hxxps://www[.]youtube[.]com/watch?v=lyhIj0Ci_AM

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=lyhIj0Ci_AM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
912	msedge.exe
912	msedge.exe
4892	msedge.exe
4892	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4892 msedge.exe
4892 msedge.exe
4892 msedge.exe
4892 msedge.exe
4892 msedge.exe
4892 msedge.exe
4892 msedge.exe
4892 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 344 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 344 AUDIODG.EXE

description	pid	process
Token: 33	344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	344	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4892 wrote to memory of 3620	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3620	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 3796	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 912	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 912	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe
PID 4892 wrote to memory of 908	4892	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lyhIj0Ci_AM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbb5d46f8,0x7fffbb5d4708,0x7fffbb5d4718
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
2⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
2⤵
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16899497269576106337,8036164818314436521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:344

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
46KB

MD5
365e6cacd993aeff945e88baceb2f327

SHA1
46b1169f2e2c61c576e72a5288233f9ff5b0ed2b

SHA256
0f82a04bbfd4a4bf5f3d302fc32f39bbc2ed655ecb7430f32828d0e4814da511

SHA512
65cf29383b299f54561f354b65cfb2e412a49d9a009dace0197962fa0d5a86eade5bc1c08789e6f4d271bcb3d97064b3cfaf540ad183baa5c462ffb8d7cf6769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
3f114f295fa53ede338bc5585d464d95

SHA1
4061d8b39c7a806412dde9bf4b0c5053626a7f9c

SHA256
bf2bfdda0066a1cd9801df5b327e352ba915f32f7e853a95417fc0b86bb03a2b

SHA512
987f1c3b6e1949ad34fd38d2b4bcac1312bb6fda858360131feb69947bb6fa7a7f5d76ea4d132dc78872d87fd0e8b5405cf065a94b080a8673eaa438a8f8a57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
91d9c875cf591f45ac6c7b7b22234fe5

SHA1
e731a332a8d31368328f0366bc66de524fac5312

SHA256
e35630d07f6cea67bcabd0a9def1048a1efbd4882674af060be8c2a53e6e6e04

SHA512
a67cc4d14ef6b29c86b11b35424b9c9cb6f7b25a59c0b6459cfe8f4289b9b21f1678b855bf06768af1d02353a62c0cefd67c777a91615674b33797a9ac31c582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
cd883320208bf24d066674c5bb1f8c8a

SHA1
903c95cdf22a5215d0380a272c5f7818126188b4

SHA256
e597dc23a3012dde9b2eab12655b449c8b50db42257426eda1e016891c68c455

SHA512
35cac521093b994f2cab1ef11e4e997a978cc6295e13eb1c6ac02ca3af8c378eda69901216b6f128d5b4b97654138a9cf2494dfb173b953969cc804a6fb2ccf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
c0be1436164e012c052176d023fe0cf8

SHA1
9a4038d5f16def057a3b3bd87d6b3f21dd4fc33f

SHA256
0f654447cc869181bde289c72192d9d62fc13907ba730b74d560505db4e7a406

SHA512
1978a262274a6eccf6ae73a5d67669f332b2836e85a0d78383ac58736ea1a2b6db13d20405f31042fa0d165b1c23d9982dbc509c818f262d0cd25390826a2fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
8a102a25231f275759833744c61ed42c

SHA1
20486a8e9ec3bace2606d0cde4fbff7618207e8e

SHA256
2a8e9bfe426fc9876995744d4db5a7351fbc090899ad03c6f4fbaaf171f4d4da

SHA512
05fe80d7f0bd27b7d7ea39a4342fbc53e778d1731f7eb7399f2db392c353093a92ff75e2c48df7b4502312729aecb53e6fca6006791ff072a608c5c30390fef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d8e71eb1e75ad01dfa3855553c8cc0c7

SHA1
0df1013037ac1e1bf28c01a10b36454f3a550461

SHA256
0ffd1acf109b22ecfe4d61d71be0ee3589bf0af08436a0c1f6b24290ccb8290c

SHA512
5b7bb055829292be47c2eb1f3f5531d86742d3a95ed0a599fb62a49bc99687e2ab083d0210d652aebf45311e6e7617a1eeb6fad5931dc5a0b4922f94002d187c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f05d3d996f6ef901e1540b61b86c3bec

