hxxps://www[.]youtube[.]com/watch?v=iTR1CN4TW5s

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=iTR1CN4TW5s

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1052	msedge.exe
1052	msedge.exe
4236	msedge.exe
4236	msedge.exe
2328	identity_helper.exe
2328	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4236 msedge.exe
4236 msedge.exe
4236 msedge.exe
4236 msedge.exe
4236 msedge.exe
4236 msedge.exe
4236 msedge.exe
4236 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1476 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1476 AUDIODG.EXE

description	pid	process
Token: 33	1476	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1476	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4236 wrote to memory of 2740	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2740	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 2564	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1052	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1052	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1880	4236	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=iTR1CN4TW5s
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e7046f8,0x7ffa9e704708,0x7ffa9e704718
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16219381974312352166,12038379103379076406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
acd3ed510f582448270bc0d672994297

SHA1
4e58b36ecfb6ff11c55d361237b8a0c62cf70c89

SHA256
82f1a1b90acece72a85e116fd61bfb5acc6e5ec3766dbf52af906992070378d1

SHA512
66ca953dd1075e524c42ea41cfcd30417bb6162b93dbbdd88faee31526982b4dc5f66e6c3fb58eb93e7e926f7ebd4a1691e335866db83a9c49bd60173a6932c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8411a58b1a1c49015c42118ff959f230

SHA1
b61f1185cf03b0fe8db00ca5a57bbc16d6091352

SHA256
806a90e4b1770ddc724b7287dd8f332a9d1dd022de2acb083098f07156ffe2b6

SHA512
b5256c6c3ab84bd6f1109d128d57d6c56cf7ff4a04a21d0953a84f27275c67093336755fedbf0cf13dea833763a8d79a57187fd2378051eb1ddfb5cf866f6f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7cdd4d39927a7dd4581768a036aef5ad

SHA1
271486e9d73cf07f345ee4511c9c788f7fc2d603

SHA256
ddb7aaa916451c63b16e7926d4b51d9d354517fa0717e0040440160e16b0a98c

SHA512
60cc98b05215c5f7f264f2604e0ce0da067e2ffe598d89a4e04fa1349b396787a481ac5b31dfd2be39538785cfea4f258bdcaafc8938132f87feb31d7bd0c86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
911a0619623f089fee7145649e967b43

SHA1
ba41d719a1e042e0f055aa8344084c87f7ad8ca8

SHA256
7d8ac967c34380a20a5c452109d702a7af8c4b750a3c9a86e9e7d237245fa2a4

SHA512
88af5ae9c6f35eaf1bf2ec38cb4a88062e33d0f36b559f0894980e7d92427ba054795ab0aec358565c4506b32f3428e909f042d498cddf447054e8bab6c12512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e719bec1c6c44d4b4619d0c27e157698

SHA1
f41e739fcd9d7232ea1ee3e6658a9776ed67a692

SHA256
5c0f17e7028bb8b288e04a91bbaa531e94d4d777298f32c88b18d49d70bbeca0

SHA512
c44d1e1ac3a8ac6b12c555e34743ec776e1b1fc3ca19da71242df850619d2a299eddea687500fca3d68b9981b920f52ba394833ae64d12802575379d6068650c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e09daa6f-e042-4dcc-9162-6f3bed86b1b5\index-dir\the-real-index

Filesize
2KB

MD5
cf4a48897104b79a9b2dd622dfd60e52

SHA1
b27640fe8616bc7540fd3462e0437a90205bf5a3

SHA256
32414931f7e11fada14285a99540826325805ad021bd7745632e35294ffaf4c5

SHA512
38a3b28e90c36fced1df0143f309982fa66d2ffe06eb246b53030de96bb41313088a735e42fa27837bc68ebbb0b431af799d6e91cf099cd321e2902736088777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e09daa6f-e042-4dcc-9162-6f3bed86b1b5\index-dir\the-real-index~RFe57be10.TMP

