1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f

Analysis

max time kernel
146s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
13/01/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibranceGUI.exe
Size

776KB
MD5

6cc583a1f3f4500a524b61255f1d2710
SHA1

7c1a236e291746b781aef5dafbcdefa648f36357
SHA256

1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f
SHA512

7fe177862b1aebbbe32de1aace56cba69d35667a0d337847984380f039fed7c61cda60c2e6c02e6214d4178f715e808089f5a6b4396d94dd87d01a97a88ec8d0
SSDEEP

6144:LPaQf/VaGtX5RlJxeR2CoDnpYRkIE3IRv7I1:LPrHVaGtXV6RToNYRkh4t4

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3708	msedge.exe
3708	msedge.exe
2996	msedge.exe
2996	msedge.exe
2352	identity_helper.exe
2352	identity_helper.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 3708	3576	vibranceGUI.exe	81
PID 3576 wrote to memory of 3708	3576	vibranceGUI.exe	81
PID 3708 wrote to memory of 1280	3708	msedge.exe	82
PID 3708 wrote to memory of 1280	3708	msedge.exe	82
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 1932	3708	msedge.exe	84
PID 3708 wrote to memory of 3508	3708	msedge.exe	83
PID 3708 wrote to memory of 3508	3708	msedge.exe	83
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85
PID 3708 wrote to memory of 1112	3708	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe
"C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/juvlarN
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe404e3cb8,0x7ffe404e3cc8,0x7ffe404e3cd8
    3⤵
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
    3⤵
    PID:1112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
    3⤵
    PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:3020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
    3⤵
    PID:2840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,5013230615084213296,14024565166677329502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2932 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bb88128b6b2d63f04c36ce68ed52d0a1

SHA1
29cd0515976a9249fc96a9d77c9986238cd1c2da

SHA256
19341f9fde32349d43cf9951f118ebbff856499e0e6875101eaf2db37a7d7d8b

SHA512
ab3071e116a32fc105a868fe9f3cd11cb282fc6cdc1e101b09c7f6269502f98b34b2f0a2ec32eb2b537073e2b20bd22cefd2fdcd4be87f8b169e6eed3bed1ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
278KB

MD5
1c237450dc5c7d595a5fb41ef5420866

SHA1
5308c8fa31cdf1d0eb0ddd071ee73e2e2c98ed83

SHA256
68d3c0f7e8d7c3f8ac6fdbe883f6b9dd1b00387e541d312a0ddcfecc60d2490c

SHA512
df60668c1a77b7042e90f9e8b351463f4775dac3dc8875ac43c72a024689a7726b7e4ad4477c82a0a909e939e494fdd34f8688e7dc365480ad576d43a1beb1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9ab768ab29da90e0345b98856b17d543

SHA1
80e05bb5fd61722603f6211b70c3660ac070dc6c

SHA256
f87697825e067e6549e02f83d182418cfeb8fc343b7b9334e6799154e304236b

SHA512
692462713528ba502e3c347dcddaf1ac9ccdc52c28582e2a6eb9b92f4c4aa74abc4dd0a76c39eda0eb74fd1604a819fcb09f6ffea26864f3ee1191ac96c632f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5ba48356e035b2ee895b18dd14a90f8

SHA1
97edd3aaaf623ff6794ca695b85d0110ce6ec569

SHA256
28c77a4ee97cfa2c7965cc95c23c29e81fa7d8ca90a594c8fd639137a406dc4d

SHA512
54b63fa2a48358f4d72cbb1446e93bd900ed147a6a591fe1c5533d3fdc4b0873b9bf550b2cc554e412a00f5fa528253d38d44ee539714d9f247098d1ac206f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
462bb2cf221a9eed8e6739e9cef1cb60

SHA1
ddd5640602c4af3b9a5a9068f3454672df2e2250

SHA256
8639fe9a943fc39731ad0459d671c9af78196fe981dcd33b51343ca3ec4f4e47

SHA512
c8ca92ed3fb54fa1702b4d72a037a11486461baaf20bd5593b00b01b412a0beafee5121e7307cd4ac233ec904afc8374f41d80a147f5bcf59b7015d3721de3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbb3fdf0d55be4e6e8e5e5d882dd151b

SHA1
5c64af07b7d360aea6c93b85f9ef26a8360f6a33

SHA256
b1878a57887e5de94b8e3e335a635dc8de6d625865a74e8eb5b6c541314c50b0

SHA512
7a055e0783074b0872ffdc725e84900881ec410587759556ae94e9341723d10f04db74aadc159391e0e3d8c72f89c61d6762de5fd70193deaceeda2bf436121f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a0bcac608f3e2b50347b1d6c6adda52e

SHA1
16254af1f13bc9f32c268d47891aa7446a47f253

SHA256
ff660dcdb5edc1a420b5ad0e6f8ceefe03868cba0e2e1e5d2ddd18e25bfe8c77

SHA512
05f8885523a4ef565dfc5ce7905efeaad0811e170491520b170927817600657eaf1a9c7c403d8723b80f44c466d150b3d4925fae2ac765bfcdc78f548821275d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
87796f83a580ad1059639b7b6f48c978

SHA1
3aeb3452c1d42aa82dcc46fac0eff546266958ca

SHA256
ca9281ab005e47fe20e132b81ccfbf7a5f0e6d845cd3412129bcb07cacb1397d

SHA512
196d07ff37bf35b583ba80ef92e0277eee328925a77accb3dae1ca10a356a7924f49a7e6233db1b8b320eef6beeb9677ee7d642dd4bcdb2f1343cfe84fb186cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f28c6436-5d26-406f-98c7-0afc49a30ac0\index-dir\the-real-index

Filesize
6KB

MD5
92808369186491e14f61a57143c7a5b4

SHA1
8cc2c134c54957bb5d666660e2f9ab4d31ef0c2e

SHA256
6eac601d7b92360cec6821eb891ed71ee9e0d8fcc485272aafb2ba7e9449f204

SHA512
2475da3a1bcdd9164d16c4d494c597b87ab2168e60512f09bca9e605cfba6c5c6351ac6f11417d1895355c3db069b09b77dd2c02afdbd1eb6f31d2a6d44fb779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\f28c6436-5d26-406f-98c7-0afc49a30ac0\index-dir\the-real-index~RFe587683.TMP

Filesize
48B

MD5
3596ae319d0fa7a27595207ea67fac7f

SHA1
6dc8f6340f9fcb3a66b3376565c8344eaaea5fa6

SHA256
5bc43fa3634826afc5daf454da56393ba9443d2bca248e585c4a15a53ad5e86f

SHA512
e2a748f83df30d9bd1d604c7593aa976629b3d7b5122d27aa08cecd7410bbab477dc78d9915a629ecf4bd2f1f0579129e5e44bbd028cf03b8875634b5aaa7043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
83B

MD5
dfb89bfbc027c1d53c0a1b2f744163ee

SHA1
d065c5edab4b7666af554efba5ece57337805b2d

SHA256
fd170404027337f5cc0ddeaa94456650d348f0f76b37de2440abfe3f5cb1cab6

SHA512
f6242000a65adc0a83b76a3681e845413470e3e0c2a409b513e24c80e67ada16f09cd89512d356e2f593a4a3caae118e4e0dda1b216705ac536e7b2d60077c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
79B

MD5
824240502c1721f7c4baeeab8b0dc766

SHA1
6d1aab92e9d49585a21d5fee94dcc86186683555

SHA256
b763dc0dd6cf93b0169cb946e00366382d351f291dc50c183ecf5e172441bd7d

SHA512
d906734d4aa4641bb30364f3e4955fff25453effa135406efd13d7197805fedd8a0b1ce5db81b10be58c20c1fb683ac81e1f052f6168f23c5c8ae1c52308d7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
55f14d47a853320c7b2d752e9b50faff

SHA1
1f85ba40de018d1429c24b3ac110af816c93172a

SHA256
d25b30da982aa873874444d4fc5d49a54a99ebf178e523b48abe58703bda566c

SHA512
01ce642fa1d17964585319106b5edf0c8cb48dbdecea23a106a82083f7b18f5a90f72e6d8b07945288fe2ed2c584ab1d3561688c779f3acec3448901f83df211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f7dd.TMP

Filesize
48B

MD5
9aea2744569bf6b03a06565614874d3a

SHA1
e36255900d293f8efa3b63f42e59c44f51f4d396

SHA256
26209330fe05045690494535d38b2ea944d189c1d16eddad72a8ea99fb1ace64

SHA512
7b0b1d608c8f07e35c6f121bc9984228d621565ce19e4f1164410bc3cd8ac9a433ddc6562397ea0cce0be182eff8a2c1ebe4725c0730868bbf852ce0f3e51e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
769c84d2dad8530082a2c1a155ecc2b5

SHA1
b7967d5cf47629789c04465d45bd9b66b235ac39

SHA256
1c090babd4e88081e413cea03256775e266f78343b14ea0666b0066cae2414de

SHA512
6d0bfb5b35a2e5bc83025d1d3469256a7f1a77c4a3e5f4c7a23caf2952551f975608015970761354c8515e001b8aa8aa924677f12906fa9e8e38043ad86e884f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acfe01f4f6785c358aca6dd4bef8027a

SHA1
6fabbd68ba8a423af23ffd150c38a4472314f0b8

SHA256
9341eb95b55b92e0c1dad25b084f00ecb02099a22a4226b6e3380256f90e595a

SHA512
51a7b3b76c522d8e7f5f3592a97840d13609447f68b777700e775d675a32f9b8e42a2f535c81a156e6a670246f25266cffa6a8a43bc8e90f4967d07df0dc7a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04b090107b19f87fd5ff2bc75180c9fc

SHA1
582593ea5da0a165dec90af53fb6fe83860851df

SHA256
5d534820aea6a7c518df796a2f4108aa25d5eeeaab94959996b95d42985b6e4a

SHA512
348d88caa61b25388797975a1df59d929228fde0f83d1099d0edda055012dc678a5b38b0e9da3f6c439f4f3f740709eb540624cb53cd99d31477ca0fd9a35709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f145.TMP

Filesize
1KB

MD5
d9db6a6629000e216e5de50c0457319a

SHA1
f0f0182d4ff298b1e3cda30048acfe732b12c96c

SHA256
a257350094131608ddab6eddb2873fe5754aaa9ca2e0b64d86fd7b8d93d843e7

SHA512
6f915452fa9e09cb174fcb5d4cbea5e51e4fdb49f6440da5f09fc24e9ca53048f8d8a122927ae59cfce2cb8b600d80ce7929cdb8993581cf004be2ba9fad2496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24811e13d077c1b3790208325720d583

SHA1
19b6840fa7da1d7e3cbe18d91cd2288ae84db81b

SHA256
d42fdbecf8ab63a474a332f9add5f48e73df246dbd57fedbd8a6124a7b9da385

SHA512
e70b10b9f8e18129e64b1b5b1a0c200e449943d6050646d12e90a1a7f34f5658561f6c0d3f72c8f8255be5665c2a16281068825b8557cb6feb1eff3b283bcffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eec6e2f7aaac9a288dd4dfed14ddf09b

SHA1
2c6b43a08f7661996bc270440e658453165a02d0

SHA256
3c2cc674bd54546abb6fc0845025c19808c08072102a8e82c94d5b7515b9c5ac

SHA512
d02235c6723a8b222628f42d0da592d31a710fa60767c37492b1bc8e36f7d4a7222f168363b3797952a357e57a4f96cb55575dae4299bffdbaa78f05a725f36b

Download Submit
memory/3576-0-0x0000000075200000-0x00000000759B1000-memory.dmp

Filesize
7.7MB

Download
memory/3576-5-0x0000000002810000-0x0000000002820000-memory.dmp

Filesize
64KB

Download
memory/3576-6-0x0000000075200000-0x00000000759B1000-memory.dmp

Filesize
7.7MB

Download
memory/3576-3-0x0000000004F00000-0x0000000004F92000-memory.dmp

Filesize
584KB

Download
memory/3576-2-0x00000000054B0000-0x0000000005A56000-memory.dmp

Filesize
5.6MB

Download
memory/3576-1-0x00000000002E0000-0x00000000003A8000-memory.dmp

Filesize
800KB

Download