hxxps://www[.]youtube[.]com/shorts/qfIgYM8L32M

Analysis

max time kernel
480s
max time network
502s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10/06/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/shorts/qfIgYM8L32M

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2551177587-3778486488-1329702901-1000\{0F5D7751-CB0E-4DE4-9D27-C3275D33402A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
4676	msedge.exe
4676	msedge.exe
4300	identity_helper.exe
4300	identity_helper.exe
3032	msedge.exe
3032	msedge.exe
3212	msedge.exe
3212	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	336	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	336	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 716	4676	msedge.exe	77
PID 4676 wrote to memory of 716	4676	msedge.exe	77
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2392	4676	msedge.exe	78
PID 4676 wrote to memory of 2232	4676	msedge.exe	79
PID 4676 wrote to memory of 2232	4676	msedge.exe	79
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80
PID 4676 wrote to memory of 2024	4676	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/shorts/qfIgYM8L32M
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe68923cb8,0x7ffe68923cc8,0x7ffe68923cd8
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,2599916690800347682,4655761125496594736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9faad3e004614b187287bed750e56acc

SHA1
eeea3627a208df5a8cf627b0d39561167d272ac5

SHA256
64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

SHA512
a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7915c5c12c884cc2fa03af40f3d2e49d

SHA1
d48085f85761cde9c287b0b70a918c7ce8008629

SHA256
e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

SHA512
4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
46KB

MD5
52c11498c7b62200b2eaad6e044a3a9c

SHA1
053e3c71de096a11aa3403ec3747ae21be8026b4

SHA256
19fefaa1afb5eabbca7e26bf75082224c4343acc80d295eb1f8b637cc94f0c75

SHA512
245f3bb8d4c340ca4db5e2c17b67273ebdffe4525e454d415415d2e7f4c95418508679cdb28762825556046a32be4b6ade933010c60bfa2117497c3c3548c3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
7f3fee4aa494a1178179573720cabc41

SHA1
a0880ac8cf39ad075cb690d4bcbe1a2a50d17b8b

SHA256
2a86652ae81b4965329db090681de3508ef5fbf404066e9f3a7159fe587f9647

SHA512
ee88f12772647c45482394a221cf5d245627323f0e59fcb101382542e7ab9097b759715803c97a56b88f52e7b8755350b3d7d408c119b3ad797a8d0c148d3809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
20da0e6a64419af4f550c77273a5e60f

SHA1
8b2c754ca8abd36802629c5063ded11f5b3e9fbb

SHA256
98a0affd1556a559a6ffeb44546a8346ae2369cb3453263f6a41c9d356ed8744

SHA512
eacadaeb2a0221a651826d4f710f55a2bf9c77b30a97aa8b70d660e3ee7d199e659f974abf5f56fe28d17a43bcf70f40dda67a556233a7d29dbdf97c41bb7728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
61bb3dd15f0150fcb84a4fca4ce7286e

SHA1
a35e18202b64808cf7db4b3d7cf0648d6ade6319

SHA256
83b73b749927b952897c9b3f6f6e76d0e1776a819f5b1ed4347edef3a1c30172

SHA512
0c9e5f57d3434c6adb730d3b862f922fab61781d9cc8245dd639b86fdc684c993542a6df5019902fed884c798f55ed4b7126309413064dd4b64a28d1a428f337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f6a2ed59715a82b2db9b04ecc4ad0e16

SHA1
c18b31bb1452b3c1f97f3ee13b5769597c8e07c9

SHA256
74e585e40256d23c403f4ded5bcb096f7f259cf375d0f2bc98eb09ba08a76757

SHA512
7b88cd47fd4e4cc6f12e022809f60329da59d928c19ccf1ff13cd4f68aa704efa6cff85ccc1deb70fb46f538b8b1c9ed339bff94327a51986a8c54befc68331b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
886f960463430e8d6ef431735876d176

SHA1
5adef238893014d085decf4958362d5b598fa207

SHA256
01cb8d8b25ccd103571df347534dacc83d8a2ccf2e98e9323d64e78dfee31aa2

SHA512
af31dc3b2954f2d9da115e5a4e64f8502895653732ceed63515c161ad6ca97e0674f9c0254be0a3457c256cc25e7ca26bb6bcd07630f8b51b3189620b2bdefc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8f33e0ef2dd46ea93266a233fcd66662

