0e404f7086ebef03839a331d9a515362dd134182038728275d46468ca30b4d1f

Analysis

max time kernel
170s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ԽXk Ver1.0 ʽ.exe
Size

485KB
MD5

b4fc4f3721cfaa9f0a42bcd282ce0f35
SHA1

97242db01638b2ed753b22a4ecb9a0bfa642feaa
SHA256

6382fd10129ebe5db5007d13b6ac76b38645e285435c92cccf63f4ed98251677
SHA512

ca88f1c9c122d88fbd96a07ab7f5d7607fe8e646abdb92abefce25acdabf09a2ba9d461728cf2e88194ad61eaff5d83839bc228e9223584743525a6e4c453939
SSDEEP

12288:qH7hNl+3Gmn0/YEyGEHbDA8i0jZjX2/i6j:qH7zEpn0/YFbdhFS

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral4/memory/1392-132-0x0000000000400000-0x0000000000552000-memory.dmp	upx
behavioral4/memory/1392-133-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-135-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-136-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-137-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-138-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-140-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-142-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-144-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-146-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-148-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-150-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-152-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-154-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-156-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-158-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-160-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-162-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-164-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-166-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-168-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-170-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-172-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-174-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-176-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-178-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-179-0x0000000000400000-0x0000000000552000-memory.dmp	upx
behavioral4/memory/1392-180-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral4/memory/1392-185-0x0000000000400000-0x0000000000552000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
5076	msedge.exe
5076	msedge.exe
4300	msedge.exe
4300	msedge.exe
816	msedge.exe
816	msedge.exe
836	identity_helper.exe
836	identity_helper.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
816	msedge.exe
816	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe
1392	ԽXk Ver1.0 ʽ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 816	1392	ԽXk Ver1.0 ʽ.exe	84
PID 1392 wrote to memory of 816	1392	ԽXk Ver1.0 ʽ.exe	84
PID 816 wrote to memory of 2676	816	msedge.exe	85
PID 816 wrote to memory of 2676	816	msedge.exe	85
PID 1392 wrote to memory of 428	1392	ԽXk Ver1.0 ʽ.exe	86
PID 1392 wrote to memory of 428	1392	ԽXk Ver1.0 ʽ.exe	86
PID 428 wrote to memory of 3708	428	msedge.exe	87
PID 428 wrote to memory of 3708	428	msedge.exe	87
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 816 wrote to memory of 3088	816	msedge.exe	91
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90
PID 428 wrote to memory of 3352	428	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\ԽXk Ver1.0 ʽ.exe
"C:\Users\Admin\AppData\Local\Temp\ԽXk Ver1.0 ʽ.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://9ixk.com/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff53ef46f8,0x7fff53ef4708,0x7fff53ef4718
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3136 /prefetch:8
    3⤵
    PID:1000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
    3⤵
    PID:2488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
    3⤵
    PID:2076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6524 /prefetch:8
    3⤵
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:8
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5858667050592653615,16162782337861585303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6796 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://9ixk.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff53ef46f8,0x7fff53ef4708,0x7fff53ef4718
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17101895288474623247,8221837672128310415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:3352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17101895288474623247,8221837672128310415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
8212d70c86ce431d59072c64f70a8279

SHA1
b221f0de1fb741bff50d0536566f1a9602757ee1

SHA256
b43ab742a745a5293b46de337819f22995835f52e29656ff8fb2eb5a1f569229

SHA512
08925c1502691ca0eebc03dcf82ba0efba59a3c480edbe7ace5632fcd2cb4d03895bb3babd41effa627b162bd3d88d51b8daeeadd657e49d39b4ebb202281d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
dcff86d1ea44adcbab4d3f7a658487ba

SHA1
c26b7af1ebc85e01aa5046fe831df3de15e42497

SHA256
b6716704f7c34a3f8d527b7c2d23d1c1f255bcd9e73cebe151068f376c32b18f

SHA512
0a9201ecb6520cbb970ae3dde2bb134a576a620c2204bde16550aa8329f69085a61a92dfd3a4ea8d5c12ba1885ee4164abd59715c9fc05504d9f29e25c5d9871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
442B

MD5
6eaaa630858e44ebf29fabe7ea096f73

SHA1
de87814e994e3bd0c39b521c2cfde9deab78251b

SHA256
86ce77c312815ac2bae827cd796ebca0ff05db021e885bd0064b787e6e953e23

SHA512
ec76b6b72de2b4d56f45f977da72252195a815ef312da34ddc57b883c5fa477c1ad7c6a7695c54dc054ea89bede4ac38f1f01fa851202ac6c49d966154b87e5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
446B

MD5
6f266d3e01069fb823cfb2ec288c83f6

SHA1
ae47d392de7b050693757ac5c043d83b66733a34

SHA256
e1a0f53015b1e8cb551d8f0f39bd808e3ff3250d46f6f51eb5bad0ef42f58d66

SHA512
708037a54b26a256f77545511729effee3a4dd376ad7fb21e0b0e0ea8301b848658aa8168056467737f4b0a12db9dd55441b037095fab89fff078af4fc0e5e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c874ca5fa1b38ed3094f05c9aa8a14e6

SHA1
2a36112a5b5f8a65fdefe6642d1231dfb17e30bb

SHA256
5821e8f0d7fa9e3b9dfbd53fd5becd380a8d3efdfcd6c787b76dd764a06df480

SHA512
82a38cd7ec1afc2dbf64cc5b99c21e86288da8a3b872ab09c660041cc43759e569971e42dfc6d281b23f53eb800c8d08b8daf656c03d65d087cd2eb54b03e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c874ca5fa1b38ed3094f05c9aa8a14e6

SHA1
2a36112a5b5f8a65fdefe6642d1231dfb17e30bb

SHA256
5821e8f0d7fa9e3b9dfbd53fd5becd380a8d3efdfcd6c787b76dd764a06df480

SHA512
82a38cd7ec1afc2dbf64cc5b99c21e86288da8a3b872ab09c660041cc43759e569971e42dfc6d281b23f53eb800c8d08b8daf656c03d65d087cd2eb54b03e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c874ca5fa1b38ed3094f05c9aa8a14e6

SHA1
2a36112a5b5f8a65fdefe6642d1231dfb17e30bb

SHA256
5821e8f0d7fa9e3b9dfbd53fd5becd380a8d3efdfcd6c787b76dd764a06df480

SHA512
82a38cd7ec1afc2dbf64cc5b99c21e86288da8a3b872ab09c660041cc43759e569971e42dfc6d281b23f53eb800c8d08b8daf656c03d65d087cd2eb54b03e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a4f0bdade554e7f5f232cd1a0fc99a36

SHA1
5c544d38a43e7a6e0a4fc9bb54d7b6ea4e8b416d

SHA256
c923f2a293734fe390fc2699746e89e0b6560891567b9135b298ebbc158ce3f0

SHA512
344bd8fb073bb7ac11209c6a500a961d8b28e3fdc83b6a8e57bb11cdc55363dc3aff273e8f27287b01dbc00f5e4d6e7c6b8152fb53222f485fd58123c27ae1f6

Download Submit
memory/1392-158-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-160-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-168-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-170-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-172-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-174-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-176-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-178-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-179-0x0000000000400000-0x0000000000552000-memory.dmp

Filesize
1.3MB

Download
memory/1392-180-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-164-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-166-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-162-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-133-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-185-0x0000000000400000-0x0000000000552000-memory.dmp

Filesize
1.3MB

Download
memory/1392-136-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-132-0x0000000000400000-0x0000000000552000-memory.dmp

Filesize
1.3MB

Download
memory/1392-156-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-154-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-152-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-150-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-135-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-137-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-138-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-140-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-148-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-146-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-144-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1392-142-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download