hxxp://wa[.]me/380917032619?buu=vXRyF9R545

Analysis

max time kernel
43s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wa.me/380917032619?buu=vXRyF9R545

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1548	EXCEL.EXE
3300	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4544	msedge.exe
4544	msedge.exe
332	identity_helper.exe
332	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3300	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
3300	vlc.exe
3300	vlc.exe
3300	vlc.exe
3300	vlc.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
3300	vlc.exe
3300	vlc.exe
3300	vlc.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
1548	EXCEL.EXE
3300	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 3276	4544	msedge.exe	83
PID 4544 wrote to memory of 3276	4544	msedge.exe	83
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4412	4544	msedge.exe	84
PID 4544 wrote to memory of 4408	4544	msedge.exe	85
PID 4544 wrote to memory of 4408	4544	msedge.exe	85
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86
PID 4544 wrote to memory of 3644	4544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wa.me/380917032619?buu=vXRyF9R545
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d4718
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9524342433851452826,6413581019816676487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ExportEnter.xlsb"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MountWatch.wvx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
e2e15c9a1784b106dd0349f0f9f6ffaf

SHA1
170dc7f715c0f7bbf97055f78d658bd18bf88eb5

SHA256
22fb214b7c5271e29d6f1f44af19f93c264342cced39a28fd349797e1b7eb36f

SHA512
e1b622d2dcc50ac08393011e23ffce1d4209fc9f98df3603113bacad99764f3e8f9511722dfc861a4c40d2c27b370366895e850b38b9983ea21d90e662617924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
250B

MD5
0fa501124c0bc5f0e4ba9d573f6bd813

SHA1
42576ae4d301bf8c9069ce58547bfca10a22ca6c

SHA256
130301a9b41e21992b28d8070352ce31e6787b6e7c0f11cdd270627ded0a7f7d

SHA512
adb1d680fb3358703bb1773128b25a98b84da34c8d2e1f23d41f23cfd47db765e6e6115eea9296292e7bb47290f8c62943434f7188c2dbe89c146746cb6cb81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53531a9dbc369f2b61d4ded0842f6792

SHA1
070bae0ecd6a3ad1c639ba84002e9a5f2ade9697

SHA256
fffc2978f3c1023cb3e9f18d803ea86cf85bd706f2ec1b8736350654ec929847

SHA512
ed2cc0ee8ff43b2f2a4d495cac247d231b20ed1e9c3c450d27ea999ec2a9de343267af6c66be34a92e16b3057862498b207f80ac32154b913bdce3b3dc20bc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
603d451cd13a872e3b670a29631a6a0c

SHA1
d5a9617f0b3a390fea478dcc68f3ed4a74c69c26

SHA256
5e006faf1dd3e4b57ea070cf4b8507e0a060f9471bde1887d5ca1c6ed47ea783

SHA512
efde0aec1f7f70b1a87e340e0de7234a9ac803f79e33b1122299ed5a5640f6714d1c1e46f94b7f4d3771bd45aad579a484e5793c48dadc6072cd8de332c48253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce0f0f96db742f1bc018064de17a6e65

SHA1
da42a15f31f2028a6d2344a0cfadcfdb31a7b646

SHA256
c337f1a47a6fefdcba574de42296693720663a8712ec3f6b76c9e88afdb15d95

SHA512
6e2228fc339b8969cd462e2725ce5949432620e660907bd175f7d45462914dd3496dc5ad03a8dae9661211c00aaeca89f8aece83b26df3d78669a4d05839883c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\fbb345a4-8eec-4496-b976-3cd153f03c06\index-dir\the-real-index

Filesize
144B

MD5
2d041ad405f8a7cdeafa39ab84d40033

SHA1
d3216ff14368a1a7a46ec5c4bf3e942ef11abe1a

SHA256
9b2303e9615ef5eded6e76f2219f8c43a1d7afa36097bddef202ca42a8beea09

SHA512
1b7515880b325e55a6ba2c5540ed94603d3e22f99010ecc377c08be36d83ed5a13e2ac3a83f6b5b2e8a469b9b170b6dcee22d7d5bcb37aaffe251838a8e326f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\fbb345a4-8eec-4496-b976-3cd153f03c06\index-dir\the-real-index~RFe57ea31.TMP

Filesize
48B

MD5
04de22f7e9aaf0323b47767108e95744

SHA1
029ea2d8dee8949357b9bb670c6904fd9fd653af

SHA256
921a35c9e13955107b57b9e30ef1d1b9b2415307ae8c0b179072b7aa4060b71a

SHA512
75ba98cfeb5db42575869c0df34dcbe98343c2b03aa70e43342ebcd0c34e14e5b870ea68fe2b9f1456ee795abca0f3030ecb49b3c542fb3dcd55fecc020b609e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
171B

MD5
c9e9de865dfef8d77f2d88ce00901e26

SHA1
aa02f64ca2e7ba96dd16c7a592c6c331f33b6db2

SHA256
a445daddfcd1b29860452595869fb9b82b7135708338654f79cd11effaad0458

SHA512
4fde20f0983c78480bffcf95cf18421be401bf660f754ba2ae0f3be1a51a915a5d6a2ae55e85fcdeff03e40fe70314b2e20c0fc9d28284ce9f229b13f9f70f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt

Filesize
164B

MD5
5f2005d3595ea73915416c45bcb37faa

SHA1
5ad99790e5aaddd661ae5fc0f66162b1cce17658

SHA256
681a078dba9bd31f42ae0cdb376818e39c266bfb6a2380d1f1009f5e3f8e9131

SHA512
8bc7380a81efb0135aae20c4ab1aa397a514c52009d4179956c7baff41f91ca62886c22a3f85a9de4dfd470879e0da500ed48b25dae5208195bfd01cbfafd30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RFe57dc18.TMP

Filesize
111B

MD5
e0fdad4db0c8a315eab52d7e09eb501c

SHA1
cb6ec30b84f2a2c9782e088f0106f892b0d8e1ca

SHA256
9c38ed32c5d5b9a4c5d58a91453815a4a9c2b30b4f59590660d404dbe037d0f4

SHA512
89a052352cbdd7265894cc394e3830d37a7e1b81ce5a152bb503c29ce050c3056b91a3965c8d7fa04eaf966914ac5eccdfb6336a03fd90c0cfa668358c099309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6af834559e67fb464930002a129caca1

SHA1
9275b285429d6848e13ba098144ef08cf648c60a

SHA256
21f983f4689d173bc2ea3fba5322e0b65c2204414b986afa3b3e17498c7e3acf

SHA512
db66d91d0cc16bed0e24ebe3b420805ee734d6cde8a92ec56abe9dae41d9e4ac13a8ce8c1e8036405248bc7c10f4f82241ee6896fda4a4beb736b5bd0bda6eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ea31.TMP

Filesize
48B

MD5
f2b1e01c466984d71d76fe4f15aac205

SHA1
05b5dd58e185aef6994d71dff272b11c41d4c9f8

SHA256
28856903202a653494ae761961e4d7842127a30da2ac99220aa3fbd17a1b2894

SHA512
b1fa798cdfbb95fa66896171f0f74f70dcc7a1a4ed32241fcb267fc4391826eef0803815b3a03f032aded4bd0799e8589a2028b27cd47e291b60f47e57004e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5410cd34bb073e615b347efc3774dfe9

SHA1
43c7588576f2023c15c7e19b84a6ec44ea73b36c

SHA256
d457c21b73824f13a5a93de644c0079ade45243680a81569c395da1a1ae66034

SHA512
2cf4634b31ae580faa31853477b4985388a0cdd54a6a1c4e9d25e97deeee438db1aa4137ec467089637815152c33ee29927381944b77b50bfbb75813e2d4f826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea7f.TMP

Filesize
370B

MD5
72ea869b08b8acf97c214a537afbaf3c

SHA1
9d4c28d239de753ad9d90e93971054fdb8d58309

SHA256
37832377f3b6733034abfce5efb51b617de70a2d1b91eb7c8a3be4ad77a85de9

SHA512
026f131ed507058a529de4699cb99d1747c9fb9a4a0b522c454680f857e59195f13a01934138675e4bceb7171f4404ab4a55cb0b7b6b7ea3f7806ad1f498b161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43958defcba9e81d50eea3d58c5fab95

SHA1
beccadb578f385e581f8cf8c7fc357ecdcce16ac

SHA256
ba650b926795db26d792f2811f034dc727a8e845b03a0b322e4d466c8bfbb096

SHA512
34c9e9d0c9dbefa488ad2ad3a4db9fffa283fc64e187b417a64a7edaa7be34658121302b7f83b051dd98a4486304de6ff58e03c6040c0a2be687167bd564120b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0425e9158ebea4c4270c1df72215b194

SHA1
af94053d11b039d1494fe0f52be86751424b0088

SHA256
3260f4773db5cac80bdba135fb911d51edc28269b5f8aae72e7e3f42c1fd1a65

SHA512
3bc72ffd0423db57833add23f6a83a40cc62a0bb2a9a6d3e81ff17e111ef8b371cbd6d0f3e73bea6c5407be1d1468eb21691ff79373dfb21b2576853a3e002f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
97229d8b6bd1abf6457f554ffe18d03e

SHA1
96e148f1b9a423a5362c01a6351282f56d034d68

SHA256
c2085c45a6f2f2851c458df02d87a491416f9be548139b6e42285d24c861c05f

SHA512
938f1da5ad7146a221f9cc8b83d92c8d0dd7446c3a86c9f709c05df9ec86d93eab507b95b60bd51308d5c7bc0ee8eb518c0abde6cd96e89dc279cbb8d5e40dfd

Download Submit
memory/1548-420-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-450-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-419-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-421-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-422-0x00007FF9A0750000-0x00007FF9A0760000-memory.dmp

Filesize
64KB

Download
memory/1548-423-0x00007FF9A0750000-0x00007FF9A0760000-memory.dmp

Filesize
64KB

Download
memory/1548-417-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-418-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-453-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-452-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/1548-451-0x00007FF9A2FF0000-0x00007FF9A3000000-memory.dmp

Filesize
64KB

Download
memory/3300-467-0x00007FF9D4D30000-0x00007FF9D4D64000-memory.dmp

Filesize
208KB

Download
memory/3300-466-0x00007FF7859F0000-0x00007FF785AE8000-memory.dmp

Filesize
992KB

Download
memory/3300-468-0x00007FF9C40B0000-0x00007FF9C4366000-memory.dmp

Filesize
2.7MB

Download
memory/3300-469-0x00007FF9C0EB0000-0x00007FF9C1F60000-memory.dmp

Filesize
16.7MB

Download