1fcb8e8f888c389b97afd3ed5f4caf3cb12c4a0658d519f325165066515cc284

Analysis

max time kernel
117s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bb79f09ba2f83adae49410ce65fb800N.exe
Size

867KB
MD5

7bb79f09ba2f83adae49410ce65fb800
SHA1

c1a2bebd55eeca061131307aa99bc35559a29ac0
SHA256

1fcb8e8f888c389b97afd3ed5f4caf3cb12c4a0658d519f325165066515cc284
SHA512

e3c4b4b0c76b49bd3b877ec629204f975dc83bc453c3a475a7f01f82801ff4256cf38a8a33431a6ba1735b05dd65a15ef2ae25d8ed0509b7b0c10a74d3bd6ce2
SSDEEP

24576:uh2YBcrQm+2DR7BWYpWUo44kEOKBWppwC:UvOM07VZ5EOa+7

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	7bb79f09ba2f83adae49410ce65fb800N.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
2248	msedge.exe
2248	msedge.exe
4216	identity_helper.exe
4216	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4960	7bb79f09ba2f83adae49410ce65fb800N.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2248	4960	7bb79f09ba2f83adae49410ce65fb800N.exe	92
PID 4960 wrote to memory of 2248	4960	7bb79f09ba2f83adae49410ce65fb800N.exe	92
PID 2248 wrote to memory of 5076	2248	msedge.exe	93
PID 2248 wrote to memory of 5076	2248	msedge.exe	93
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 2688	2248	msedge.exe	94
PID 2248 wrote to memory of 1852	2248	msedge.exe	95
PID 2248 wrote to memory of 1852	2248	msedge.exe	95
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96
PID 2248 wrote to memory of 4396	2248	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\7bb79f09ba2f83adae49410ce65fb800N.exe
"C:\Users\Admin\AppData\Local\Temp\7bb79f09ba2f83adae49410ce65fb800N.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9NW33J738BL0?ocid=&referrer=psi
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7ff98dbe46f8,0x7ff98dbe4708,0x7ff98dbe4718
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
    3⤵
    PID:1040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
    3⤵
    PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12971272543696519765,8391898662050113847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
    3⤵
    PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
e978d87b8083324feba2073789e0a6ea

SHA1
dac08ca9e8cf666025f38f41cba280aa65521f94

SHA256
480f4f385f22bdefd3c5fa9af8034f478bb14399620f65ebc51b25e21f55aafe

SHA512
51ddef6f86f1eb1302d5453aca5e6b0a64c432195330678833b73757b6ab0f45997135f3c082ef4c6c9c16fb8cb0f546a952526fc324b836e649b24d3af63b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
539B

MD5
f90060e29b4ec7b6cdd8da5d41cb8e7c

SHA1
7cd795245f46b2b811ddc4866dbc16ff61b29e35

SHA256
380700115554231a195f5a82d0e6c045e5035856720c1e513890d91fea8fd3b2

SHA512
e3a0e4b680fc421538238c8de365660fe1e81f1e72224dcb7155d82d11cc585d5eab339d74d556143b85bd0417615e0bd186634c5f788d1053a8eced7d7979fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a853cc74d5eb8887094d3b8dd8d338ae

SHA1
09405c6011ba361142a23ab1b77802c80d6a107f

SHA256
eba7414b99f38715e20b1b911cbd88e2313d26445e4b3db6233c8010fd1afb62

SHA512
ae58fd5cbb25bdd5021dc4cc3bd599ae81a8cc75dd325d7d9d16f3c5bb995f0a3fcf3b84a36e2ffcbce4eee9819b572550fe3e0dfa92195969ae6d9acae6a9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3eb6ae4ae18e9f8257c37e555075e6b1

SHA1
11cb9f8eb6f53134cf71d0b2834ca1c83ea46222

SHA256
4e04cce7e196ea567a968e9041daf1b4457af0fa394bfad0ffc9bd18f7b28c3c

SHA512
bd50ab8a11055c2fe8e700029b28b7cd6e0bd9dedcde4f7e169c1c9ebe06de32de7cae80a583536c59926907d7014d2b807a04c83ea2416380e3dd320814c895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\ab6a9ac9-3b63-4805-bebd-7d7f2dca05f2\index-dir\the-real-index

Filesize
2KB

MD5
0f84366269deea3644f4f48445b26eff

SHA1
32a325d66c9d7f00585790e7bc1b7d4a9ec766ce

SHA256
cda46ca64c08640ab638d6ab2f096f90497ee4a73d6f6b18293b47f9e13ebe71

SHA512
49d9f3e78f4e05ef12f19e9b13bee8fd29e70f4fd37fd96796560a490a9db5b523b47d54620f4c865c9a7082e138e244733bdb4559517123a402996ef4d16bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\ab6a9ac9-3b63-4805-bebd-7d7f2dca05f2\index-dir\the-real-index~RFe581817.TMP

Filesize
48B

MD5
b5e2a29a712d7c9f8cfcaef8089a915d

SHA1
7a564380b561494821952d20329598bde556c676

SHA256
23eead87ca1cbf779e248f5d6eef72889f78e069a444f0daa4271a024f61a3ed

SHA512
184f520dfae3c7301154a2de1a1220a6782771b1e371a218e244f091dfa4f71308e8e5064a55dca844c7fbe3d2a316781529375dfe7b00ad9f44d09a96b5660b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\ce3b47ad-d7af-4462-bd7a-088ef501a8e0\index-dir\the-real-index

Filesize
72B

MD5
d6ef918bca11cba8939ad82fd0c8886d

SHA1
48165466a81d94bd42a58d952c5e1e9d53d7ce4b

SHA256
d96dae723f2d05267de4240122fcb1c3f1486184d64c287a8de434912b3326b2

SHA512
3284a8bc59f10660df32c6d1209ea9affa95801033f065b024382685f691a00686146edc6366b9d05d6701c107f4412a3f7ef7614508ae52db6c9302aa72d454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\ce3b47ad-d7af-4462-bd7a-088ef501a8e0\index-dir\the-real-index~RFe580e24.TMP

Filesize
48B

MD5
33584591ad8e6a95917f724b813786ed

SHA1
bd8d2cea24e26270cf91af6d05c7bdfb88a3f75f

SHA256
05d1c89e619c14170dfe32240f7d5401d95a7d96a35eaa2a9b7e0cce5920dec6

SHA512
99188c4f3b04e9c694b26c364599218324e41325ddc4c94963ef2597fcca32762be9864871364a2e19e7b2f81c767adb5ddb6b8faa01c0de0830fa7d538c95be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
8058c91d360fc67070f38efb9e0cedbe

SHA1
2e9f46842b650d5298778759e6d7ed2f12962745

SHA256
ac103c95de71f05969938f503d04a20007ae34f65cd556bf1810f554e1315307

SHA512
9301968314aabbcb8764ac9cf99cd04474bc2d7810d2684be1f275a34a8b4a8d3bc8b73c0c2ece4c809d2c8f78634aa6198fa4261ab30a9965476ca2ec834f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
4da4215b8af9c1a90c07f33c5862b553

SHA1
99f547b95ead615e07f9429c98fdf2310091ca08

SHA256
9ca2083e5093db08a05d87f00daf4ccaf4c09981e1820a149943ab60e9219419

SHA512
b0b52c59c0c67975017918a1000b2e658026c8ac06c71126a899962e995253e85fced3fb22a291b541cff7ba14e24dd636c0d602e4a9f4ed4de2a690d5b4170a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
cd3b459e20b2de9ba1539b166144c69e

SHA1
e1f729f7964f49f9fb98e658064a1ec2238e94df

SHA256
0ee4925d4c24ea44aa0d78af45158fd209042aae8694fa7d5c39896a6205ce0a

SHA512
db0f5f1c4ab79e7932bc657f0faff569c4b54523b85792e45d7fdc45ef8511b6945d5de335724c5a35ce11faad99fab92ae3021ed07784534de95a498feaa661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bca4ce8fd77b6016e25bad4ec43d3ebc

SHA1
ca52954c42c2c5286ff9b366316e0268c0012b8b

SHA256
5d083c39e5d66510f70dbd7e79cb87e1023580242d7c5c44195bdddf8f26983f

SHA512
ff4c6c3f793a400ce1899e16f216d1ec70c408c1e428947b6cd9cfa047f9ead88741fbfce037b35e0add904ec0f14c704904b3ca6adca2838057c2180b58a7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580de6.TMP

Filesize
48B

MD5
a8219488344e5adb2608a7f4fb9b2c45

SHA1
b5f417e2f0bba20ab2a9035e742bf4483fccf5ad

SHA256
ddf2b67b13384a9829e12d6fdd681f621699a0fba161a262171ec6dc4ab64535

SHA512
dde1265cfe0e4680f1f12c7bcbb1972752b74e4c7708b26b6aabd4db02e793a94501bab00c467824a33f56f4fe60357cbf537635a78bb96cd9272a9ec3bd6a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
ef4f46f23e108b2b22fa37469c69e5ad

SHA1
07e3f9ebe7da96fad64dc8c98621e98d29af1fe8

SHA256
26f2336da198a9a25da9d3eca94bf26567bd17890fe223eebe1ceea239cd6f20

SHA512
9727d7b92f71fa93606978b88fd002ddbfb21cd1e2f99c7913b0b2ff151ab85031479ad2ceb16f7e57cee9fe5e16efd323e1ac4e182d5bd2160cd4bb022293ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5817f8.TMP

Filesize
875B

MD5
f2efc5ee4bc46bd41bc05ceb66cd0ec1

SHA1
1ae0e7140d9b6f0a5b000228c9cf6d37b9896836

SHA256
cea9111c88f4b30068c6b3b8a8bbf30df04bc0a23682a16e663ce9a3ce9da205

SHA512
a29819d800426a24d19b6e1085aded6da5d5ffdef94c573e54881e36c3cfa590ea0c60c3f8d688ccbaaa9c97950314fd9670722dc547e36d50b3c99bb9cdab9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c325d49479e164a328df0429e02f90f4

SHA1
ffa4f56be416ae3b17f8a52a65a5a94018b5d44c

SHA256
773b1cddad00e8ec2e37dec69fc26a7444c798c78b0a912d28e346e026748f06

SHA512
0da4e67a322613cbb4c32530703dd9bc3068a0418885e18ff218966d3010f08380f24c75f5acc3b8e0c32071a4accf0522431c98cac6767ef580d0fd0ada974b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp9EEF.tmp

Filesize
1KB

MD5
a10f31fa140f2608ff150125f3687920

SHA1
ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

SHA256
28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

SHA512
cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

Download Submit
memory/4960-24-0x000001D777640000-0x000001D77764E000-memory.dmp

Filesize
56KB

Download
memory/4960-19-0x000001D774990000-0x000001D7749A2000-memory.dmp

Filesize
72KB

Download
memory/4960-25-0x00007FF999440000-0x00007FF999F01000-memory.dmp

Filesize
10.8MB

Download
memory/4960-21-0x00007FF999440000-0x00007FF999F01000-memory.dmp

Filesize
10.8MB

Download
memory/4960-20-0x000001D7749F0000-0x000001D774A2C000-memory.dmp

Filesize
240KB

Download
memory/4960-27-0x000001D77A9E0000-0x000001D77AA06000-memory.dmp

Filesize
152KB

Download
memory/4960-0-0x00007FF999443000-0x00007FF999445000-memory.dmp

Filesize
8KB

Download
memory/4960-22-0x000001D777650000-0x000001D777658000-memory.dmp

Filesize
32KB

Download
memory/4960-23-0x000001D77A470000-0x000001D77A4A8000-memory.dmp

Filesize
224KB

Download
memory/4960-26-0x000001D77A800000-0x000001D77A986000-memory.dmp

Filesize
1.5MB

Download
memory/4960-31-0x00007FF999440000-0x00007FF999F01000-memory.dmp

Filesize
10.8MB

Download
memory/4960-4-0x000001D776910000-0x000001D7769CA000-memory.dmp

Filesize
744KB

Download
memory/4960-3-0x00007FF999440000-0x00007FF999F01000-memory.dmp

Filesize
10.8MB

Download
memory/4960-2-0x000001D773080000-0x000001D77308A000-memory.dmp

Filesize
40KB

Download
memory/4960-1-0x000001D772AD0000-0x000001D772BA8000-memory.dmp

Filesize
864KB

Download