hxxps://www[.]youtube[.]com/

Analysis

max time kernel
120s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
18-05-2024 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3800	msedge.exe
3800	msedge.exe
1348	msedge.exe
1348	msedge.exe
3508	msedge.exe
3508	msedge.exe
988	identity_helper.exe
988	identity_helper.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1348 msedge.exe
1348 msedge.exe
1348 msedge.exe
1348 msedge.exe
1348 msedge.exe
1348 msedge.exe
1348 msedge.exe
1348 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 2228 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2228 AUDIODG.EXE

description	pid	process
Token: 33	2228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2228	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe
1348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1348 wrote to memory of 3192	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3192	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3880	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3800	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3800	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe
PID 1348 wrote to memory of 3960	1348	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8771a3cb8,0x7ff8771a3cc8,0x7ff8771a3cd8
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
2⤵
PID:980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,8206482005700467478,3516390782235589295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
291282b9c3e03263efd539f7894f5a63

SHA1
9a16aead675575d3d1c62b118ecadddae2536afe

SHA256
297ba86c01be2b5328ff5ae75b45b82cb3edfca87c878584bb9e0bbeeacbe6c7

SHA512
2c45ffa8f26ca19b4b9e08e272fff25b741d15fb3d6d24bac425271d489062fdcb895634513dcc286f08ccbee50dbb5b913a6dd230042f4b54f944c0eff56474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
b4bf9cdec0962621a05b7cb9dcbc9156

SHA1
8900626901ff9a25f07344be82a03459756457ef

SHA256
c84f7a318a336b9b031979a94d3d2e2d10ef4a8b37e245d37040b351d782efb2

SHA512
d40fdd1fe7033ab7e942179eb92f1ec693c118b93b39f960748e0ea0cb648b3b2c6e14bde450acf7eb578ac6b0aaea9fcfbc9cd4db223f1f44e5d34b9e194214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
56897ae9a218ff3c7c166e290ccf2171

SHA1
48311d80dae656717ab9b0655f38167977c1562f

SHA256
62ec37c005bada35dea43e9c777195129c2813424c532202228634f2b9a42bd6

SHA512
4b16eb82042e68442d249e20ddad8765715c4c28f5025b40af8ea2a3de619daeb087a3d6334006b415d2b1fbfa6fcecea9cbfcbea740075d5a37fd3d2e91c4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a09a45b07bcad5253f14c399d6c2143f

SHA1
7a68ad712933c8dae3e75e3dfe6ae20e6fb22fee

SHA256
53e11384f0bbeb3eda1141da60340c5fad371b2362a282c64f18dab766ccf491

SHA512
0a70256830fe0a0ed9aa92da5d2c96201e6eeb8d14e462e223643c7a9d330429a9adf4df58f62c6a4c8d08ed9ec91fa3be8f2f6eb23b6ab7496a142cebe646df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c608dd5e-3bdb-4dad-a183-17922e6c0724\index-dir\the-real-index
Filesize
2KB

MD5
bd0b2e054be0c689b5730d9252a96d7b

SHA1
e297dacff356b0b5cd235567dff0c8f7add2c43f

SHA256
ae3e2d29defa4425474f0e592245ca079edeb6963f9d66f7efa4643050545626

SHA512
61cd3308e538ccddb5b58090392a859ed80b630e2380a67d936977be14e9be4c4eabed986f6e24c29bf93b780f4d7682b8d0d154148656c850ca660b1b6483af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c608dd5e-3bdb-4dad-a183-17922e6c0724\index-dir\the-real-index~RFe57b287.TMP
Filesize
48B

MD5
6ccb94d06b7e793246e72acac8187aa2

SHA1
b602d346953a444664dc26e640dce3f896363fb7

SHA256
6b97a22a8b4260fc1068f6aa9301be71e4ecf8d2e08927874fcead71d9ca3123

SHA512
0955aed6622fcf8f8fe1316ea0e3d11c58a398e180b4709e1c3559bfa394d92566253c77c1a5da3f7499e3f8ea791a01359127cfa6e10c0b9b77b8eff268cf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
f474b5c56ea7fedee4dab89696ad8f32

SHA1
26a741913bcac703871ef6fad77c7cc627d02a01

SHA256
7d9b8f7b51934ecda96db9ef54d6aa92b18b97cfb18a631538b77be86960b57f

SHA512
1dccc219535e8c6f0c845fb0ad60c99e6cff5e2f9188dee5c8ec0d7a5226e21848f1af4cfdd8e4b2aa5df3527381a57e2112ff08b36fd10897362e5fd5041959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
8b6ab370f268672162bd2c57ff0886f5

SHA1
ce4522acefd58596282e2a731205eefa925c736e

SHA256
196aeafed427e48f3fdcc37aeda8d645d5c80f5b3b0a4e93519dd87b3f2bae93

SHA512
c62c1012b5b378b45542ec438d8b3921b5ffb4f189b49296c6a284621ed6b168abfefa22b92e3b8c298c09d2349c719880a528298c719b4cf66ad6e81010b619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
d504cf0cfaf2841a58c5e4fa40f0603b

SHA1
ac9113411551a5144898765767bf5eecce05fd53

SHA256
fe79d3d52bbe8889efd5aef0d3f405a4744ff1ad9be13fb3452b846170b8478a

SHA512
1a222f92e4192c5582d83a7cebbccce4dcbd72ff7b59d877779216d613902cfc65b9067307fca4450f222129cfa094509d3e4221e24d18bc5c019a62186db138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
88e14f5f522c0193f5b50aad29d4d795

SHA1
02802417417d5ec71e2d1324ebb9323e163bfb28

SHA256
12c8bd8a952ceffc6354070038f86ef057639431fef120164859c6601ff8f52c

SHA512
af4dfeed2e89bddaf0d0b2c0067dce9556389afd1b0543a990e10f2524c2651510f1fb9cb89e985f9c3caefb39b0a6f1e108f3eda2b70d96cbd42280c8179eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
69f5ae9dcff78bd5180ecfe87b64f21f

SHA1
e320941793a78f12d0c89a94356192fd24813b02

SHA256
775e8f01dbe0ababfb4f6b286a07863163f3dc96400f8bf4f1470b05ad736358

SHA512
c37b7d2f47b3a48f84979f311a99ea7823c6cba1058913dc2ab012ad13f0f44b8568712a795dc3001e714c8413c5d64a2cba29fa314b9f6bb8f546137dfbdcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57acca.TMP
Filesize
48B

MD5
1bea9fbe0c3cbd60f7598aafffe72a6f

SHA1
3520631705516a34be486de68fe6559cb09eaf5b

SHA256
9d9fb3320669adb4d5ab00b04cbb152fca646d09f3f3795e6b51782988010b30

SHA512
bb23820ebd477d1771ba60a32d1abae602396951c02f35d359d9ba7adea4a505ef5d5b477877ef4c98bca26b39cfbf1f3d003cafd1ab2570edbbe86a5ae9eb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d710ad252f3f22b0406344f92828b64f

SHA1
1bb56a312065a4ff3d17fafe3220b77db25ad708

SHA256
415cc1c8ed294e4e310e4ef3d99eed73ab3c69dd839ed410a985019f960fb3c2

SHA512
dc36cd24f2013dc987494af0736c65e8cbeee41df95390b381f0b5df4cc7cd6274a3bf457b1af7a715f80f60c6427240df8182d45a15d9fba29b248cb9d4ec4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
da8deec697bd9416e24d11a409eeeab9

SHA1
c996b6eae5e9d7ceefd6f0c835939b77b5880f77

SHA256
6e17c93b3d5178f0b3e323513911ff6b8b4cc9a745dd09e96c4d379b03c1858b

SHA512
9f6e06163bf742cf93894256a8bfcad6deb00f5a9b3865c41bd1bb70b814edd95d85300c9276b503b70ba8a015cf7bb0767fc36a4e986d8aab2699e203dcd458

Download Submit
\??\pipe\LOCAL\crashpad_1348_MHZSXCYOKKUBDHTZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit