1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f

Analysis

max time kernel
51s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2023 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibranceGUI.exe
Size

776KB
MD5

6cc583a1f3f4500a524b61255f1d2710
SHA1

7c1a236e291746b781aef5dafbcdefa648f36357
SHA256

1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f
SHA512

7fe177862b1aebbbe32de1aace56cba69d35667a0d337847984380f039fed7c61cda60c2e6c02e6214d4178f715e808089f5a6b4396d94dd87d01a97a88ec8d0
SSDEEP

6144:LPaQf/VaGtX5RlJxeR2CoDnpYRkIE3IRv7I1:LPrHVaGtXV6RToNYRkh4t4

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2396	msedge.exe
2396	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 1368	2800	vibranceGUI.exe	87
PID 2800 wrote to memory of 1368	2800	vibranceGUI.exe	87
PID 1368 wrote to memory of 3756	1368	msedge.exe	88
PID 1368 wrote to memory of 3756	1368	msedge.exe	88
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 3088	1368	msedge.exe	89
PID 1368 wrote to memory of 2396	1368	msedge.exe	90
PID 1368 wrote to memory of 2396	1368	msedge.exe	90
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91
PID 1368 wrote to memory of 4848	1368	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe
"C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/juvlarN
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefb0546f8,0x7ffefb054708,0x7ffefb054718
    3⤵
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
    3⤵
    PID:1456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,7378188189673125305,17951467956083104350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
    3⤵
    PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a2b9d5d4c41c84255cbcdbfd76f0c888

SHA1
7a1756128a1571fa4a03f1718b2b6d1b2bd3db5b

SHA256
f830d653a00c517830ee20934620101d498f95a9b5ccfcabd07e8ea2b111024a

SHA512
d54ac472173f5a9b219420bbbf0c0d8e5b59c168851e4bfc72ad38be7020bff7462ada18e090bfd671c32654ad6bce9497dbaafb9fd5d19b08724eb0c1a79ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
951B

MD5
6a95288f3afa92e9c3ab009945a86373

SHA1
d7927e46fd738cabee2fbd5d5953c1244464de91

SHA256
28e3777874df31f605efb946265544fe272827522f510b2d21a72b06430f6848

SHA512
2444206f88f6c9c49cf31fc3fcb106aeb51fa1e0f77e54a556db3bb9b2e3bbf7ddff2e2cbd1f00b792d1ceeeb1e76f512edb056f59fb68d1a20d8fc12ed5d0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30db76410de4accedae78a800a6720ac

SHA1
9de47043de3ba715a3c6389f0e055dc568bc2039

SHA256
315a77101803ff6e91eb0f3bda7579c7b827aeed4890c473244f373c34636cb0

SHA512
ce26aeff104ff8e458ff74f8087296cd6b31249adcfdeea156d02e44a8e59d1678d77de542d0e89c73f836ac34d084f76f97f69e187146ddebac983be9acae91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eaced67eec0e1c2c856cfb24d3136a64

SHA1
d2a8fb5539ec079d7148de1cc43669ccb092fcf3

SHA256
6dff1788b494ff56cd4522ea79978043c8d77fd2746bc2c789c69d14190448b5

SHA512
8f1429be3f4d80aac995b0f50c04d605f113ef3b900a6aca086dd08a7b97fb018a579dcb15e10284503f3b7be9fae76eaf840730ce734643ce42f9603907d8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10bd6831dfb54fc0acf08d0a4048f857

SHA1
fc0baf6eb2b6b30493093676b8d2b81b859061ed

SHA256
328dc56dbbfe656981aaead9aeb2051a9c47a9f49a20b2c968ac20be55e2502b

SHA512
4667aa9937c3f6bd27a87efd54707de7597a36c8cf7d7f88d413d3f372eb88861101eeef0b0ff38da156176aabb7b4f5a6496a2aa8120bb6bd04051aa1bee3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8e9a9f89-91e1-4806-ac97-7502c170fe83\index-dir\the-real-index

Filesize
72B

MD5
da13c0155bce81e8b56555e39266d9ba

SHA1
8ffb9e39b467ab41c7866ec25cd60981ec340c77

SHA256
63dd9b8ffe3d3563e8cf905b5904a8a856227080fd3958ce4c3cf934829f4f47

SHA512
7949314f8eb47bca54333b6e7b8033a41062d7aa9bb1b36257c9e2478dcdf3ff53e8152f46d2fc19f92838295c4e51a3a8dced86d568498539ce98156c330ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\8e9a9f89-91e1-4806-ac97-7502c170fe83\index-dir\the-real-index~RFe5879a0.TMP

Filesize
48B

MD5
35aafe7bb6fda3d770ecd3bc3abdc76f

SHA1
95be71ddacde3071560f0f3eaaac6c63e63b84d0

SHA256
8f7dc8522be89812f8ecae6ab63b647cbbcfa7662e548d2dbb53d6d4e9a5771c

SHA512
1c4208bbce0247b5bbdaf6301559715a2d19c421f1a424da1200cc3359e68104cdd5b3861979b8b72ef481c8167da1471e09f9e1fa27373dee9da8050f30ff7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\aacd1b3f-5200-4ca1-aa80-5a938c548a67\index-dir\the-real-index

Filesize
600B

MD5
19aec8a6ef99879a5f368ec99d16722e

SHA1
c9d3d45038f3b23285335d166b4681f11f9cd3f7

SHA256
e6c9469a0e327627c45d4eaa03944b63e6adb25babdb68b9b69e4074d6c6fbac

SHA512
5b57077f5a719999fedc73e27058668915f1e8a60cbc7a91d17fbab967cbe8ac899571299fa0c095b45c87a3b8994b1a0e06c4da8593d5e765176467878ef33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\aacd1b3f-5200-4ca1-aa80-5a938c548a67\index-dir\the-real-index~RFe5879a0.TMP

Filesize
48B

MD5
803177dfc19025f1a45ad95d1fa92ba0

SHA1
a8101901955e795bf0988fd09119095047837bc0

SHA256
f2dbf5f57df3af3621f4151e408e50357b8b17a5779a1ca12529e5e3a2c709b8

SHA512
a76d8fc8ed7a4261f3f27f0d00330c0a4c2d5dce21a0d4fea56fa8765121db7b8c2fa73d27cb64b3eeaaa522aef5a33d1df0eb0abee1bce44b34fd96020a61e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
2ea3be229d2e1307deac464adf153ae4

SHA1
dc860de7e92ddcd9ee9118035d318d9a510c2e79

SHA256
0512cdd752b52aac6b4266366aa3fdcb19e8460f7dab463e5c2827b31c63580f

SHA512
b7ed1ff9d1d398dbba88331b327e4ad1659bf3367d010691e503f14dc45fcf1b501d9ffbf36bfdcffc1a91aa9632e885444c606db395bcf3f5f5fbd8b99286c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
2ee9fe8d1dc7f628c298ce0b2277d101

SHA1
8bd06b8426b2aeed2a1bd7fff7e625d81b9a57c4

SHA256
80dfcf8544de9cc8d49333ff92e328f2c421371a219e52ff30d9ae51fd6a4f06

SHA512
471f3f1c68c2a2b11bd5ef7bd2ef6cca0e09fb66fc87c7897fea58aa4ae53d69b57dfcc6bd7abc32c0f16c2fd73dfe0f4f7ac887df4491ecc002f64169dc4aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5844d4.TMP

Filesize
83B

MD5
89f54ffc1d26405bda5f5fc58f697410

SHA1
2e6dcad924298648488ce6ef63342636e065beb5

SHA256
1a892e0bb03f39de79b9119b6266992e330f06f7751143ec907c7a4762f40f7c

SHA512
286493c75536bf530c536fac224acd134ccb1849cffd1064d2716f6f2a1b980d6df030cce58a51fe66ba674f99ce1dc906486c32f10d4b68fa45d57fe7066b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
816f0f201fc46e55c91372a0ed92c9ac

SHA1
8d73027a7cc310b23449ccf3ad52214a51f2e52d

SHA256
2fcaa135877f3d8db063dee94451e474077e8118db9bd78c389dc3f8df7b3842

SHA512
dadd5582d2da27df8b08178a44768e91a0cfe1baedcd6c754187d4bd77b1c4e19cbffc1b674a0149fc740f720a808f1a35020286e9d4befcfc4c561b32791eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587809.TMP

Filesize
48B

MD5
13a135d2e81d80e1f31b4ff15b31481e

SHA1
b63cbcd9cc3d0b2ef8083d7cb852b2567ef11f3c

SHA256
9cbb49b02e4ef617cb0bd7a3023adf138634bca3419734b06977ca17c79449e8

SHA512
8fcda82f04eaf9023e74d5dda061b5282984f93c94f1c6e9756c2f28fe1bdd4f8b30f9f4f3a63ab7fe7acc89f7c26be6f46624849ee90602eb594563d66450ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b2736ee7d4476bbccf4208ef219900d5

SHA1
5593da8830f33c0b0bdf4e7fb1512b4da3c1fc33

SHA256
21a34cd53e19303ac95406d03d72ad389d4d8a638f27961349ddbdd96ab79511

SHA512
3b877c8834bf25f9359cf9beb977881e923bef179d23c62f319afbadffc4bc127a87e3bfe66c0f7ddcb3502f82b9daafe617b35b4054d3bed6bdf3b6fbaeb22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587bd2.TMP

Filesize
540B

MD5
d9dd4b6081deba23c9b84b406fe404b1

SHA1
c5a49a66f4eae289468ad1ef233ae8cd8b0c9ae0

SHA256
d34ea2806f712435a421aca3bf31fc7052bf8b188e9129baa2795d278c513e4b

SHA512
d881222405a53a3e2007fcc574d07fff11b10e1f09f90d99c8742296185e96f4224afb932f5da6d643ad80ae0e8c91f7488b226265a13bd6e10fe4259b21b52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9b29d2d963b8bbbce1bb68565bdd4537

SHA1
fe0539fa2b951b3651c390c74a9ecb11e53df073

SHA256
6e2773a2ff1b32ac5b0624a27c41bfda4cc07a8baa3277fb89d6c7d4ff981bb6

SHA512
f073a845a11fc6e95d1f4227e740a3699768b91e415c635659995d6e5292ec0199d1c984e26660c05b62130034ae78f144886873660028d86e7f7294fc6fdc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ceb62be783ef840114b9693468b01b64

SHA1
d26ef8b3727ddf73721ffaa4146fc4c29630e392

SHA256
210e6465a371dc9fa0939312904c34323898f2d9cb5cae1c1302782856ef2dc3

SHA512
d378fc00168882d91871fc26075271a1779a42749e2d6485ef73b8d54c2f5dbe6cab999fa869354b7b35b76c3715e0a5e434da99242b254ad23cf5c2aa59ce64

Download Submit
memory/2800-138-0x0000000002DC0000-0x0000000002DD0000-memory.dmp

Filesize
64KB

Download
memory/2800-135-0x0000000005AD0000-0x0000000006074000-memory.dmp

Filesize
5.6MB

Download
memory/2800-136-0x0000000005410000-0x00000000054A2000-memory.dmp

Filesize
584KB

Download
memory/2800-133-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/2800-134-0x0000000000970000-0x0000000000A38000-memory.dmp

Filesize
800KB

Download
memory/2800-137-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/2800-141-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download