec2947dacae8e9b405b |
| SHA256 | 9a5df9edb63dd29433bf3cc23a0258783f3878856eb21d8c59df218b7498f162 |
| SHA512 | 0ebc93f85554b53b9a4f5672d7195b06fd5a75835891e8f1bd635a90b13f9366c10578c20f0d31b6567dd44024934ee5266d7010a659641f0e6eb0e8734e0fed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ae4fdf3158b48ea9bb8600193638c43 |
| SHA1 | d656d23b8ce311b430092a7d7fd1809c18f716a3 |
| SHA256 | 8a9dfc8a48fbb0bdf9aad545db55419992addf1868831568432a0774056587d6 |
| SHA512 | 1aedad053bb1bb6cd3cefe4568b6461c857736afa19ce43e08c617e4284bbc61139d4fc5252c51e06e9f458ff4008ae83e24eda36c0fc670f7dd72f3137e4bfd |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/992-538-0x0000000000400000-0x000000000043C000-memory.dmp
memory/3804-539-0x0000022D578D0000-0x0000022D578FE000-memory.dmp
memory/3804-540-0x00007FFD4D1B0000-0x00007FFD4DC72000-memory.dmp
memory/3804-541-0x0000022D57DB0000-0x0000022D57DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1167c7bd170c13fab49b6c8216d139d2 |
| SHA1 | 6ae2b7974eac975dadd5fa703fe3310b4886f4ac |
| SHA256 | 5c20bde62f722f57026ba8d9ec3e8a0a3c83106096649a414b6de3b08fe95154 |
| SHA512 | 84d2660e65ce867ee6a9ce023073b006a30404732ef275e70251f9e0acc6bff7e53321f33ab00d34f50712bf10a792d308cbd06ede22b053e6408772e57e5d63 |
memory/3804-563-0x00007FFD4D1B0000-0x00007FFD4DC72000-memory.dmp
memory/3804-573-0x0000022D57DB0000-0x0000022D57DC0000-memory.dmp
memory/3804-574-0x0000022D57DB0000-0x0000022D57DC0000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 940220.crdownload
| MD5 | 7ad8c84dea7bd1e9cbb888734db28961 |
| SHA1 | 58e047c7abecdd31d4e3c937b0ee89c98ab06c6a |
| SHA256 | a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095 |
| SHA512 | d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6db387faea27bc80d276bc9dbfe598d |
| SHA1 | d79eb4cdfa2de05233aedef30778973cbe5e369f |
| SHA256 | e2fedd81de9ded7c45ebd2b3b8d7f056987570fc0cf085ec90a91b5bf5e00a31 |
| SHA512 | a81b1644cd8997ad8dc1c22ae486ab68c5ed4c29f593869ad18caecd69d17826f516f5dc4f109d95384c2de79152054d385d1f60244747ac5d968386c2515c6a |
memory/3472-619-0x0000000002290000-0x0000000002291000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 660e35ee19db277e865d99e840ae7eab |
| SHA1 | 59daac1db5f0a79eaa6309b18b572f05c3ff2b68 |
| SHA256 | 5307979ac1b183f0e864e20021202e6ba443ea621c11882da5c70ff426ab49c3 |
| SHA512 | 4efc682712c41b160afbec8185e807a6dd1437fde112ce8320bc3224114a0fdb80544f34a99b1e0a6d049992cd65be3c761390649c9076ac278678fd8666d1d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2cfc11e9f49ed8128331918a9465ed36 |
| SHA1 | d586611406f2b0596e11ab8b936d523a5fcc486e |
| SHA256 | 3f39e890476f02b8ff87c82f485292352afd3cd7ed78e78401bdeff44b092654 |
| SHA512 | 70b381064dd8359800074a3017fa84607df3c06e9f0aae658f950c3b2ef3bdfda4221c071ac17f7a29829f7965f7b5101e06809a3ccd0086f23f2f2f90c200a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b6d58b6a522a3fbc84dc93c9f0526544 |
| SHA1 | 559025111331df970a9fd1821f543a1efca898f6 |
| SHA256 | 3526358e93935ffeb0137b8e175dbfcadfa6712a113616cdea8d5821e547e388 |
| SHA512 | a02f0d7a8e9cdc63c614bcacb031fec783da25b1cebb5801139b81818185e9ea79de3c2bb0a28bb65ee84ccfd64f1c01c2362e9f755451a05c0f81265ae9a8a4 |
memory/3472-647-0x0000000000400000-0x0000000000450000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 43ddaf6311637a5a8ccc93ee415c65b4 |
| SHA1 | 48ced2e93dd4be6a6cb6d84503262347c7c57401 |
| SHA256 | 8bfa5719d60ea53cc748978e743e9ed59de12b1c0ff97d0ffd4daebf96745ac0 |
| SHA512 | d26552824ea4e3c5315a8dbe159182a65171c234ad1fff3b5ca2fbecae1c86fed5347f4c5cda64ecf1978fa777e3d6255a734861bd2e44d8e5fccaacf9d8b3a4 |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
| MD5 | 1bb4dd43a8aebc8f3b53acd05e31d5b5 |
| SHA1 | 54cd1a4a505b301df636903b2293d995d560887e |
| SHA256 | a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02 |
| SHA512 | 94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce |
memory/1328-672-0x00007FFD55740000-0x00007FFD55774000-memory.dmp
memory/1328-671-0x00007FF77C320000-0x00007FF77C418000-memory.dmp
memory/1328-673-0x00007FFD483F0000-0x00007FFD486A4000-memory.dmp
memory/3656-674-0x0000000000800000-0x0000000000874000-memory.dmp
memory/1328-675-0x00007FFD61380000-0x00007FFD61398000-memory.dmp
memory/1328-676-0x00007FFD60D90000-0x00007FFD60DA7000-memory.dmp
memory/3656-678-0x00000000058F0000-0x0000000005E96000-memory.dmp
memory/1328-681-0x00007FFD60360000-0x00007FFD60371000-memory.dmp
memory/3656-680-0x0000000005340000-0x00000000053D2000-memory.dmp
memory/1328-682-0x00007FFD5FF10000-0x00007FFD5FF2D000-memory.dmp
memory/1328-679-0x00007FFD603D0000-0x00007FFD603E7000-memory.dmp
memory/1328-683-0x00007FFD5F9B0000-0x00007FFD5F9C1000-memory.dmp
memory/1328-677-0x00007FFD60910000-0x00007FFD60921000-memory.dmp
memory/1328-684-0x00007FFD47140000-0x00007FFD47340000-memory.dmp
memory/3656-686-0x0000000005320000-0x000000000532A000-memory.dmp
memory/1328-687-0x00007FFD50240000-0x00007FFD5027F000-memory.dmp
memory/1328-688-0x00007FFD5E360000-0x00007FFD5E381000-memory.dmp
memory/1328-689-0x00007FFD5DB00000-0x00007FFD5DB18000-memory.dmp
memory/1328-690-0x00007FFD5D790000-0x00007FFD5D7A1000-memory.dmp
memory/1328-685-0x00007FFD42E80000-0x00007FFD43F2B000-memory.dmp
memory/1328-691-0x00007FFD5CAB0000-0x00007FFD5CAC1000-memory.dmp
memory/1328-692-0x00007FFD5C7F0000-0x00007FFD5C801000-memory.dmp
memory/1328-693-0x00007FFD5C730000-0x00007FFD5C74B000-memory.dmp
memory/1328-695-0x00007FFD48D40000-0x00007FFD48D58000-memory.dmp
memory/1328-694-0x00007FFD555C0000-0x00007FFD555D1000-memory.dmp
memory/1328-696-0x00007FFD48D10000-0x00007FFD48D40000-memory.dmp
memory/1328-698-0x00007FFD489F0000-0x00007FFD48A5F000-memory.dmp
memory/1328-697-0x00007FFD48A60000-0x00007FFD48AC7000-memory.dmp
memory/1328-700-0x00007FFD48390000-0x00007FFD483E6000-memory.dmp
memory/1328-699-0x00007FFD48CF0000-0x00007FFD48D01000-memory.dmp
memory/1328-701-0x00007FFD48360000-0x00007FFD48388000-memory.dmp
memory/1328-703-0x00007FFD48CD0000-0x00007FFD48CE7000-memory.dmp
memory/1328-702-0x00007FFD48330000-0x00007FFD48354000-memory.dmp
memory/1328-704-0x00007FFD48300000-0x00007FFD48323000-memory.dmp
memory/1328-706-0x00007FFD482C0000-0x00007FFD482D2000-memory.dmp
memory/1328-707-0x00007FFD48290000-0x00007FFD482B1000-memory.dmp
memory/1328-705-0x00007FFD482E0000-0x00007FFD482F1000-memory.dmp
memory/1328-709-0x00007FFD48250000-0x00007FFD48262000-memory.dmp
memory/1328-708-0x00007FFD48270000-0x00007FFD48283000-memory.dmp
memory/1328-710-0x00007FFD47670000-0x00007FFD477AB000-memory.dmp
memory/1328-711-0x00007FFD48220000-0x00007FFD4824C000-memory.dmp
memory/1328-714-0x00007FFD46D80000-0x00007FFD46F32000-memory.dmp
memory/1328-715-0x00007FFD470E0000-0x00007FFD4713C000-memory.dmp
memory/1328-716-0x00007FFD47650000-0x00007FFD47661000-memory.dmp
memory/1328-717-0x00007FFD47040000-0x00007FFD470D7000-memory.dmp
memory/1328-718-0x00007FFD47020000-0x00007FFD47032000-memory.dmp
memory/1328-719-0x00007FFD46B40000-0x00007FFD46D71000-memory.dmp
memory/1328-720-0x00007FFD45E10000-0x00007FFD45F22000-memory.dmp
memory/1328-721-0x00007FFD46FE0000-0x00007FFD47015000-memory.dmp
memory/1328-722-0x00007FFD46B10000-0x00007FFD46B35000-memory.dmp
memory/1328-724-0x00007FFD45DA0000-0x00007FFD45E01000-memory.dmp
memory/1328-723-0x00007FFD46AF0000-0x00007FFD46B01000-memory.dmp
memory/1328-725-0x00007FFD46910000-0x00007FFD46921000-memory.dmp
memory/1328-726-0x00007FFD468F0000-0x00007FFD46902000-memory.dmp
memory/1328-728-0x00007FFD45CE0000-0x00007FFD45D7F000-memory.dmp
memory/1328-729-0x00007FFD45CC0000-0x00007FFD45CD1000-memory.dmp
memory/1328-727-0x00007FFD45D80000-0x00007FFD45D93000-memory.dmp
memory/1328-730-0x00007FFD45BB0000-0x00007FFD45CB2000-memory.dmp
memory/1328-731-0x00007FFD45B90000-0x00007FFD45BA1000-memory.dmp
memory/3656-754-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/3656-755-0x0000000005490000-0x00000000054A0000-memory.dmp
memory/3656-756-0x0000000005490000-0x00000000054A0000-memory.dmp
memory/3656-914-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/3656-915-0x0000000005490000-0x00000000054A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 681816b6df5e72c4cecc9f022c950c25 |
| SHA1 | e4bbc4e45e264ac2054a9dec4c9cbce140b74a1c |
| SHA256 | 4598fddadd03a4a882aefc26873f23ee207abe0810adcc4d4eacad23e2d02f21 |
| SHA512 | 947d61368199f767759df2c8b33292b6bd5e6e301f0464c98de8482626c4922dc667e6efd2ceee58e35c5caeb6a818fee1b99d207529626606e4f338e1855ed5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b32159d92e840b78a8eb63a1adad6e23 |
| SHA1 | 1ff2ec5a951d864d4a381531b1e5090958c98383 |
| SHA256 | 15256ba4057f7c88c7db850f314ec8a485ff30c36d90903f641ed5de242e9b69 |
| SHA512 | 31accb86dcd7b6e977b59bd9b2a9f67ebe77bf90d7347c1cdf9737bffd28f0bc107e386cd6ea9cf7e3a41493572c5db2e647c8f3bce619845bed14922846a360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87f81bf4-5155-4d94-9c25-2c4fd48ba023.tmp
| MD5 | 020613abd6fbad42497ea9141f8219e1 |
| SHA1 | 63c98cd8ecd0aef9502c2121c40a430efc4edd52 |
| SHA256 | 1154b4ca6109bdecc4bf7ac3929e40bcdc5fc5f5636522bdaa1c41370bef1849 |
| SHA512 | 7b4d6b8a2eb590479507971a1bbf1b276dfe156ca9c7324babf3df985ab20feab0fc957aa0465f5c3315d706affeaee6723ba2a4f2bc8905657013973ced76e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f3171a0acd1ea136cf912607270a47e2 |
| SHA1 | 535f7963bf6f82d4c9eeca2f40ee6190aeecf98b |
| SHA256 | 94c404bd4c3d0d6423099f2cf0ebcd39688230ec048633ebba84157805b37b67 |
| SHA512 | a9be720885ff9a9c8b900d83390333b846cd4c5e7df910fc3d797b8529792c7629243801b7c479ee66d50da5e658e70a4bf8c903610f893f544b106fe527606c |
memory/1336-1080-0x00007FFD4D1B0000-0x00007FFD4DC72000-memory.dmp
memory/1336-1081-0x00000243EF320000-0x00000243EF330000-memory.dmp
memory/1336-1082-0x00007FFD4D1B0000-0x00007FFD4DC72000-memory.dmp
memory/1336-1083-0x00000243EF320000-0x00000243EF330000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 82678367fa4297a26727ccc84e0b2f60 |
| SHA1 | 0c65ab90390566f7d2f5b4751b9027f6bac1d22a |
| SHA256 | fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29 |
| SHA512 | e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5 |
memory/2868-1092-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/2868-1093-0x0000000005A30000-0x0000000005A40000-memory.dmp
memory/2868-1094-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/2868-1095-0x0000000005A30000-0x0000000005A40000-memory.dmp
memory/412-1097-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/412-1098-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/412-1099-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/412-1100-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/412-1101-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/412-1102-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/1296-1104-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/1296-1105-0x0000000004DB0000-0x0000000004DC0000-memory.dmp
memory/1296-1106-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/1296-1107-0x0000000004DB0000-0x0000000004DC0000-memory.dmp
memory/1296-1108-0x0000000004DB0000-0x0000000004DC0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp
| MD5 | 28d32a16ce87d488acc7632092f7d566 |
| SHA1 | 325dd247e49113dd987531ffe7ca26c22ce08c31 |
| SHA256 | ba6d4f09117c098bd27508a14d44822f13399ebe16d5d2539ad2844157fa4907 |
| SHA512 | 8159021f9d0e28d370faddf7fa41aa9d4bdf7a1aee71779706e43c30486526a0636568d8f90c580da543f8393f546090f71f87382f99e3e0a2b227b04670af57 |
memory/844-1123-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/844-1124-0x0000000004D40000-0x0000000004D50000-memory.dmp
memory/844-1125-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/844-1126-0x0000000004D40000-0x0000000004D50000-memory.dmp
memory/4868-1129-0x0000000074620000-0x0000000074DD1000-memory.dmp
memory/4868-1130-0x00000000054C0000-0x00000000054D0000-memory.dmp