SHA1
531761836806651f4497a22f885437170a14ea96

SHA256
997dd791724d5c3a87329919e025d8b59fc684f6f9150f48b3366f95d8461165

SHA512
62f6d1f3832eb3db99cf536ecdd0ed8b12a8fad6744bf9cb09e5f1e55b2887bdc3ff75081b1e394689866c0a7ac0b4132812497f2239ec8fd738d69bca0b2071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d8f3ce33d4d7a3a0c97424c7982c0ee8

SHA1
fa97078023ea1e46c1bd66806dabd605b230e331

SHA256
8d741da1491106c1331f8fc63c438a3d8e044fc8db874185845b4d7681bfb516

SHA512
7126da0f755193e2dfe2d4b321afceb0f1b4711075df3a530932986deec5f47bebbe828dc28bcb0b40e581d95d7698c40de5f43eca2192c09f9ca83961a7f50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\84cad127-4e84-475f-9689-7d174cd34c09\index-dir\the-real-index
Filesize
2KB

MD5
cbbc007be78b3abe08c4fccb4985f6bd

SHA1
2d296a2e60f2e8f8daa2dc0c35e6714e22795355

SHA256
c31a1eb8349d947739137a3c6a547b124bd4c73c026966ed0a8e9560981e963b

SHA512
8765e2ff2518026ef472766ea158004a4fe0e0547ee8ea081454a63b3c82082a2b443e939317dd692f737e00ec0cb9eaa13042243a315ae2853c3910200c5042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\84cad127-4e84-475f-9689-7d174cd34c09\index-dir\the-real-index~RFe578c61.TMP
Filesize
48B

MD5
8e2c55f3c651739961d5ab70407b3bfa

SHA1
51b28b8d28cb30dca12ca2bb8bc8379e126ca807

SHA256
134b7f72a7e1cbd5046986730c725abb4b925e18c6ac0a31771edf142e497aa7

SHA512
75ff27e8f82c6800b062d47d50d76c690e666a77ec5e7625d1e881994e24be556944b335d6873fba6f8efd35e9d9092a48fed522a981c3c49b60e36e2e8d6271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5f84b9c-57d2-4c1c-a2c8-f14649499f0e\index-dir\the-real-index
Filesize
624B

MD5
8d4528502a5dbd2c8302dc86eb5a687e

SHA1
585bc2b9238684edfee924aa079ad4106a75c45b

SHA256
f3edecf658753f1c2e141f94c3f599388735fc2adab0ccfe492372f6880cbf00

SHA512
dcf4778f08e6781e48feff353c154720ccd5c62bfd13ea802865145d1cfb08c08201cbdccf2e043597f560fbe03192576b571f98da67f0b34dabd82c7c0700ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5f84b9c-57d2-4c1c-a2c8-f14649499f0e\index-dir\the-real-index~RFe57900b.TMP
Filesize
48B

MD5
6939ea33236cb562491a4f4f87037cee

SHA1
d9dd466490bf3deb2e6c307449500cdc66c5f060

SHA256
4d60b48af004fce5aa3b61bb7e06fdb6f18f1cdf907a65d65c1aeba8825415f4

SHA512
82a1bf305adc804f033d1a4222a6658d9610e10e458a73c1bf81903b0ea37310b6aeb15c947e12e6e0238a9f381bcc89ffe3fca80dfc71b6b940044daad3b11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
b939decb0b5c80f11e8efe9d1dfa7457

SHA1
eb49dd78b844e2827a260ddb77c8e3282ad6b4df

SHA256
423cf197bbfe95745b6212d4aea6d15439c58cadbfaf2339b4ba6cfe32e4f69c

SHA512
a06f645e448f0157235b9dee489d301976da14a9411c018c2076d2fb8cc7e389660d34bac2851327ea58a4cc0e61eef8b7b772c3e4c3e7c5102a7634583219ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
701a07e669bb0b38d8fa4b847897f567

SHA1
2d59464f8b56480245eef736975b401e17f79116

SHA256
06b50b07925baa5f0ce614a78b66f9110c4517899837109073536e062435eecf

SHA512
1e3bc2c112e5afe1381f8b75aa335ca8a9089d13842036f7008a9e024e07b709f31be9374e388ff38e08855e5d14667ef08d056f5b78d24dbc91fc216095d936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
155B

MD5
ac503396ac598e9237687ce9fe11a0ea

SHA1
787b99dd84eea8b75fdc9adc7b756c57ce34a2c1

SHA256
fcaaa0bfe8026fb3e6430b5df6c9e2d54584ea892c3f717deb93280c9c96ea6f

SHA512
8c66f9929bca3014f1cf90dd89c03a55a9450ba7ec311a265dcf8b67fb8bc0218444389849c8f142ada0c2d37191a0ccde2c3c822fba1df3708608f29ebbcb95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
8b731dac9faa38e711dfa32cd9872aca

SHA1
fe463feb630f2cc74dc254e4c6fb0cbc99a6cfef

SHA256
b15896d66843f9841e8ba31676c69cee81a508a57f7e7268669cf9e15d005298

SHA512
5031fccb64055f377e9f2bc189dd0f3a6a26685052262567aabcd939b96e2ecf966038beeaf75789a0d808c1b5b2bb63bf76c1f41327e9e0174b8b03adf3c0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
180852929323ea283ea5e7b4101725dd

SHA1
5193661e6705b4b2dbd080fa5e4438049e82af0a

SHA256
676c06ff661742002219edf2e06f2da04496a22046a3e815fc979c8ffffc3a90

SHA512
47b50adee18b522e6c9c8047c0bdb9801cda22f2dfa974f417eff4b75fd4f2dfcab2d6ffe857fe786b3a2345d02818614ae05cbeeecc62f02eedd524c21a11f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
17KB

MD5
b09087fd34029e7f4c7fab11072808f0

SHA1
ee7730be560e01043030dc78b5a966f7ca9f8170

SHA256
b7050c0062ceb60877901aa7b6589468941153a58a3380fe5322bf7f7bfa171d

SHA512
d78e718a77ca8fa87b7bfcccbcdcc66e1963fa75135e3ece536cca21714e3e1adb01ccdce31af4983cf684626acb0736b3659df6fb33484ce09cf3d3c483f9df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
162KB

MD5
a105cc5857c85a94eb17a596083fdfb0

SHA1
91a9651932bcda3ed93142a7d0d6d71e449a1d2a

SHA256
c36fe9a5b0e0c3ebff0e3666d498116a449ec822b73740bb46ed9466d8975f74

SHA512
6e8f6a016d8a914e933801364cfc49c943f5fca98069dd4367bc228768f84b32764b7fc4a411a0aeeffdec7f30b1a0aefdad8b08fca5ecac3bdbb8439392ad26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
4c75c68a557a29a41b54f9ad95cce56b

SHA1
4e762fa1535bd1455c8e6319c5bd311791bb982c

SHA256
7c5c6a770a09a78c6b263eb6000e05417e3fab07d7cb3087897b1a92c4d96128

SHA512
aded1a4a64e67ca0a32a35907ad44e8eed0ee187fc4f3f9ff94a43b823d395c90d5f3a58d8e3f23c4f6c145302f31942a4b14ea382e1e52dde0e357d103cd86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578378.TMP
Filesize
48B

MD5
d230b10408d3a189f5f401da17fc78bd

SHA1
aedd74f109d981f3267b54d3327b5a354239e61a

SHA256
383a9849f1540af3a7d51799bc38d3926cf6b4cf0026e8cbd444c1c9338994e3

SHA512
c46bd0ecc815139e1b7f2989dc63cb2db639be1609b72dbf154549a4a9617569ee0880f3184023b6a2a82564a0bcd3c5667dd0925e307d6ef697188b829fe7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
70d7b06d77d8a4bb29cdfd155185146b

SHA1
eb140e1ab8f4e75f49405005ce16bfcfb59a8984

SHA256
eeb33e91ffa4a59d4380b5b5c1de333fa475553f016039c0cea0b58e876fe8b2

SHA512
00f64bfba1b9d264e171e9dc9850460011540164f2eb5b6d1fbf89e3da518dd618d17b743c5525bdf4342b0f1e632be2289cb03516c30a181ef72b21e8b5bcbd

Download Submit
\??\pipe\LOCAL\crashpad_4892_VRDVYMQJJBNMUQFJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit