hxxps://www[.]youtube[.]com/watch?v=SJKVdJycZEI

Analysis

max time kernel
1748s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=SJKVdJycZEI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3584	msedge.exe
3584	msedge.exe
3740	msedge.exe
3740	msedge.exe
3664	identity_helper.exe
3664	identity_helper.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4468 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4468 AUDIODG.EXE

description	pid	process
Token: 33	4468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3740 wrote to memory of 1584	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1584	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2644	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3584	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3584	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 3472	3740	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=SJKVdJycZEI
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa382846f8,0x7ffa38284708,0x7ffa38284718
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
2⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
2⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4120 /prefetch:8
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
2⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
2⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
2⤵
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13589709490830475341,13097666430700241715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4468

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
f13f816f182d7e99e69e5b395e153a5e

SHA1
fbdedc3e4b156c30d51acaaa9472300e8a0b5cf1

SHA256
2506d4edcbd6b8cbc776f297c06d9fe4a199a82d4b81a70501d07d1992728338

SHA512
e1d001180331e5fa2924a99930fa21be02b2b34bc6ba49159386bff5bc6f1f8b49eadea22b3220c7258be8533cf5644b75343b951d600d853d62ffdb055f2b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f04f14740057ab216e6724141de84865

SHA1
747de14669f2b2887d79a2adaa3098534c9bf226

SHA256
84ce775ae62bfe8f285b56bb924fdb44935948fa2131e8d6e3e930ab8ce4dd2f

SHA512
a842828e8f9cae9734922684dacb88db40ed84ff376ebd02e3ceb3ce6757668af99167f110abc2ade3f27bf377f700271dc0c6a37cd7039ed94e3935e27687da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
52313a8cde9b9225b58e72de03839d73

SHA1
a200cca73142c98cbac8c6e491f3f576234ae419

SHA256
89ef34ada3b052d810447bbecea34d340a075a94f267eaf59357ab0a32dc7b87

SHA512
e1b45ee8205f21eb8709b27accee87cdbc70afb8d8e116d4368c7b30e17bb0035276953a06e34ce5b53445a738e77ab1d042d2229336548bafddecf1dd58f66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
a8943e288f17f12520fcc43f48b767fd

SHA1
7ac96f7c808abf7956b6dfa41bf3e54480279d62

SHA256
57c5d7479bae618f32b8f76d5e3c1ed07d7ba966b7fc35a78cb8aa3d9551b01e

SHA512
8247cb9f0163a0c1fe41a3f3e2f4e6e1f4004fc7f87a1c123b077cdf100e1dd849e41f165405276a37acaef75b4b209bdb8cd5f803647b5e99e1cc363fcd6f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
82be89422f9a06eee48cc0f8a050ef38

SHA1
56d458e11e2084fbf4b29b1c2cbf6bc88f6eb200

SHA256
e618c1a7009e3b7114ecb34311e9b6ab1bb1bf9e4d32f8b1de56a7b14b3324e8

SHA512
efe1385adccaa0fd66601d0da640552f6ec94b6077d96e593abd2cbe265675dd9d353acd62a670f5e2c5963b13cd44ef815f4b19e4d18880291287fb42f29fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
317511a4ab137af11b25648f4de1bdb0

SHA1
d943b0726a0654b9cd2fff07a3ba21b6b50971cf

SHA256
4fb21706436fb0534db17d1d6ce80cf986aa5c3ceb604d216c69d72f97da99e4

SHA512
e7f8d8dcc95ba17bac5a0f921105c776844b47b51d362a496ec7aa9051bc8308dd750d1612bc1bf58b5b662db6bb3cdb86ba6ced5339a0356ef157ddc357aec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f2da52e8abfd8e090513a5c97fa05103

SHA1
8322ad950270873916b54f8bfe82f56a593b8f44

SHA256
7ca2149eb9db6a845c238157d956e91ca1174400543f83671b1d92bf9728d01d

SHA512
a757e45e2f431d80a1668e3938bacb36f466c3f0b8d2265b843022a384d650628a4e1114685fc8554ba09724c6125f69344b506fd406a3e69a23b9bd4cb35000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0778a4050a2e2436af04dd074d372805

SHA1
6773569dc3c3d1bb2b0b0803d141adedfe982fce

SHA256
9923f512d4902607469248580ebfba011cfa8757b1fe8dfd8d5b60d471eb4c3a

SHA512
7406b0c694f23d11a2536621a74c66f993a56dbb2739dc7889312a305b27519d4a75bf5fe1c0a0eb4985bd58e5b214995181ba8c7a14be3688d62d2aaa59dc75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fcd044dc-ccf9-4720-bd39-e6f38ec772d6\index-dir\the-real-index
Filesize
2KB