SHA1
70f36e79cf92fbe0da1acd3efa44e4447a5d4575

SHA256
ca978ca19dda84b6d9367ded65e71b205c976f6f73522a09ac89108043972b1b

SHA512
a1203e3bb5e22a2156da31033ff9d15022a561ac32ac79c74d971e172c15b81d0e6dbd608777d7b0c7bd13c1e11fdc8535e09f28fd51ff818aa194ab9766017d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a9acc2dae5c592cd433d8f462a076401

SHA1
52939fa891d9e60bf76eaa97a2a5d5fe5750c7db

SHA256
299f25615bc3ff1168005d66e3b95023d25246afa30247fc7cc2db6025727cb6

SHA512
392980c4a76b034da9e254de81a332b16abf0eb13f969caaee80bbe21e06e313280f56cf9de209de7645e2fe54828b00747de9dd11cd8f3b335418022bc5de2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
eaec579dcab13aefa83abd65583a67a0

SHA1
bbe30d920595c88901d7557750b2e51dbc035ff1

SHA256
c00d051f5e9810c2a64aa8a7324e79c3ef5a5d98896b5a57e6d87b0fd585f63c

SHA512
98be23d306e5aa2452dad93f915d06a1b39e0c012fa3637e40fa2e3e6132ea2412332b0f697df674e8e75581567f11cb23f0e5b03cf59405a90988a94c0a469c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e7a252a3354f060b517bd6c7bffd5b72

SHA1
8f0bca86df815a0c23abe976a05f33f4f8b7adef

SHA256
992243b8ba64dcf044cfd3fa8749c07f6f7cf0b14b4483852f036855502ec0b2

SHA512
0e33cbee4006692fe08c1d1f3a6c1cebbbbadcbca90b32c916a22ecbd586a72fcae5e0e85c0507a007defe398d3514f6fea6e5b036b6031d8c1b555a12bcb006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60866bf840d5fa6f21e8cd34578b734e

SHA1
facca9b42898028b5bc77d837b77aff684b5610c

SHA256
4290230fba8c00e2e462213a31adac2d0b2ca62dd6d0407414289697a4f6cd40

SHA512
d2720bea36d95ad0d1296442b6192a96340c1c56d870d2f783d3d68196a8db6976c4c0f89aec342898511eef04c8089037941124e57abe7e2a86f4ec0f976c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef5060f824308df1dad505af4e1db9bf

SHA1
21d8caee5c899b71008f0cad85c49894270f48f8

SHA256
7060ced0a336fd164491f46b2acea12aceccdc1ebfd01feb6afc52ee588580cb

SHA512
cbfe4d5fa874b9a425de0102d76553eb60391c3208cb8317072b4259649f7201e1b186e1577ef2b5a2f5f3fdd9f0a51adc9ad843d003ed6484bb8d3396c8b994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
423bb9bcd91daf01bae33d7f9841a58a

SHA1
3399b15146f27fb3adcce19387d4cbe258c14816

SHA256
bce35e3b408da6dd051330db80d82d3fd7c071e53fc9af1861e5be901d2807e5

SHA512
5df9d3761bf7f1444c722754b4a958227533a0f5357e7568f86f67188d3c780906922614a75ceef945cbc2e21453b92f43c974781d102f2d389cbbb75de95270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f9ec8ecc655df275ccda67b4aa57c69e

SHA1
79580ee199fe1c38b1644281d041a5f76bb452f5

SHA256
9f0f907a6c4839d9c9618946c9b9c22af00fedaaf4eab72aab5e9f0ed353148b

SHA512
64f95a657b54f83290c03f59beb157523acee4dde35b566e372b68601dac58edca2ca491614dbf03d39cffdd3d116dafb695e70fbf1128610c7f86f9c0539120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
41KB

MD5
086ecad26c6a35b83112b143d8de31d1

SHA1
53975021be6feb25df567e76a18fb229bf210ff5

SHA256
54c8382ef6e7be79b99ee15ac5487efc0962b573fe36888ca2676d7843fb9270

SHA512
320ce15576e609188da12664cd08c43f666eaa96f4cc2a1e972fcda93ddb4d36ee2c0c13cedb56a8dc41422127d4a42fcc37bd7f2fde84567b47f7505ae87288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59d95c655a3aa6b873beed7719edb305

SHA1
148ef4548ee8ba7ea51a7a505e506570178c8fdf

SHA256
8ac80ab354ccc8704092c6b660abb7164fa8de2a532b6b6a75c72451f2e1d32b

SHA512
04a73ad477a26d8b4c48102f63b8e0985abb86e3053718bbd9d8b0076b4191dcbfe1636004de7adaf6d6899c1f52f4a1421c6fac47f00c533f5c4c9e7c502a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
41KB

MD5
4e6e4c9fcc94aa736095b94f93c97a36

SHA1
fbb0f2d9182ad1df90175f6dc4f9666ef3421381

SHA256
472f8965a6262aec254f2035daab052fa827bfcef94444787f1ac2f8ca5e64f2

SHA512
777a34821e86f869860c872fb61bb026254ffeba11c3b47d74fe4a4f3acf5046e431b7f2cb3507fd0d2f37c5ec7ebc128c9ddd2af933e75efb0e51b2d310a21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2cbf99b0-ecbc-4cd8-8e6b-4bb1cb05288a\index-dir\the-real-index

Filesize
2KB

MD5
ec4f63670ee5dd6a74c37bba3b82528a

SHA1
1959d09a05fb85d76fde147c3a6666f2e5484e66

SHA256
d45d89619081a1d7a5bc2ff731133195c86e212f23147a75118cdcafc30ce1a4

SHA512
82788747378259c2ec995f8745539041122a5876bccd0828df32d4560af4f751dbd5a733a8082a9e38a39ae4dd349b950dd42fbccae1e47ce353e009381c624d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2cbf99b0-ecbc-4cd8-8e6b-4bb1cb05288a\index-dir\the-real-index~RFe57b4c9.TMP

Filesize
48B

MD5
c989ebce43acfff0392a6394704a9eb8

SHA1
bc1018bdb0c2d0eac11100a896e94aa801979796

SHA256
08280aade3f3972e181ff1eff8178131a63986384db5dcd04ddcc6e8bd412b3d

SHA512
54145d76bac509aae8add74af0151c4990a7a7c698103d5749b215b31fee83539e52335aa1760b5c9e60f8d29c7a548011ac559931a1b33b5c518f480a1c3396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\1d48f19e5167c04e_0

Filesize
2.3MB

MD5
7b8334fd0135b8ebc64a9b051188e831

SHA1
38bcfd62a836290f938a4388f0d2e3f346d7fd78

SHA256
83a3b7bfaf985d8702adbfc9e4d56ea9c6ceb67bb22c105fbd6f423e9f11fa29

SHA512
8ef65ddcb069024905b4df501cc066a15806614182218e18c7fc722d2287671a5324dbf979289e13baeffb9e3aed4fcd4580e5d91f5958feb52bc0a635ef35f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\1e9f35aeeccf144b_0

Filesize
9KB

MD5
1f5f376c9b434c4b58ed83071cb39e74

SHA1
f688554fab921badb9da01b1495d8e72b0c016cb

SHA256
640ba7fdb9f5b6c3ca77898908e0e0d9abe20989b93402da887df0e098bd3a9f

SHA512
9a45cb8b4973d8cd8ab3454203e718527218606e42229b08ca9e1ed9965e1dfb41c7351536fd393a8b43decb278e3ca0c7374cc21d37ece2af694e5acafc36b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\7e2e32c45dac1f59_0

Filesize
371KB

MD5
7c5b813a11c23ada762898905e2da5e2

SHA1
317e80f79e76889f8f2f85b4ec673b9c0dfeb3cc

SHA256
e60b8a7a11bf2e680081876d158bbc5d120e796bebb76fe03382f1d6ab3fcf5e

SHA512
7cf288839cc66df31991be654b94b3424597c83cf79227b13cd75bfe81cf2016412b2d8e30d48ff5beb6fee5e0620db62175bb8ff883993b0f6e12b6bdd1b00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\af97d22c41069616_0

Filesize
2KB

MD5
2c27eb1fd867bdfc2cddbe74a11f4a15

SHA1
8be9fe0b346fc6c67c17045a66fcb6e3f11576c6

SHA256
218d5ff380bf1a86e1a98035e9442199d88b2f8a2fe3b43663a78738e1b609ef

SHA512
e7848c779c70f7cc7eeb00e7759af4b449a7024ff0e320a0c6ac46d277eb38b7b99eddf15f5d7d50f4f81ec01c34cce919be175eac871540d0489c495ce24383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\e2dae5a1ac445daf_0

Filesize
1KB

MD5
98cde85ecb1b96c7fa5aff3e311b097d

SHA1
5bd8fe548e33759fe9c46fee93e98a3658963aa3

SHA256
8350e13f077c3785cb09ebe6ff52aa8f1fbdcbbd76055454dde9b4357cf6d690

SHA512
5e3e7c4fb1ca3fcf8590a6361e5e4656d66e12efdbb661c59fec567be875f17ca47a31cb72bc231b9ea5f776735525abec021c88e99bdbbe4106f7b3c451720b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\index-dir\the-real-index

Filesize
624B

MD5
e6240961a1065d94f2b146b8a91bf611

SHA1
d6e501f6ba5d814cf6b1b71fb0ba3a0b4360fe55

SHA256
6cac010207368db1353bf7969892d0ddc00f57303b5339f94d8d7fafe0edf109

SHA512
b4d1da7ac0f27c2758f74000e6427dcea6f1e09f9253156ab9fc849d8e818861e0dbe4c4373688676068a87e0111d23046a86aa0ed2df37e5ee0d771d747181a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\index-dir\the-real-index

Filesize
624B

MD5
d1371a16478e3b7a0e50e1f9988a4409

SHA1
fd95a90e22f2d22033a0fd3621dda82dd5422ceb

SHA256
dc1181ff2b7af85ad300e550018ac6a61a690d82a8ff813254d7e42713736254

SHA512
038620298198c97650730c61f881ec791333ae03f330b3018b92229cfb6823b5daf5e2c27090b93a880ee1e15228141c7e4032be0cb90bcb743c1c8142466ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\797b9711-de07-4e72-ac69-dc8cc4768f2b\index-dir\the-real-index~RFe57b6fc.TMP

Filesize
48B

MD5
a2e402cfc6421c84c0271f55ef33ea0e

SHA1
20479b26c493e04626f0ad1bedd27688174548f7

SHA256
b9216ee4cc7b3ef47fc0fd5272374f0dc17b1d4c65a12996e4605ca7521f7e48

SHA512
311581cf9da8619362ec1f1d86dc3cd0759135bcf01667123b239ae9e85e4fe0aaba68cc9026f379b461c3ab875b1328d1ae087aeac5b9e0ba511d67790dac65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
a105f03469749ac20420028be6a9bc4d

SHA1
fa358b41cf6d66fd79ac20c7db40332051775597

SHA256
d01f2db7e5bfd94ebe463959977f361cb5f8692af9a9a102fc7f12842c88049b

SHA512
4fbac372a8bed2fff1bfa1b865ea6086af294889ad5f55b663962c6c9d87c3e954d2ff3ff4ca006632503af460cbbf32fa4586eff55b9880c226b9d5792b0dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
845a4c6e38c24e7635ba963a60011e49

SHA1
8e12fdd66c0562de500abfaf3b9abe42cf7097d8

SHA256
357c06ba94428115a87e73865777208fce65159658b5525652f5fff889a5d2ec

SHA512
91b4df99f73166ace3d7751ff8035cb809a892aedf9be50a74762f9df30b446d13c1e733f5aad6fff34ed7aebc5d7637ed86a1d4948edcfb784cf3c4cd22159f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
7a558d8395906c55ba483f3122255cc1

SHA1
ea8546d37c40c53e486eee70a529f208b98ba33d

SHA256
d8eec4485c270e75f546423ff53dffe2ec7ab58f377ae7b6120796cc53607bc2

SHA512
485870a3f0129010f0b39cf8aa7adda01da685ad5c180a141732714c4460f58db5dc6b8b96228d41f80e6d99da368ca06720e3f01f6b8ac4275b0b12d34f10f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b5bc05a1abdeb60de974a26c9722e7f6

SHA1
a6bea2c2e36317eeed6c9562cdafa3c89385984f

SHA256
f9399ebd1a72fe5db1dceca145837f39c75fae641dffe31397f2058a9f2ddeb6

SHA512
f7e51d53e933caf589e6afce657b2bd4a89e4b746378ecdfe73c1b0ae0f5cbb1f38a88c32ff0c76a205e55562693fc82f129c3cc2082659c24eed4f38ad5e95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
6d73c9262cea7df01635142273ada34d

SHA1
6e58b906ab757b36b52d9ebe8f4b64bb5ed170b7

SHA256
56aed8a67895785f4e215620b4745c32bd222b8ad9f1379400c8a370a0945018

SHA512
4cb60b68be951c3bb98e24dc99f32e1c9bcd395dc04836d73e6ed02c0fcf477252a0c16008ffaef193b3d8599e040c94d77cd610f00a2e9c3cbff56282870f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
b7a82a0ab4fb09aca8e169a023831bc1

SHA1
fa9c6732e0fbc649facc5e52beb49390be45d52a

SHA256
6925abc9dd31b13e97d81607feba71585133c2cf764fe15830e6516efa79f1d7

SHA512
e962ccef4ecbb6d9a6951419c416a3cc93cc07efc89296699cfa0e0511dfcaba9cc733707f48b4cccd90d5c601d2cdbfe31485b6acb3281511bdd13d5ec324f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
a79d4e19386cac16593dac2aaec34f6f

SHA1
d45cbd0f3fb77334ec8e3efa647ee9933eb3e416

SHA256
428346b67cffa27b06e18f64b1b592e2967549e0aac9c5bf97a898093c82901f

SHA512
3fa01d6fb8194477e53ed4094437178a057fc6073bebd69cb02270301bf4591b7c20e522c43ada0316d1fa32b0ef966c3fdc1f2d80848579a82c13059038338c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
8db2c7ae29fcc78b8ff72eb3198875f4

SHA1
1427b60d0b5ef9eb79a18f73f6ac65b6d61f9eeb

SHA256
86cdd6027143fb0a536eee19a913dc53e8a30c90dc34e4227dfc4e075b25e568

SHA512
d854225a1b61d2dfa832dddcaab1c90d04933ae32afd753d0bc7da085c819b7dec8d80299864a4a4c914425d449b6141a6f28808c55482d9376520bbe8aa0eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9a7f76af388fc6e76fb29052d08d0fd9

SHA1
3c171d5a7d8133d8ae25c94cd59a615b5a8ba51e

SHA256
d35a1d1820e3276a44695648de9e0466b46e1068c04cb666edbb7b39e92e3822

SHA512
af6ea94da6c2b63a378f2b3baff87f02746026f2e960e71ad7dd6444a3415608fa39680810430af3b7053911063cc420d55a421c386a04c0632e288837952de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4eae763e644ff4dc853370c4092c5ce2

SHA1
57f260f4c034424f12657dedc8cc0e3f594787fe

SHA256
d03221d6f0367ed4bd0867129101039e49917f85422a61a6b1912ffd58966f70

SHA512
4cb00d22061bda50c3add502203cbc9ad01242efe5960705aa3b0eda2e3328accc11e7beafc6c4fd4718ce81e3632397e0f9b79d5a4f3328f3d96bad2d358885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ae80.TMP

Filesize
48B

MD5
b0d99f80aa22f4bbdef32842d270b258

SHA1
5a91558cbf0612bb88c136d9cb6b12240195332a

SHA256
d3fa1f4f3c9e532e49a424958298c371a4a9885d8780688aa58455f0c1109c01

SHA512
a3ec90ab60dd0b227c7961274a88f0c3c3bd49b9794d97e00a287000f2560747aa09d2fcfd7610f2a9161160998b6f67ccf9e5f8093b418bb2120404f29bcd99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c52222103a649abcd7f26f8de111cded

SHA1
a84bc5df8267346800cbeb9036812e54eb825945

SHA256
4738e6d327b669d5ab54239b7f52d0517d6cb081d0f0157deb063e2a53f2c5d4

SHA512
318f97aea6c9d2a79e94583f008071010f54605e8de09fdec73e878bfa2736ec3abf80d673df7884dd82ed5524a40544ce77f45bbaa8d0d21ea0a580e9d64218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
853be36b392796ab1f58a8dece34fa1d

SHA1
3b093d224d127bef251e07e7b67272865d7e9098

SHA256
1e56e64d074820f6f82530ce1f7eee83c130793710ec894e71f9bf9891fc8763

SHA512
e551d4ffa9af7a74b059778b10d11fbc96e4fc67aa7403e62856c825f2dbb1ea9f84431aaba0eac1bd2934dc5027baa95376570828b52a8b991924c0a6ec2880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9410d32f60f74934c906adb9a52dfdd6

SHA1
8576a53d5b7afea940c9368c22188ce5fd9ea664

SHA256
45d2cc68c5d4fbba59951f74d35f02e6c2d4a3d6aa209df6ba35a8d8844d986b

SHA512
0a3d901aa78157fb761bcbecaf9f13c2bc62ba39f774531f5315dc7ca4dd9442a2484851720d95d915f58d4ce9bc71dcc52db4926b381ab5626f2a03dbad308e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e4cfbe3f529fddc6498259424654ff1c

SHA1
6eede4fe1b93d17dac47dddd21a7c28b3a615e36

SHA256
388dfc22a3a36d6aa09f9ca872e0d187ca26a61e475306178c84f45a2a242d63

SHA512
216f514a23c0a88b12c6437b4d18c6b6d87a42da2918dd07738214168cabcc91dfed28755c2a4c0952da58c2a8291f9cbb66655e0ac4d7e4044b552b165fedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ebca6748724312ed5805547d0c88532

SHA1
359f719cf17d5648a7a0d4e6f8721d49cfd89c17

SHA256
ad6c2b3f378877c8b97d33ac3021284af9ef356b79cc730dcb718131e83a4ff0

SHA512
d398453d21f0414c455bcae139c05e4393e5b3c38f2cd4678f82a25d16da4998bda147cd1f6e02fa099bf79a9c8b0aa7375404c420035515edc43fe460c08b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5209c4e144ac7585e31595599c7fc2f0

SHA1
b5bc9143076e56db8dd6f656dc22f0f0e0140cf9

SHA256
36eeaa55ae973de4e90f6f6916c29dd8aba39ef198a763fe58f282ca6755cdb2

SHA512
3fd097eb6b35ebe47519c6b0b6f1761b5b2d224014da30b9de2535d273235d518163bddcb310a77850248a4ff1a895c0278844cfbbfa04174e8da0c23650dcbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
714276bc07b328f204fcf9898ab90cda

SHA1
25c5011f214019c6743d364077628ee540a82df2

SHA256
f88f5fa907969320958b10dd5a8a7434c766f914737dd696e99abb8e3aa67f8d

SHA512
231162d3f1d25e6d7a2ca9fbb87cef4b00fb71b8f0d12a9a05a331f9b5cdaf632ab7b65e607ede40675f7db213d96d7ada2d473c364bce8ba9511f0c24b1b6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45832cd0fbac11f99788c267eaf686e6

SHA1
c3e8f947984173eebd4d9575cb71c750739739bf

SHA256
0545e636f8edea9373877def604203980b41f1652692ee8dafb4adad71dc4ef2

SHA512
0644fe8d1888d0e06c838c45999d95c38c94819ef802d229d545068c028d8872cb7be619687fc5e21328acce8c56e6df313fd3aa601dd3e337fc05877bd30858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e4f1.TMP

Filesize
706B

MD5
b0fc4e3643793a87c7df5550ed894778

SHA1
eac2e4d2af77754bd3330ea8938dab0372c59e5e

SHA256
6fb737e2ac31a093fca6cac7180414960925eb66be9f9e36fd84a3aad111125a

SHA512
27c76979d27b2a096fecf1b0862db9a63b884067bb8f7680257f722832a8e92bb40064c83adb71d8d5c70ef584944a20638e29f3981b56545966680a87578484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dda809d8-0d89-4b45-b62c-c3b8898b38d3.tmp

Filesize
5KB

MD5
f5fb5d364a16fcb8ba79d526a7221797

SHA1
48eebaf87ad9454d19c0ac73859ebf40787b12b4

SHA256
f3df0a31b928ccd0b51f5d3b6fd3eeeedff5dfe25f1a90dcc822f043df48105f

SHA512
027b4d00f0d0b662d18695d3f1e0ef8abc98a93a12b5c14fa2d3a091dcbc4d5b61f2255ab14acf6bc9f79132654586fbc156aa5185fdf18855993f85831228a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d25ab48a299b187b8227619f65d93c1

SHA1
0846a012872f37ef84b79f1f4fe55ffc14a6025d

SHA256
74adc793fcaf7c90e74099211134854313c6719fcf198749a20d542fbcbc8e0a

SHA512
458473aa825ac9f86c06caf499f3abb9e5cfe636063918abafd58eddcf224c9415b04043e28392a4af8720adb805750016770a6a8abff73866805ffc369f7e5a

Download Submit