hxxps://u[.]to/MOtjIA

Resubmissions

21-02-2024 11:07

240221-m8fk6seh37 1

21-02-2024 11:04

240221-m6b5zaec4y 10

Analysis

max time kernel
121s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/MOtjIA

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

POWERPNT.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exePOWERPNT.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

vlc.exePOWERPNT.EXE

pid process

2192 vlc.exe
4384 POWERPNT.EXE
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2076 msedge.exe
2076 msedge.exe
4708 msedge.exe
4708 msedge.exe
4108 identity_helper.exe
4108 identity_helper.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

2192 vlc.exe

pid	process
2192	vlc.exe
4384	POWERPNT.EXE

pid	process
2076	msedge.exe
2076	msedge.exe
4708	msedge.exe
4708	msedge.exe
4108	identity_helper.exe
4108	identity_helper.exe

pid	process
2192	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msedge.exevlc.exePOWERPNT.EXE

pid	process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
4384	POWERPNT.EXE
4384	POWERPNT.EXE

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exevlc.exe

pid	process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe
2192	vlc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

vlc.exePOWERPNT.EXE

pid process

2192 vlc.exe
4384 POWERPNT.EXE
4384 POWERPNT.EXE

pid	process
2192	vlc.exe
4384	POWERPNT.EXE
4384	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4708 wrote to memory of 2352	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 2352	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 472	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 2076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 2076	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe
PID 4708 wrote to memory of 1168	4708	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/MOtjIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8c546f8,0x7ff9b8c54708,0x7ff9b8c54718
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
2⤵
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
2⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
2⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16469748181611490344,8715876318940669590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
2⤵
PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnpublishEnter.3gp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\PublishUse.cmd" "
1⤵
PID:2980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\PublishUse.cmd" "
1⤵
PID:4780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\PublishUse.cmd" "
1⤵
PID:5052

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Desktop\SaveConnect.ppsx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4384

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
88KB

MD5
13a6d74ad6b98b7194ac1e2bb91ebf9c

SHA1
f4e125f62cdfdcb8774a8479ce7ab070c88815e8

SHA256
57f0940477fc9fec40f298c5dd6135c961d947d63375f0303b445d22346c8930

SHA512
155e22e639e7eb54ead79ac114e5bcbcd1169359742decb7a62d1172cfe6e8a81002fa28c1a68ad80d9a6dcb1da77de4030207ce3b756ed7f2ea7f5cbf95ca51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
12c1b172e21f4415d7b787bbacee0843

SHA1
d199a862db378522dbbaa5941a7aa6eb5b3e8510

SHA256
215a14127ea43aa5585fb75f158bbe98ba3472724bf50062bea8bbc590d74875

SHA512
229155f8b608dffdec9c3d7c6b26eb31b16fa3725412a0bd5014f3f97fdb3073fbfae18cef98d4dde5a05d9dff1bb03a8c598c3c9a100ac735a3868391559b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
29db770731ebab13a311e284b089005c

SHA1
0788e34a97c299a7ee0ac82ac6b8bca65cfb19a0

SHA256
3072a7675ec063e9fd38ea98728d3f40c5a46da07383c2c7da60ee5e547d0d72

SHA512
dd19a616eec8a9d106d0e768cb9860ae79d4c99785ba26ca949c77e42f83349a34e644109130a9a02473de21ccb1b118fd5bc7ed9f5b53e2e1a19fdc440ec972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
576B

MD5
449717c1ac60f57fb5aa191dcb3a68f4

SHA1
119c8d8ef2d6fc96c36e6f7f98f048ef92de9b38

SHA256
c4495a217cc8eed7fcb95bcb0fc26a6771dd8f33aaa4d40015c4624a62649691

SHA512
a74d43ea26f80479a046308901d4f0aa8a2e49e7f89f2d51a60de07f958c927a2ecb8287371c8670bce9fe032c70fe31f86ecb798879e4ad9cab1d763e66ed21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
e3651f47c3394c650b24e4631cb5a963

SHA1
641a048365445e5f09de88a0e7a2bc092096f162

SHA256
500655d676aa7b771ab114b806b814f29366846a9939bc0a459be1413d5a1c9b

SHA512
6d96fcfbdbfda0c4a84d87a9bfbb843396d81d44a62be6613d0943ac71eb151e1ee29fc3c8398af470e1aa0bdb4deea01438dead00d419967ad23c3190b7f3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
646e5373d4f218e07aec98a247fbc296

SHA1
86afc9039c9879ca666ae5bf073d81001b10d555

SHA256
5e71d621c3c2ca8e6b104a44e76162bfdb9e715ab6cccc045a14f7d5cf17d1e6

SHA512
1fb0ed65b44a5e17318169872f615849f52438b7f2fb1147f7649982ee79f09b56fee762b78dd96aed5de9647c1ddb5b82c808fd08b6ad7731642d465d4075e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
aad4f0be5468b0a5952755714fef0d18

SHA1
7bb76de248cfab17c120bdaa3b1f11a56735b4f9

SHA256
13fd680f3ce8fc1db8f1c277d07b167f704730ff37bc6f6792c63475139cf17f

SHA512
a247518c1f074de6a0183c233d7351507798376eb4d664aace7d08d0239834395a841e1ca4bae4dd4cfc836aeff8dea15e6a46fcdc6fe6d6f8826f2c878d4b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1d8573d3ac023fc1d6f7356eb12a8d0d

SHA1
a1202e569a9d6d109ce2f6fdcb8bfde79a5dd7a7

SHA256
959e3951b3f2feb82a18f3bcdac67afcf906237cabf0cda3c353c4b839b6645d

SHA512
abd9110de46b647f72fcbf390d5873b1630c7915430f8e5583de62d777c4ea1a8744cba0b1f8698ee16c5bde59a0476e96627c07eea1befceb09fda4bb6d5d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3ceea78b96d91d330b8114e6063e68ac

SHA1
091fac31b8206328eeec50d16efa1a5a6642b257

SHA256
b17df8787b9f12c4fc5e070fad09c119fd7fac9c3820cac09efc00db21fb6184

SHA512
aa465e445652ccaf6bed1ba9f0565d55fa4b0227d49d3abccb6f693ec4bf4cf8e64fc8c59a03585e0ebbbd936fbc59de674c6b98c865a823239d24a60e172a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1588a5f94e2010703e3c5020be6b64cd

SHA1
34c78e84f0a55f21597fc06fa6aeaa6234526e43

SHA256
ece29d6de99d3bbde45e1c9825b148990d21bf54fe2b6bfbc2a2b9065daff2f3

SHA512
fc6f71f702674fb8acd30cbb329cce8c64aeeb97a9202e0f7a1055d047528bce331814ffd5d3e8c66947f0623a8f548038ba8f1f2817f906788d364bdb173f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
858b51c4283cfab9a0247b3291fa23bb

SHA1
757039611a07e9186bf3c439e4c5b0f4822d0f97

SHA256
3f160b93e8393e58bd6a31f5c9ac750ba4d38835d74064dff6a923ee54f5a0d0

SHA512
c558f45bc942a7ec7000b11b840607523c07a3823f2258dc7608edf94ce5259ec2b9902bffa5ce01b368e449c7f9973bf8e0d0f177fa55a1ce5ffcdeac4adfeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
0eebc8b8b173eb9d8e309e2023359170

SHA1
216b304d75ddb8b63e40d61cc265091e3d23eaad

SHA256
570e5f7c1e7d9d5a59ecaa9e26547641b8fc514bdf83ca15a0a0c65896f4914e

SHA512
51031dcef643f41459849074d63ef197c030215215ed022cea3f595e23dcb6be5703962668dccad6e3388bc14af3a39d829806e8dc1b6256dc8f3af585450f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
3612524245a79a5ca4e59a6cffbad2d0

SHA1
3b31b1745f0647105896bbfa70441ee8191f1420

SHA256
de9deb51c40e17ce0535bc17e60b93eb5bac8564ac7dddd3aaada3cdaf66a6eb

SHA512
1be813379a5f0dc3da59ab03aec855c7666042361af7464a2cb3788461b1a1c568a6facc71bec4e1254ac9198be12edd05b138687260e93103a8fad056ff533e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
c4d281d1ba2801c2c316127f03dd545c

SHA1
4958d6a681f3bba930d39dfda3422f64107ab05c

SHA256
67d9582b163b60fe043d13c171768671f7959f7262bea27b7d737bb034c0574e

SHA512
e31983cf661b39449832f4dd377e4faa7d445e7fa7810b0e6afee000c926dfe3738d101dcff9ad232de132ea7c249af030925afdca4ae1753e5b71a6f4c952a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c01.TMP
Filesize
540B

MD5
5abfa18c160f55b9fdbd6b62a1fb714d

SHA1
d21a2af400c9120e8262ef0b2322329a1540daf3

SHA256
f0747fea0402d4d8f85b5dfb5897eb93f3df5c185d234dd996c40bd871e1d169

SHA512
9800a145fea25f9ab1282f813d683ae4a5102d9bc724446ad1bda976355be513b721c050a0d84dcc0d613b97badf51f1990d0688e55ae0b5f92f2a769e9344f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d48c22ca8d813fe8c85a785cc5a11eb1

SHA1
41ee86001d8cd1d6ef41b2d74d900221dfb430aa

SHA256
1eb6e2f6775192da76e19c699de52a38ab5367b4e5961aab019ed187df4212f9

SHA512
244f0adb5f726e8cc30b11ab4c786b020bb98d1cd88efa74e276873edbe6e4d801854d6a8879343c88e5a8d21698c18f28b59484b8f7a3db1feeebcbfb1c7c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8ab4b7084fd7497fb6db665fc9644e4a

SHA1
e530b2ced65ee9609b1ff3d9d26212e984f06ddc

SHA256
7f5924b66b6e6d5070ad84eaee40078f3aca7718f19a60cb3180fa603527a22d

SHA512
d22bcc8d16aedf2c348367706138978c2b57733b207b50202083c1b859f38921fa78fbe675fda8e1da55fbd79b7a41d80e5eee65c6ea760269c02978afddd75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
676ad1e4557384315a3bd8cef952f235

SHA1
4e09e35ec11494d25fdeaba714b7ba56f6ca739b

SHA256
4314de9253ca5ea39cee5e13c5aa563a4854b21deb3023703e61725c43c20885

SHA512
f97bb7dd23bc6674dfd7849ab44c88dae7330e834a7e912f37c5715d36a697d8eda3e3885e24efc8f69ed8f0c274f687c225e0b3c7bded22e0d3d33593bceb0b

Download Submit
\??\pipe\LOCAL\crashpad_4708_VJBJVJKIXRLILNJY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2192-513-0x00007FF63CB20000-0x00007FF63CC18000-memory.dmp

Filesize
992KB

Download
memory/2192-514-0x00007FF9B9430000-0x00007FF9B9464000-memory.dmp

Filesize
208KB

Download
memory/2192-515-0x00007FF9A9C70000-0x00007FF9A9F24000-memory.dmp

Filesize
2.7MB

Download
memory/2192-516-0x00007FF9A65C0000-0x00007FF9A766B000-memory.dmp

Filesize
16.7MB

Download
memory/2192-517-0x00007FF9A8A20000-0x00007FF9A8B32000-memory.dmp

Filesize
1.1MB

Download
memory/4384-518-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-520-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-521-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-523-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-522-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-524-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-525-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-526-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-527-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-528-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-529-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-530-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-531-0x00007FF9850B0000-0x00007FF9850C0000-memory.dmp

Filesize
64KB

Download
memory/4384-532-0x00007FF9850B0000-0x00007FF9850C0000-memory.dmp

Filesize
64KB

Download
memory/4384-533-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-535-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-536-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-534-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-537-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-538-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-539-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-540-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-541-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download
memory/4384-519-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-564-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-565-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-566-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-567-0x00007FF987730000-0x00007FF987740000-memory.dmp

Filesize
64KB

Download
memory/4384-568-0x00007FF9C76B0000-0x00007FF9C78A5000-memory.dmp

Filesize
2.0MB

Download