hxxps://youtube[.]com

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3528	msedge.exe
3528	msedge.exe
2640	msedge.exe
2640	msedge.exe
1152	identity_helper.exe
1152	identity_helper.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4592 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4592 AUDIODG.EXE

description	pid	process
Token: 33	4592	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4592	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2640 wrote to memory of 2236	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 2236	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3516	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3528	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 3528	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe
PID 2640 wrote to memory of 4968	2640	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdad846f8,0x7ffcdad84708,0x7ffcdad84718
2⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3680 /prefetch:8
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
2⤵
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15575016837577712491,16768091664671576621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6336 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x350
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
221KB

MD5
a86f1cc6cd874c20d01fcaf4d1be8313

SHA1
7fd68c7f10942b3a2eb87d1b9c140e54eee52436

SHA256
df0f24451fb18a2cac081206710855ccfa0f8c24af790e72248a9c7fc9a4b37a

SHA512
25c9f22b76a44d7b71904c3114c07de80e00cb64541b6e8697e99662953d92e364780f20ba12d83c62ec111098dc662f4081d30a030aebc33ace098ebecb0ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
c6a23fa4c29a3d3a7dc05e63158ead06

SHA1
34d1091425ed5ddd6e48aa3020cd6f17e4410c7b

SHA256
ba273bf4b67b1f1abd1f18b1c09a611b24e7abfd5eee7428974022f571bc341b

SHA512
ce7330df53088d2a83bd0152cd7f042a5b24fef0db5e322a558d021dedf57851d1a10b71850f55fb8cbcdd893c44a14557fbedc804fbb15a879330b654b93632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
46KB

MD5
c60bdf1d37da6ba7172678ef0e433524

SHA1
44f277dafd09e0e76c2ce61555db77f8d7a5ce1e

SHA256
096c78692fa88dcdc47ae22c67e1ec55426c5f20f53f66ea55da7c8ecb1a4eb0

SHA512
e26339c6bf6dbddf9cda7a4ee1e49d48acc402c54cff5518f7d0bc9548dc668fff3ef6179abc354c7470fe1c5125abe5edd38824819418f80778a75ea0477099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
197304588b469ef1a55cb13d10a08df4

SHA1
aa0a2fc3d6a650f1d736762598eae35651a07b82

SHA256
836edb5f7295513ecca9fd83a21f5d536dcb020f212c069c23f175005f564ec1

SHA512
c0d155c4a16e49f620f151976964efcad572113a42cc46ac2dc681fb2013227413e56b74ac61cd4bc01a7b2d43cc88f9f35cac7fb8c42d57aa17de47d1857e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
dab6a79d3f213c671a698e175b779904

SHA1
3938b9cd6bd324d10383df90a4a23e92ee42539f

SHA256
d5eadb65f8db01d03c174d1ad2d346bca6bd0eef7f55b8068df8a81ce963341e

SHA512
89f92773562db051d8c37e98dde9b0b8a70d0a815d9ff957620721f0faecd373b72ed035d2825004fee69df53b79cf0821f3e1d5d0715f36bd8bd045ba10006c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
c30dceabb4a5047a7a26f51e31e4472b

SHA1
654f7fe97a19a59851a57d9a1e66d6f896d46262

SHA256
53d7efb14e77f264a49e44bcb8261af08a517ef4c33b0a514988f46cc5d57c2d

SHA512
f0a251ee5d197a81fb8b0c1ab7333a233b86ad89cd67861cb0c16d7caed13143e5795b801def266be00fd55c3d641ccad20662aca94cf3702401523134adffe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
edc83be3d4a134cfe555e76bed3ae79b

SHA1
66133cf85aa476e46eab2acd156a657393c81b85

SHA256
66fa69968819b3b0a8919aeac58f498ac556dc3cd6dde7e27f61bb9c2d543cd9

SHA512
a53875d88c249364e0d5ef579f1770ecaac9cd56b75dcb9496c1ae1fb5093b4978775acc8dbc6a91e4b5eda8859f38fa7044b5a1cc481ef4c751d3b95eecc040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c979c52cfd262bcfb9bfc01b95264e48

SHA1
2bff65271ce6690f472fd7ec2d3a541d92d4bb2b

SHA256
551e22a2eefb5f4a12b14028d3409b8989c23d9386f29c4c5fb07879f5d45344

SHA512
b1c478886cfbd701030504ffe413efc59b26c6ea34339d48f9bb2c6f541aed05f5ffa7dee9f7413bbe22938e03a2318c9529f7686bea7f1a1f11a3c536dc7135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40af656d74642e3d825426a0f3820295

SHA1
ba358610cb5a9cba80f873a54b47536806828084

SHA256
492b833f0f0bd823f19fcdb74219e6d29efd185b5c51a1b3449a36ceb1c579ec

SHA512
275cb4d0ca6605643855fa407e0edd5ada987cc80e238824ca09bf924012d34d3953109bcd419cb914d64a7a0538cb8e30dfe436771c5ceaf2e3165bade5150e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c65c3761a2cfefee227188aa04ca10d0

SHA1
ebcf15fdb5721db97f4dd500e53f2b23f849b388

SHA256
aa912ca0c2961b9996dac51ed810b2b043869625524fa9d574d8f717de115456

SHA512
3bc29f3a1aedb7d87a79f339bef6d6ceed6ecb568031362de93be7d2b4aea18087e3447dfc63e085035d4fbb24ae92edc6d647552e8b2beca55d52e7c9e27580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
91a067956f0b1d0ace47c434cceef821

SHA1
9aa156fbd7fcf37a9f99c08c489687f4a2aa2067

SHA256
b403c90d0615ca78c80746e1cc2180e1ab8674524d6cc0ee9f2bb506bd4497ff

SHA512
9599ec36e43abb1d05a92fd9a2df947e94df5a20a9d42e9e812c6c52f5f84aadd3d84baae781db38bd76427fd2af8068dd25c819b20cc25271e0f78dab827176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ba2a889-fcf4-412e-b4e1-e33305129b95\index-dir\the-real-index

Filesize
624B

MD5
15a74ede95c487b895b78ed44079a1d0

SHA1
73eff03bdcfd7f2b8a58e677c6c557e70a670932

SHA256
d59b37cbbc55814a8679a036c4a760b4bf21abb19521a91f77e7a0c2edc9786b

SHA512
e4f46e695139a5a27399a5fd4b0be7574279c735bcf27c438ef7408f1b000b716f99e142cbe87c679a7a03a6c9829c69a1683470b59f5283792a5f2e9f9a34ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ba2a889-fcf4-412e-b4e1-e33305129b95\index-dir\the-real-index

Filesize
48B

MD5
badf2305e74486f7bbf40fd01571477e

SHA1
e22829c84e15c96684e31ac9fb80827aff1f131b

SHA256
860d2923745a52ba10fdf13bbcabbb699d895a9a1d78f89cf52ce720a4adeceb

SHA512
ff0564b083661345e3beb45a26c3f7921f306f04262db96393f011cdadedf4ada1e3a175bfffd53b15ed2b082ababc23c2ce4c318f13a073ef7afde11cc55445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9ee363e-117e-4ca7-b42b-80367fc26df8\index-dir\the-real-index

Filesize
2KB

MD5
a6ead3373082fafb7c8e743e119dae50

SHA1
aed50cdc1c1bb6f9a949c4abbed81d6b630985b2

SHA256
d7b7894eab57dff4f713f72ba5e5a35065dd63d7151d744a39f9c1fb0628aaaa

SHA512
ff43982216b0e897874dde8d364d3cd89c8c7a40793e28e29c3e74aeec4961ee3d620406ebeacf273b451a1464c92d369ae9ff7ef500e5a3cb63f5aa77c15d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9ee363e-117e-4ca7-b42b-80367fc26df8\index-dir\the-real-index

Filesize
2KB

MD5
d29e9b334b89c57f0779a498f16cec9a

SHA1
d22bc0003eb9bf7a9de7cf4aabcfd6e7e0bb8575

SHA256
199413e5f24776c3521ddab902fc04ec97081c5b65d1e1f0a6f962607889bba9

SHA512
e40e7cf9b6cbb85e2b4ffac26911803120067146725535ad4e58a1a7acd3902ca177f2c4aa099fcd67c43d6d201e413cd4bcd0c5f869084168b70803f1ada9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c9ee363e-117e-4ca7-b42b-80367fc26df8\index-dir\the-real-index~RFe57948f.TMP

Filesize
48B

MD5
2eb3bce8cc1d0e29d5cf5588c185d10d

SHA1
df247c9b35645376763f08c5c9f1863c3c9c01d4

SHA256
f71c936a95325e2cd4e0e1c8e85677df39fb3f4fbf2b29adf55dac0c4fedf1ea

SHA512
045d34bc9584c50020459245f95a3f380a849183148cdeea99a12be74349e059beccf1d9a636df88ecf8886eb67f41ebe3463a7984d7945fa2da06ed450f6bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfc44212-e7d5-4826-b123-ba8638f3c3f9\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
70e38d76fdbab53994b167cdde7c19ff

SHA1
42036473fb37cf46fb86459c91ff298c2bcad521

SHA256
1886a3ecfdf903f789b5490f24d70516f7191d05d836e0b9dbd6f7c234f67bc0

SHA512
0246f0b0b84536cf0a07044a3cd3fda79b75f905a6a58e65f0029d3d8d37fc4322ac12b3a87cfef8e90d9c46b0b92470866e9e6366d24c7720bee1bd21df13b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7deb9a8f299c7b92beefc07d9a60f01c

SHA1
599b65f8ff12433ce6e84fbf20b57b471ef0dcb3

SHA256
11275ca37bebede1c8a1e0b2899aac498fe7ed2329fb035b76aaf1cb76af6aed

SHA512
ec555a331f40ac4f0e1820dae209c02e1d1a0b1119a4f5924155e11f061b0137c2b930115dff4b680e54e4556979acbaf9b45101b19ab0f194aad672ab284648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
feb0fa0d196fec4f314f77f583318137