Filesize
48B

MD5
cb9df8277f018290a3966c4c3157836f

SHA1
e911673f9f77c94adc3c35a75b76c28de7b379a9

SHA256
26a5717b92e152afb79d6ba277cc61fddda97b61c60979ecebad61e38d168100

SHA512
4aed476bf0e336cf92b5066c29f1e62531eab8cf3ce171ee97bfa0974861225c3f576076052cc00b4063a46f0262486205bfe7c94b578894716cbe2697a2af4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d79ac4fc328cc1ae743b109f5d0e3637

SHA1
4b302709191ace7249028b1924e789d7b09aeef3

SHA256
cb018467605a1bea69fed401b0f06fc42a51a84ea2fe91c2bd2608e426386be5

SHA512
38d377352b3fb8d290a6aa3b2296541e634389ed3766de9c864cf266ac814344a4852a81982defcce70ca9564e356171c885c697938fda6eb4ed16832a1cf742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e1d1d2a0ad7a22a68c54c44bcc05f16e

SHA1
8cc6fc3ddb78ed2059a017fb4d0e2cc3af1c5722

SHA256
be371ec288660aea2c492313cd7b795ce4194ce576bb37187106bad79990ac83

SHA512
6d9f99c2fd6eca8c1cf7c0890b27fae575883156a2ddbc170f56364553f0f3df33153400ccee28af1262cfec646f57a8f0c708a633175c8eb2e2bd8d19ebf26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d36ddf4dd958f7b7fb2cd555eebf0e42

SHA1
0a48846d42e1dc51d8839e7bf2f276e7476de5dd

SHA256
d18a5322b033a17f0259132ff50b40bb69ccb9b87bac6b53748f899e9ccf4f85

SHA512
dd3bc19cb35a189d085243d3921276f6c5bcc02cfcad0b64631a175a492cc53c62d19923062d7e8f38e53ef477d787a63ce681a516c2beab9c1979e9b1078767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5754b7.TMP

Filesize
89B

MD5
5b3c3030adb1a95fa7f1664f2573a0a8

SHA1
0604434e4a725a4a36468939dc564ade7e84870c

SHA256
a6d7f6b921e1448bbcb16ca32e6f5652c5226d8c4d22ba27ee7ff9db8e91f067

SHA512
28dcc51eabe897c3ce61edbf4888eac6b6a94f29207b1564b656cc8f1a21763f49532b4aa13dea9da0ac2818864938172a3216458679163365fd062c95e5bfa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
53b7e24da739d28970cbb3142c88cacf

SHA1
f78b689ac67ef9e272758f89ee3d27606fb14945

SHA256
835da61fa6310729f2670ae1cb2050856ec915bcfe1a6b0a19fec9b0b94f8f5a

SHA512
b11ab6e257b16c0a5ee8bf296be0a7a52e73329316ddbd3bf99d36d9c8a52c08ef0a61fcad4a49b5a8468b205e13fcef441bfad83957f5b65d1cf1e8f6e2899c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a836.TMP

Filesize
48B

MD5
28bf85debe167730af53e8396c804eba

SHA1
e384399277fb4b6119dabfca0483a9c816091d5d

SHA256
ecf8af1a05af7a0705f0ceeb3e0b784b71722425c0cad3d25dd8da5b2c27bdff

SHA512
22ad1b51b6c3f7ef3aeaad074a6ff2a59a631c41dae42c2112749150f75659292d31d9caacd23c402f66b462a4d097e42e7c96152f30ec74bb65f344674f8e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cf98ce893afef0d8b9c27979ade4074

SHA1
41cbbc29fd691d1e41689678235dcaf9f1646f64

SHA256
a57475ec93414c6740d1ce0d8911831ede0fc281a6986415f5fae71768f48dcc

SHA512
1913a560c5ccfa155e55e1e4b3337934cf4c4946925bb96092f8b72d706a08ab79cbaf2962d8877155b20f7d4ad5c675a972d5e193b83034cf99be0f56a00add

Download Submit
\??\pipe\LOCAL\crashpad_4236_EBRNLCNYMDQUSMYJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit