Overview
overview
4Static
static
1URLScan
urlscan
https://www.youtube....
windows10-1703-x64
4https://www.youtube....
windows10-1703-x64
4https://www.youtube....
windows7-x64
1https://www.youtube....
windows10-2004-x64
1https://www.youtube....
windows11-21h2-x64
1https://www.youtube....
android-11-x64
1https://www.youtube....
android-10-x64
1https://www.youtube....
android-11-x64
1https://www.youtube....
android-13-x64
1https://www.youtube....
android-9-x86
1https://www.youtube....
macos-10.15-amd64
https://www.youtube....
macos-10.15-amd64
4https://www.youtube....
ubuntu-22.04-amd64
1https://www.youtube....
debian-12-armhf
https://www.youtube....
debian-12-mipsel
https://www.youtube....
debian-9-armhf
https://www.youtube....
debian-9-mips
https://www.youtube....
debian-9-mipsel
https://www.youtube....
ubuntu-18.04-amd64
3https://www.youtube....
ubuntu-20.04-amd64
4https://www.youtube....
ubuntu-22.04-amd64
1https://www.youtube....
ubuntu-24.04-amd64
1Analysis
-
max time kernel
1680s -
max time network
1687s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-06-2024 07:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
android-x64-20240611.1-en
Behavioral task
behavioral8
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral9
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral10
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral11
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
macos-20240611-en
Behavioral task
behavioral12
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
macos-20240611-en
Behavioral task
behavioral13
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral14
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral15
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
debian12-mipsel-20240418-en
Behavioral task
behavioral16
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral17
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral18
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral19
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral21
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral22
Sample
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://www.youtube.com/watch?v=lyhIj0Ci_AM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 820 msedge.exe 820 msedge.exe 4832 msedge.exe 4832 msedge.exe 3372 msedge.exe 3372 msedge.exe 1788 identity_helper.exe 1788 identity_helper.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4832 wrote to memory of 4884 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 4884 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1768 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 820 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 820 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1440 4832 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lyhIj0Ci_AM1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92c233cb8,0x7ff92c233cc8,0x7ff92c233cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6040 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7446263807006398272,3917450435277400161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5390187670cb1e0eb022f4f7735263e82
SHA1ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA2563e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58294f1821fd3419c0a42b389d19ecfc6
SHA1cd4982751377c2904a1d3c58e801fa013ea27533
SHA25692a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD50d29e2bac86035ac56100e1900321ac1
SHA1d46deffee2add91742b971c773b63db887fed347
SHA2560b00caa2ca08fc6bc4224856248d833c684ec7dae155ef9570a6fc84e3269698
SHA512afd68e6e4046c9c694d0352da780c64af486ceefe5bb2b2d3e3f51ccd86e533de3887532db76fa51ce4ebcd89c99d0db1e0e849af3842cad7e17decd93924436
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD581a49725735356ea5273b61d2b162f11
SHA19cef5d023fef43ac0baa9b4bfca9ae81b89063b2
SHA256ef4a285900cfde41035e70039c61fb9388b9395eea00b26ba5d2a667feba0f47
SHA512e2cfa38a7ca9d13a78431991598b907fe81a0300d01a6c23a79014e5ffa133c81251531b4b86b4eaa2f46bb804728855f3ff09f2d17c0a3ea9d8363a3fc08978
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD519426ef8b59205d609c8f00f8d8bb971
SHA1974311b960fed1a73e8de65e1b9a585ea62adb2d
SHA25621e4208b94161d1a758fc8010ff7f0aeb73e4de6f607bd0f849c7e9b6b2b2721
SHA512ad7cd74deb9d754bf3a837c62616437177a8caf2927c9b029558c5aaf01fbc7e2f181ef7c6937e2a5ce2514822d214cf03bc20c1e1b49bef87b49d0b1aa90dbf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5c704ea85062ca22d8fc0762954252a8e
SHA1989d58eba251965002c88aa223f8283b3cf647ea
SHA25641a4990bd5d0908a2d556e3482afddee63e4457650dbb2a2a4e8262afe11226c
SHA5122e7d366da240fc5d2948008678a58ec81d30ddd735667302da4117b78ff75a158d924099a49079adee9c5ca104ada8b228a8d30889f71953db1e50b792d71168
-
\??\pipe\LOCAL\crashpad_4832_LECBRMYYKSKIYGRFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e