SHA1
8bbbfdc25c338514ed1bd8f3b501decdfaea6e6e

SHA256
87d9d3291c55eac20cdc9d2bea030ac336b36b923021222f89eaf7dd346db9ef

SHA512
e98c075639a021067b9b20c9ed6599826fd6bd596ee1d91914373ca4d63ce31a6c701fd4b7f122e7d774b9c33559afcb1548e376330bc57181c9fd2706503a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
00d2744765e424bdb842bcea92fdcfe6

SHA1
61d07851a77ecfcbd1eb8c34a1ab0d816d467cda

SHA256
995190b3769b601170c479be51aecf194b7575e0203535e65e6bfaddc2b2c8e7

SHA512
04d41dfd3b14cc87991526c244a8738448e492c5ef38e659997616ae86d27150cd4400e06ffff870532ab7996331ca22198463171de1b66f3a926e7105058620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
383339ede778bb0be1d3ea1c6e8949f5

SHA1
23a5f08285a552ded9747c29d6e3a8656fbabb2f

SHA256
093e2920911c957f3631bf7adedda5ad1cd5e6546394ebe69315557530a8b8f9

SHA512
261cf9283516a2bc3f940264a8c385e2564c5f4d7fe5ec15389d3d677dda423853c79f32150e3eb3980bca84e366e9a4878e419438961a910acbc17380b0ba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
322cc6819d6d9bfe4f25669132e8bb06

SHA1
24468454f425c7ed4cd5d71fbb1eb392aeaad20d

SHA256
6e0da27af64af99e7698d11f0710903f37516f191e0a7aa45599c26cb7fba17e

SHA512
68fd1d6d267796274162951487ce7f85c33e3161117d9398811d7a1b3417829316211448244e4a2144a811b553db618e592ddd8e76b541ddc638144a98fb1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
46e5ea7b350de285f9318e972ddb713d

SHA1
b3e25f5baa6d909efc1ef2865914168394c5e2b1

SHA256
80145914fc000b7252b0ddbc08a3e82231b35240ad7a5b14bffb2e39068e62ad

SHA512
89bc11e145130affcfc102efd7309bfc3d0c532115fe4eafd6fd9a3e33eb8df1712e8150405099c1e65d6eed3558bbbd1dc9b2c4da8051a7a86f78bdc0901ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ab919cd49de05672fe4eacf8178d2a75

SHA1
5a5827e19ba985ee59ad6e76c820987d3544a992

SHA256
af5f17b20326468d18f2afccc0149e7b638765ba73d872f999c75bb6e3b59c67

SHA512
ad6a37a7a7f8b1b6037d573cd00dd89ecc7b5c1a6f077d10a6b298c579afdf4057976866165c653c6d4f3955293e2992c79c39e07b7794bf7ea4178c1a566c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e678.TMP

Filesize
48B

MD5
0ac7261a26a98999ae342e188762188b

SHA1
86fcfb438d7be2f7d3b3a9a26efa83e8199b7101

SHA256
af4618be0725458b5e42df1c9ccc2c2e19f6d3805e4cbbf12c838ebd0628bdcb

SHA512
442f8002a2eeb79e20b75415071486297ba149d5fbdab3c27b5eba43016e63269140ef907f622e458ec72bc6ea779964d9dfd674cb97a540d48302a4d60b0d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
03160a2e8af9cc2f88e9c401f2c6a21d

SHA1
284ecb42a9bd9325125704d0979d580ac6988c13

SHA256
1d903851479d735423af24a39048756cb33b7eb72181257f69b9c6d6c69bd14a

SHA512
402549a5be0f8a0f1060282750fd0539abbfe2c04b0862e8af2497a1ffdcbc6567000e30ca639d0cf3c5df14bd374ac7b5e6ecc31f76ccb89cbfa193cfd5b9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bb12.TMP

Filesize
706B

MD5
d3184fb5c0e1126f98938d511d6fdb9b

SHA1
6d1b1400c11b89ab5089adb95bbbdf5bcc1c1f46

SHA256
2c0f60792cb73b9e0a021f9076322e7b928861cb9050d2d63f3f3bef746f670b

SHA512
54c4065ea7e781182ad91c5a3e5d63524277dc3f894de1e566a1a5abb70dbf145ff954a854ea87cfc3f75a501a7f308d868ce379d151ed677a9bd0dfd2c3db2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a92bc61cf3ae9bc33af34c3f7a2b60c

SHA1
712646f5ca4c7972f12a97e0fd3ac5e759a69754

SHA256
48eca55c777c67cf72aacd03cfe227ea8ba621d884846bd3cc6a1ecaf1afbe49

SHA512
7bcf16bc8cff73cddd73a74e164d8bf3a60239aaa1090e37a87d27d2beb0019f4151254504d9efaad5190c8999b0822f3418f802be72c4b95095cd0747f6550d

Download Submit
\??\pipe\LOCAL\crashpad_2640_UBPIYPQSBNAGOIWA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit