6eb7ae39de124c8d297b112f712e8a8a416196dc13c6d65e352da9ba706796ab

Analysis

max time kernel
57s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 12:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

iTubeGoYouTubeDownloader7.6.1.x64/iTubeGo YouTube Downloader 7.6.1 (x64) Multilingual/Setup_x64.exe
Size

125.2MB
MD5

24511b9d65e8b061896d92948d2e8f2e
SHA1

e03018ceb38c1abc5bd56584d0caccd0ccbf5f37
SHA256

9bca5e4d35f7f26d825374a44ab8b282c8b84c1cdae9facfb8b08522c457c872
SHA512

ffd555f449e0c2ba4e74d3c378adf4f45a1566a53801ec6f5788fbbe52f183191b610d3f19f4845b27a3e4bcba188882e8a2fb6fb496819564693fcd8031afa4
SSDEEP

3145728:BUyVeP2WExb/02hwik17k9dE4y6Uwp4rnhe9H3:Bz9dxY2hwnuTE4yXwp4k9X

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	itubegow.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\iTubeGo\is-LAP36.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-B6FTJ.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\Qt5Qml.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\position\qtposition_positionpoll.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\api-ms-win-core-libraryloader-l1-1-0.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\platforms\qwindows.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-ESSSB.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-80G3L.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-O4M2G.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-51181.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\Qt5Quick.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\Qt5Network.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-8E9UK.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-MR5B9.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-0NGPK.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-UUR3S.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\imageformats\is-89KS9.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\api-ms-win-core-interlocked-l1-1-0.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\api-ms-win-crt-heap-l1-1-0.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-K7FET.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-MDO63.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\imageformats\is-SSP14.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\bearer\qgenericbearer.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-8TFCP.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-3216M.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-F95VB.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-PU11D.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-HSETT.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\api-ms-win-crt-stdio-l1-1-0.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\api-ms-win-crt-string-l1-1-0.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-1HTJO.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\resources\is-LMDMT.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-T6I2K.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-HMMOP.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-0GC75.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-JNKRV.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\api-ms-win-crt-environment-l1-1-0.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-RLMCG.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-4H0DJ.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\mediaservice\is-90P1F.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\iconengines\qsvgicon.dll	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\Qt5Positioning.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-4MNL8.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-4A1MO.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-M821D.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-46RNP.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-VH71J.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\itubego-dl.exe	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\mediaservice\wmfengine.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-STM84.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-EGJM9.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-0CPP1.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-BEHGH.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\vcruntime140_1.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-14QR6.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-41414.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\position\is-RN7AR.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-6GV2C.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\qtwebengine_locales\is-9395S.tmp	Setup_x64.tmp
File opened for modification	C:\Program Files\iTubeGo\ucrtbase.dll	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\is-P94OO.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-CGQVP.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\OneClickedType\is-KSA5P.tmp	Setup_x64.tmp
File created	C:\Program Files\iTubeGo\translations\is-QC6G9.tmp	Setup_x64.tmp

Executes dropped EXE 4 IoCs

pid	Process
5084	Setup_x64.tmp
4656	itubegow.exe
4648	QtWebEngineProcess.exe
1160	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4656	itubegow.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{8D2B60C1-FAE5-4CDB-A61E-958EB9194620}	itubegow.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4656	itubegow.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
5084	Setup_x64.tmp
5084	Setup_x64.tmp
3708	msedge.exe
3708	msedge.exe
1584	msedge.exe
1584	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
4648	QtWebEngineProcess.exe
4648	QtWebEngineProcess.exe
1160	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4656	itubegow.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
5084	Setup_x64.tmp
5084	Setup_x64.tmp
5084	Setup_x64.tmp
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4656	itubegow.exe
4656	itubegow.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 5084	3632	Setup_x64.exe	80
PID 3632 wrote to memory of 5084	3632	Setup_x64.exe	80
PID 3632 wrote to memory of 5084	3632	Setup_x64.exe	80
PID 5084 wrote to memory of 4656	5084	Setup_x64.tmp	83
PID 5084 wrote to memory of 4656	5084	Setup_x64.tmp	83
PID 4656 wrote to memory of 1584	4656	itubegow.exe	88
PID 4656 wrote to memory of 1584	4656	itubegow.exe	88
PID 1584 wrote to memory of 1576	1584	msedge.exe	89
PID 1584 wrote to memory of 1576	1584	msedge.exe	89
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3440	1584	msedge.exe	91
PID 1584 wrote to memory of 3708	1584	msedge.exe	92
PID 1584 wrote to memory of 3708	1584	msedge.exe	92
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93
PID 1584 wrote to memory of 436	1584	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\iTubeGoYouTubeDownloader7.6.1.x64\iTubeGo YouTube Downloader 7.6.1 (x64) Multilingual\Setup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\iTubeGoYouTubeDownloader7.6.1.x64\iTubeGo YouTube Downloader 7.6.1 (x64) Multilingual\Setup_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Users\Admin\AppData\Local\Temp\is-6L60T.tmp\Setup_x64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6L60T.tmp\Setup_x64.tmp" /SL5="$100048,130532814,784384,C:\Users\Admin\AppData\Local\Temp\iTubeGoYouTubeDownloader7.6.1.x64\iTubeGo YouTube Downloader 7.6.1 (x64) Multilingual\Setup_x64.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5084
- - C:\Program Files\iTubeGo\itubegow.exe
    "C:\Program Files\iTubeGo\itubegow.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://itubego.com/thankyou/install-itubego/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa71c446f8,0x7ffa71c44708,0x7ffa71c44718
        5⤵
        
        PID:1576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        5⤵
        
        PID:3440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
        5⤵
        
        PID:436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
        5⤵
        
        PID:3836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
        5⤵
        
        PID:1540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
        5⤵
        
        PID:3924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
        5⤵
        
        PID:3324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
        5⤵
        
        PID:2720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4585797699602219359,8684546227980287868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4488
  - - C:\Program Files\iTubeGo\QtWebEngineProcess.exe
      "C:\Program Files\iTubeGo\QtWebEngineProcess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --service-sandbox-type=network --use-gl=angle --application-name=iTubeGo --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=3468 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4648
  - - C:\Program Files\iTubeGo\QtWebEngineProcess.exe
      "C:\Program Files\iTubeGo\QtWebEngineProcess.exe" --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3516 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\iTubeGo\OneClickedType\is-CGQVP.tmp

Filesize
279B

MD5
a33ff081ce9e3bf13fd0eed85636e1f9

SHA1
a13b54aef8fcfd533210668484bf1978e0302a65

SHA256
6a52f154d39a9e5072584e21008092f75a3613d0f442552f1c4b1015bb6c78a4

SHA512
45527d4ad183ca0c9bc384d35ef4c658e4e73855c20e373e2102f04408f32659317232a20abadd391d07eaa2b890bcb3827ffcd8ad6d9e93b86584f9dd389f55

Download Submit
C:\Program Files\iTubeGo\Qt5Core.dll

Filesize
5.8MB

MD5
55e391c949f73755a11e90b4c7d6c035

SHA1
367281905c68ba6ac41d66bb89381e94ca4b09f2

SHA256
830d6ffa26ec8d25d2a91d6764633534b77170ab58074b4cb007a537076c0834

SHA512
cab19dc91478e2471b0b838688f005660b67aad175f9db8fde2b4854fcae92636f4aa52570e3b17ffabae7d90562e7de4f7dafdb4f05f7c45082f3759ac7f811

Download Submit
C:\Program Files\iTubeGo\Qt5Gui.dll

Filesize
6.5MB

MD5
8921a4370aed61ad46887425cca559e0

SHA1
a337e4601b2d5869aceb655cdfa39e0fe4a610e4

SHA256
bc8de6bad4c75afc64c8c44782cc1ab17cff50dc2489ac2d60cb6686f1862a04

SHA512
ae7a4c67dfbcc26d2d84d11e585fc3f7dd1ef259513c626c41e794e4b01200d392d1f6039921943daf1948f8894539ea55504169fec0e8265417ea06bd281989

Download Submit
C:\Program Files\iTubeGo\Qt5Multimedia.dll

Filesize
752KB

MD5
c92fe00c70c8a9aa6bb4111a5c836ff0

SHA1
6382281c9869f05a0409b6bc860caccaf9ef6507

SHA256
725f6d6056e9a33186e2ea8d567b65cb66860218938e90f5fb5165304ab28b7e

SHA512
8f92217fcb6b093927162e6d68896d8ffa618e5e625d2c32570974d9c9505fcc132a2202c298160a90a2f0641d27039f54cc6bb392a3e2e03fc5432923def7e6

Download Submit
C:\Program Files\iTubeGo\Qt5Network.dll

Filesize
1.3MB

MD5
29fc3896806c1594f22a1196a5a139b1

SHA1
90d426a45a2c631b0443483b263569fd16fb13bb

SHA256
cc8d1ebb453841597bac52ec4618ca78e4ab0c05eea4051f327678489d088dd8

SHA512
506d0bcd7c586c4534504fdbdb9c1dbc79aee30092fc9193eae616e37cb04f0c8b82f6408b7977695f3dfc24699e25f2d263c9df857c0da8951c0b0b6a837996

Download Submit
C:\Program Files\iTubeGo\Qt5Positioning.dll

Filesize
329KB

MD5
43a8bfbbd7940697634a7391fedcca8e

SHA1
1c09caab039ad9da93c54a360b6f65a44786e7da

SHA256
8494d69d1e1bd4473ad40377382b1fda2dacaf56efb269442e80a4ae03e0e2b2

SHA512
acee28c508bd61cd3390be6e45150b79e762ab44361989f88070e1d5fe77f27fc074dbabbf249d640c49368f70bf70723efacdbaf49bb543bb773cf3043488a2

Download Submit
C:\Program Files\iTubeGo\Qt5PrintSupport.dll

Filesize
329KB

MD5
ba7eb4a8b96a15b463448ca2f56535b1

SHA1
5177e58e03544cef43cf054a28753a9203df63b0

SHA256
1a461e44ab466d3094385bd04916b708fa09907bf128d0693e1e8588ba1dc909

SHA512
458edce7d19781b00450d2d9a3fdbc12f94e0c508a013aab20edaf62cb1a611f8b659fde116466f41b7483e402262036fba405ce0ac3609ee61a0ddeeba20647

Download Submit
C:\Program Files\iTubeGo\Qt5Qml.dll

Filesize
3.5MB

MD5
3e49347917cce1dadad4eca13fabef06

SHA1
c9044a9a3c9d71fed45ac57029b6edd0e2f348c1

SHA256
9929a97e2e62899415c1b85127cabb9e523cc5639ced84ec5d20da5658f901a1

SHA512
a775bcda52503a5369e50c89cd35a2f3d70b3fa00bf0ccd7d4d7d1ed0fab9371373349b8d9dfe89260fa9c695a992dea72ed1f016c4e39a96307a3291b565733

Download Submit
C:\Program Files\iTubeGo\Qt5QmlModels.dll

Filesize
452KB

MD5
9d0d7e627b306c8b24d60ad7730c7683

SHA1
e3516565b544d021aa77f421921155e520dc4476

SHA256
88e30198b9952d02d420fce925cd176111f24ecc93cdc55f33cccca2902dbf4a

SHA512
2dc978e0654b12747a87fad46e5b4e23df64ca8759579577fa672c583d80f5b94170fd813ba72bd16bd308e3f5f24aa1984cfcb8062fac0d2d431ddfe961535a

Download Submit
C:\Program Files\iTubeGo\Qt5Quick.dll

Filesize
4.0MB

MD5
979e4790d4038ec085678f22e8e06e5b

SHA1
93a4092b0462e54575437578a9f32463503b94f9

SHA256
1dfc334c7aa4a93b8d40edfc99c475ee1e96ea322ea061fc6355dd4890f2ad98

SHA512
0e30f3658915f48169ef79406d5c4b9bfa4146d00d8389c84cd6c5637b2165ca7e1102a1b9ca719bf4878773319ace527ad78bc99df684498302dd9c7a8ce5b3

Download Submit
C:\Program Files\iTubeGo\Qt5QuickWidgets.dll

Filesize
99KB

MD5
5696519f31f1392db66814b5b09b36c7

SHA1
582de6c66673e80f252739cf0c0a3fd566d92de7

SHA256
cd2f5674e7ea8aa49a43676b58e6ce6e4d855869d2c66c7232566a5ca36499ba

SHA512
7ad31259c3d45aafcb12ec3f5996b96a5330dec46dbc3a50defa61a127d97a9c81e57e18f3482cf603163e60ae69ae3b41b683d34a4739c0ba51687a0201de2c

Download Submit
C:\Program Files\iTubeGo\Qt5Sql.dll

Filesize
224KB

MD5
1c575d4b0bf7191d2fb7f09b8a95cce3

SHA1
9ebfcd6cd4c32e6d8da670e4078d773c2e7769c3

SHA256
acd2399f657da201bdd521556dae3b0d4ef2cfc6b9c0566830af22a21c4ed961

SHA512
b4c44b823c5345aea12033bbb236022dd4dae788d6f4bc64bf635ccf358123ef5b27ffd63d9b8c1dc4041182a461baad38bac5f567c6c252688f741bd6e3df66

Download Submit
C:\Program Files\iTubeGo\Qt5WebChannel.dll

Filesize
151KB

MD5
6c7079a8f7ea22d2a871701e83df370b

SHA1
402a66bbbacf8460d60ece7d09d3955ce1ebb5df

SHA256
8cac8b90ba75bdcfbd3b471bfe05116839a798895771eafba4c49ebd0415ae41

SHA512
3ba024648ae9a51ffe28e5a070c048c64c57fb1c0159570d411847d83ad45ed2973f4256671d9b5520158ed4e7964e3206ea70207e562e565493cd0aa3edde29

Download Submit
C:\Program Files\iTubeGo\Qt5WebEngineWidgets.dll

Filesize
264KB

MD5
75cb6ab8bf790343ee38763bfe21e268

SHA1
18f92bc993d77976fefc26484a465091fdd791f1

SHA256
51ffd19a0307b618f101e01d12b76d7510978f51b280b880580455c012797057

SHA512
454c89b8e70c5c8a87584f6a9f803a2e81dd77da0d6ca17fda0a4daccb1ee8a3e6050994c2a275f1b2a4d6a954a000f3b076550725d679287be986cee59d1045

Download Submit
C:\Program Files\iTubeGo\Qt5Widgets.dll

Filesize
5.3MB

MD5
5df288faa5a1eae8fe436e5162b77730

SHA1
8712f8f2bea63d8667a77ed1e86c1cf22c3abd1d

SHA256
cf1ed56b2a9addb4e41899287226e405d06504347cde17efe76f2ac48b800469

SHA512
eb74b381126a59bf45ab9d2223a6a69740eba75790391fcaacf45b6c04ab7636ea4967a3a0eb6551ec8975d22b97acdf306f3ccf8db600ddbd5b2852f777ac66

Download Submit
C:\Program Files\iTubeGo\VCRUNTIME140_1.dll

Filesize
37KB

MD5
de489da8f234a9dc92bd91f5de346659

SHA1
2aa85ed032679330aedb295985fdf4be26f9acab

SHA256
2992687b6e8bea2efa2abaa77bf3ab89b81f84de8bc4940472cd179ffd3584ff

SHA512
73317c80284ab061d6a9fa8956e668bee790e304109cb9dbc57c590f10ad9ac38e8384f5e33bdb2e330a77ed7a4e7df37d85fce6411bf62daba4ff8243ea2f95

Download Submit
C:\Program Files\iTubeGo\bearer\qgenericbearer.dll

Filesize
70KB

MD5
a65606295a30374b55b3f10195910fbb

SHA1
12c51a1f64a30e4c426b6d74c36dc234eaeab940

SHA256
bab47b46c45b8c0c4a43cfe60c0493c4f03375657bb30baf144b022914568e45

SHA512
afacc19da1924a5aac4edb17a2d02047bef928c678c1c9a9927660fe0f9e7c02354ad7be2e3ada675a51965377ac68978267051bcd2dd063b26f642d4bdb20c3

Download Submit
C:\Program Files\iTubeGo\dbghelp.dll

Filesize
1.9MB

MD5
09ad42bca6914bbcc8df00cbdddc7bee

SHA1
2abf7261c8ff78110182bc2074f596cd4f715f4b

SHA256
813b916a992cccff2bb6960abde910eeaac56fd711e4ad1373cf56783e2684ea

SHA512
314722f9927d799c7152e37c14403d392d31beea8af06e5d3567ff7a76f818c637dbcb462be067569964c66ae8a4fd52d1196e68b21e9c0f968471996f8129d5

Download Submit
C:\Program Files\iTubeGo\itubegow.exe

Filesize
3.3MB

MD5
e3dc27d277cc4e8d8c490570a64fc1b0

SHA1
efaf990ec5b74c9dc3030f46bb9ff0fee4d70f4b

SHA256
f97aa655011f075cebbef17793516a12700c5d80d0b76e7e4473af1db781387c

SHA512
57800bd147c164e9119c763c01c004f9eb33ecc1bcd923670a534409a6237e53c52de3f481b40ebc4a6081b7978cf3c3990d6a9a32cf5059483994c49b35bfcf

Download Submit
C:\Program Files\iTubeGo\libEGL.dll

Filesize
43KB

MD5
6174cbe383d802e89b79f53803e3c62e

SHA1
83df5b0937dedd9fd173ce95980d3928cb133929

SHA256
e86ae54a2495b2c50850d149825730de9d8237237e90fa6360315207c92c5987

SHA512
bebd2484b3d3f6d94c79b0de86e1102cbb89d0d390e60ec0e62d211de252b41fb78ec3beeabbeb635fc051f13603b2af7d1366c1b7683f31c695c2ae65308552

Download Submit
C:\Program Files\iTubeGo\libGLESv2.dll

Filesize
3.2MB

MD5
c8822f7e43b325ab6b3c97baa6c71032

SHA1
e431db4baf382c5fbfa25f9619aa5156a600577f

SHA256
04b535d486b65fc6411c3af6ae0575c80446f8b66157018c799fa0355a7541af

SHA512
07466476f73e604855a699b3a146b6f7c88bb7f9bbb8ebe7b76fae40090a3b812f561043abb6958a0ba1086a91ea48b3aac7edb13bc1cb4a37b2dd58ae165340

Download Submit
C:\Program Files\iTubeGo\libcrypto-1_1-x64.dll

Filesize
3.4MB

MD5
d854b1eaffca3f9b029087d7322e8bef

SHA1
10b4a215123f255e6f303fa36268ed39c4ee482e

SHA256
1adbf4db60f29afc91e3d6e3cea87b521f6708c986d25e9fba577f6b04f7b066

SHA512
f087e54e32ac683317eb8d67bfcc0e490edbe54a6b764610e54159185cfa1353cb9f0d32b024813fa55788f6f6e14c5f370e28e4fd4677ef4030c3d48a1049e3

Download Submit
C:\Program Files\iTubeGo\libssl-1_1-x64.dll

Filesize
971KB

MD5
ae9699cd60a2a3058c07021c63afac8a

SHA1
94ce5db3df5b90143136c98e39ec4a7f5c7bc6d4

SHA256
e0c75832e8e5c680f932a54e4b1ca3265de400f806b2c96fd3c47bb3c71e2df9

SHA512
12ccfc8ab51bb0b547a490a485007648acda4630e08f6969f42a973a9f536f1a4230c41656e1eed20e03e80e524812cea724fd44b75f8764f07fd27e78778bde

Download Submit
C:\Program Files\iTubeGo\msvcp140.dll

Filesize
603KB

MD5
a1d30ef2114e18e26e2bb96555be81bf

SHA1
a5e3e5a5910dd0781caf0a9f58dd7b519de8c927

SHA256
f87819ae8c6f7c90d3237a1abb9809e8cba9dcd0c80ac3f0969a5e68ef652ca4

SHA512
5c5bdae87327b3fb724844087257a0ba0e7ad31c194ab5f632845e8f09633f63982817ca551d1735523b1a65763efa3c2ddc8789b3bf23324d7882456e3aa6f2

Download Submit
C:\Program Files\iTubeGo\msvcp140_1.dll

Filesize
24KB

MD5
5bf0057ad6d77144dbdd22974fc6795f

SHA1
e8f7bdce679061597e01d10e6fb9d03e27f45d1a

SHA256
fa42a1199801ed2832662fb681087542d59d685b5f0fd5a9d8d03b51d74d9670

SHA512
621c4b9f2b122e7ffa75cdee6c4c7d8cd586e819fc553942f075dbe2d94cca1d8bb265fa6c62de72389b1733b1fc1c13734d9e4515f9d52e04bf81db97c1acc8

Download Submit
C:\Program Files\iTubeGo\platforms\qwindows.dll

Filesize
1.4MB

MD5
53a953a1c6d370a4a7b5b4c56d74b18a

SHA1
8dc73841500d4f7042403efb67c2eb9fa5f280c4

SHA256
d7df4bceca00c606055b7471c4d70c7bcc0bcb21b195dfb8ed6b2c53db0ec9c5

SHA512
58f00bb1265d5d0d5e229015aa6fa9220763584a2ce21ef934842495d889bf8f6854ce0180763d67dc0244117fb9ea6f17555d224c3fb667b9aea1450a76ad2b

Download Submit
C:\Program Files\iTubeGo\snvrfy.DLL

Filesize
41KB

MD5
bd04f16d9526f4ea7227be4cf675eaab

SHA1
f56a7a9377369a6519a975549ffe147c77d58ed1

SHA256
8ff3ac59d58c833b28c9492d385267be27d4820d67ef4147cabb5708ec8ae36b

SHA512
02e38bc26929732ce6f7f604cf98a2b780dd3abacd1f51d4c8e8e71734b6d15657bf702e39355cabc9a0d38d4df300ad3955b745a633407400af209d2ce398c2

Download Submit
C:\Program Files\iTubeGo\spdlogCore.dll

Filesize
331KB

MD5
68faf09691bd4d2a1d21fb9b0f3aa975

SHA1
b9d8e1d7473c9f165708cf14c79299ac758c93cd

SHA256
d5e3909c39ee9ece405b7ed508aa004b04bd5adde0b39f92808ec963de02fae8

SHA512
d6074bf9ae242fe5c09b7a27aa3577d5bcca36d9fb66575ea0b8b601ab775a0b137c8ae73df3c0ca13acdf63e9d23777d6e56f19430400d17f9d198ef2a820d6

Download Submit
C:\Program Files\iTubeGo\styles\qwindowsvistastyle.dll

Filesize
160KB

MD5
0f81216f37cf85cedf5207b79c302d7f

SHA1
7d26f345cf95481ba1eee397742b5236c27523f0

SHA256
d7b224a9edd80133d34e36ae31503a65fd060315674564305d673b9e7097f795

SHA512
e4081011fa4fb374bd108a2e342b5bd922a2e09d713c1a71dc92743e1412931df71fbf3a4be70f8472fa8f3efb43513b3a203ec46ba021ba1ef835310270458b

Download Submit
C:\Program Files\iTubeGo\vcruntime140.dll

Filesize
87KB

MD5
23105a395b807d9335219958b4d0cec1

SHA1
fb60050d82e3bc1be3b10877b9355f5d48e04854

SHA256
61832990e364dca5bfa2c61d930f00acaae6d1aaa3130392403455ae9a1125a5

SHA512
ef91d19e632d0d146fa68d52beb04ffcb9b972079cd9c255f44ea5201637a8b00907ec8e3358c7b5cc37338470e29e43dbaec7ddc0562810b49ab2e8115cc805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dca877f95f930494ea5490bba4c9f6b5

SHA1
142b80fcb7be1334e112e5a7d6011cd71f24c226

SHA256
ce183a630e19a8947130ac2ee325b3f3c1b395f67c17f4d5b89ab1ac93f983c3

SHA512
e85a0105db24db0c341f7590a7bdced2a719d0d1d82e0734caed186d45d976861fcd2aaa3678fa13d3550f1350e2ae76e67b03778ee8a728bee7c90bbc9b9f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0d0347f9bd00421c909cdfc618663725

SHA1
7be467e86fd3a7928abdf22797530c4db67dbe8a

SHA256
50ec516697ab0601270b8a73696252aff0cde07b34fad1de6518b500cd570943

SHA512
d04a5be434139a635512f274edcefd8a149a7f30f3f3724837c5ff911c71efa15594a65faf46554f098d6212768fbb7e724589206b4b9557a1f5a4fca36736df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6L60T.tmp\Setup_x64.tmp

Filesize
2.5MB

MD5
2f477e54ea49d61a105efa916d208f9b

SHA1
0465e3fd1378a93cb78b06919060e0f4b18b6e84

SHA256
14f065398ce51b5919fb3b7350f30f9c3e1e00be49e90bbc2c97989e789de8a3

SHA512
228f782270d97c2134eda10c9980a7d60b5be346059e38c73bf9ea1870ffa53a03aeacce2e51b9afb4513d2e832f88a5808a54ac2a824e83bc553b1b1929d0fb

Download Submit
memory/1160-715-0x000000006D480000-0x000000006D54F000-memory.dmp

Filesize
828KB

Download
memory/1160-689-0x00007FFA72ED0000-0x00007FFA732D0000-memory.dmp

Filesize
4.0MB

Download
memory/1160-714-0x0000025B69EE0000-0x0000025B6A081000-memory.dmp

Filesize
1.6MB

Download
memory/1160-687-0x00007FFA91800000-0x00007FFA91801000-memory.dmp

Filesize
4KB

Download
memory/1160-716-0x0000000067E00000-0x00000000680DF000-memory.dmp

Filesize
2.9MB

Download
memory/1160-686-0x0000025B6A0A0000-0x0000025B6A0A1000-memory.dmp

Filesize
4KB

Download
memory/1160-685-0x00007FFA91EF0000-0x00007FFA91EF1000-memory.dmp

Filesize
4KB

Download
memory/3632-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/3632-545-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3632-8-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3632-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/4648-713-0x0000000067E00000-0x00000000680DF000-memory.dmp

Filesize
2.9MB

Download
memory/4648-688-0x00007FFA72ED0000-0x00007FFA732D0000-memory.dmp

Filesize
4.0MB

Download
memory/4648-712-0x000000006D480000-0x000000006D54F000-memory.dmp

Filesize
828KB

Download
memory/4656-670-0x000000006D480000-0x000000006D54F000-memory.dmp

Filesize
828KB

Download
memory/4656-671-0x0000000067E00000-0x00000000680DF000-memory.dmp

Filesize
2.9MB

Download
memory/4656-520-0x00007FFA72ED0000-0x00007FFA732D0000-memory.dmp

Filesize
4.0MB

Download
memory/4656-511-0x00007FFA738F0000-0x00007FFA73E3C000-memory.dmp

Filesize
5.3MB

Download
memory/5084-462-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/5084-544-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/5084-6-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/5084-16-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download