MD5
bc387f07d6e8210953bdd6dec0a912fb

SHA1
770bbb03107c5be79ea640ade20a66d1215a2924

SHA256
2abe4423ed02f3408f4cace423b950806649d60018525907ee3bb5617be6592c

SHA512
916740f273a008256f663a4c75cdebc89ded6061b78f4501ab4ef08822ffb942506ad12b8e7ca9b327c39807cebc44086451264c4702010ec26b03a8538fafa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fcd044dc-ccf9-4720-bd39-e6f38ec772d6\index-dir\the-real-index~RFe57955a.TMP
Filesize
48B

MD5
7ec8ead834359952fca14b5dc91bcbbf

SHA1
29edf2dd43d8559d04d5e660cb1ff1e7ce81a13e

SHA256
24b26dbbef27d6677dcf8ac84d17af5f30eb98674361639ec563307074116b6e

SHA512
94642908c2ee60789a3d67b5b0099b3c1e38792a4759a2ec0a47d634283754867588bb313fd81d509f6865a4bb0d10a3ff460082d6298f6d59d73de2b87ab5f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
449ab64e22285bb9cfb2e4272c95215a

SHA1
dbc67ae6313fb59400b553c3cee0701d48db3966

SHA256
0b5d298b592dfd34478e4bd52bb565dd9e28f26e3bf4fba0f8826bf0a847f4c1

SHA512
567c3b0aba6bfba5a9f991ca1af34065f3fd797f1146079cb4ff8e7a612c493e1f3c736e8e0ce6c9b263207dabf088affb43d497135ed35e805b013fcafbda3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
c9e00b8b86b3e8a8242ba557befaf940

SHA1
8e187f34fb0b97ac12c5dc78a7dcacf908ccf11a

SHA256
1b8055f02fb6cd806daa4f8240a0c26fa9db768a5292b20c479e08e27c3a1984

SHA512
5e38ca968830da9d46ecdbb97eb64f13b9eae1d41849c50069b93add50d123bb0a023474a0fdd26a6532b3b13d47ede62fd36da5c2aad176b76fe08add1371c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
fc0b7b85a5a43072e255d56f927e9965

SHA1
c173a5fadfa0993a10bf577c213ae8f43e5ba897

SHA256
41fee64a49078682e673b78d120d82bddc7c93fc84f54a6a80faf5dedb05c074

SHA512
c3ed0d59318fa301ad0d1bad8aad1ad752277bcd78490985f58601a92b4e78bf662de063a6b5e7d864e950239d1ac48982a0930a13365914938e439011ffb40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
61a9acb1e8320d66703dd98a0d1faf7a

SHA1
317ecb234a562c8ed4a3a5f3eef6b0a55d4b6523

SHA256
f9812510e3f4f55e943ed662431b4774e477934b2173b88f5b70ef8617800127

SHA512
64dafeb3af5f4c5ec803a2a174221919732f290f93b8221400a733147810546f995d9588d51a4b915a3ce8e1f26bd353e5b280accc2a025c1e213b95f3163263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
23e2dc858aab66a823fb01d62c22a5f0

SHA1
eab7dcc0fd8871a6608ba8f040c9c0ae54ad4edb

SHA256
fc9f4bc0d23d503c08f24f01e052f7d56516ebaac611b084696b0c9d46f163ff

SHA512
fdf4542eca7a6638a00edacd6ab731a4313a4cb3878dbd18c2a6ca249696059eaf240c2e4908075ed198dc7354b9c9ccffabfc30cdcc9cb74dfb19cc5c87ee62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578b29.TMP
Filesize
48B

MD5
c3ab6738ce95affc667a07472d2e2f8f

SHA1
69e3f36ece357e98e4202191b00a4c7f31f2c9d4

SHA256
58b7d02525d69413ce964cae06101054daf38ac5c5c1a493886901b4bd2742bf

SHA512
74919576bb71926a0ae6b003ac60ea59cca2e0ed4348f0af2b3cbc9d65a10c537aed897acedff59299e4a8ca5f669bc2f3588032e60fc6c5e87eb1fb9c3941e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bbdfed144f388666278ea60864b74a23

SHA1
644dded6a793259d846fdac24774b330fe1c1599

SHA256
064d8c9d1020c0915e564ae11da3f77bd2b3f18b581dd290d2afb7a84dbfc5f8

SHA512
c2d6af6004d6aa040cbd25b7746dd7aaba30a1b6c51bbba959cfd4b29704413dec6e9aa40d3ab6afa5b019cca68345983b9793dbcb70a33f34d594094d600bca

Download Submit
\??\pipe\LOCAL\crashpad_3740_IDRAFYGCJAHOVIBJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit