8eb5e7a9d34ac943613326c6928a72739b42528c868ac25b94a9925e99fd2743

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TextNow - Unlimited Texts + Calls Installer.exe
Size

1.0MB
MD5

e81b51fd39fece8891f96ec88507fdb9
SHA1

d2e77d69f0b1f6e156b3f44acdfd26bd65effc3f
SHA256

8eb5e7a9d34ac943613326c6928a72739b42528c868ac25b94a9925e99fd2743
SHA512

b5c793f5dca36753034f3bfb9a2762294bbf0a8d78de4089e753d9ed124f3cd2b0107914d20c9ebc95088330ab9e8d9f6cb85fb92bae6c7400905c661a3fa478
SSDEEP

12288:qvUGQWpy+Tac0RDffXJjyYpcyoNHSy5viczPESsQ3BaE32VfXJjyYpz:lGQB+2DR7BWYpcyo44u0aPVBWYpz

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	TextNow - Unlimited Texts + Calls Installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
1952	msedge.exe
1952	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4780	TextNow - Unlimited Texts + Calls Installer.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 1952	4780	TextNow - Unlimited Texts + Calls Installer.exe	85
PID 4780 wrote to memory of 1952	4780	TextNow - Unlimited Texts + Calls Installer.exe	85
PID 1952 wrote to memory of 2500	1952	msedge.exe	86
PID 1952 wrote to memory of 2500	1952	msedge.exe	86
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 1612	1952	msedge.exe	89
PID 1952 wrote to memory of 3972	1952	msedge.exe	90
PID 1952 wrote to memory of 3972	1952	msedge.exe	90
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91
PID 1952 wrote to memory of 5012	1952	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\TextNow - Unlimited Texts + Calls Installer.exe
"C:\Users\Admin\AppData\Local\Temp\TextNow - Unlimited Texts + Calls Installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9N43SPJLCXCV?ocid=&referrer=psi
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe000246f8,0x7ffe00024708,0x7ffe00024718
    3⤵
    PID:2500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:2128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
    3⤵
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17341603024393324688,2890673277559953809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4032 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4e33bb14e7cdc0b41e1be8e99e942027

SHA1
3cd195a80854733baac24f7b947a32144ea23292

SHA256
c0f5c9f3360492218c3f1ef10576f986821e2954452e63af4249e4e192c2d4c0

SHA512
1f6fe76b2ce0ddb4208285d9ded5f4113d9a603f69e9a1d9d5ba25fa8648ab96079d2563a1ae412ea6b9e51418bc7d25c239376a2eee68badb8110cfbacece77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
2c611a5e0570b35e3a86dbfb8a943254

SHA1
831b31fcc2ede459f33bffe011b16da64b593355

SHA256
ff8900bdf7180809bc7a96e48d2b2144cebc5b7a07bf28fba808d5f14a40d993

SHA512
cf36a01f8959acb6a74db5510717c12c9b17f67620a261590164c0e7b59e1dfc0602d05de4e80cd1a543829b7e01e863c54eec6a7f49acab7a707c085848254b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93be286749da240d4b977f8edc55a0ef

SHA1
bf7617e7e989ad045a2475a6c8a2122ec7d77b39

SHA256
fd07a3c841071ef4e1cb78c52bf9d90ca5b3a3eaa4a10979abf633c4318ec842

SHA512
9f0adcdbb282f5efbd6feaa91cf413fbd7e23c516ad12602c4216c85ae455db4d9d8d0a2e3258c42a0aff8ac407974f83ce5189b2bac3bb2d33a1aea54329642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
059e7d895341f8a50a62553eeb043913

SHA1
777a9c0c4c5162882cc4d335be61992a5f1902c3

SHA256
b3aa2d0dc181980655678b7c909bda9e14e3436ff92306833185a3868c066e52

SHA512
e3615e7f161ea54a76c2cfe84c90a128a1789290c749c5da547edd4369b99414d653addce0d6d1408a31053ee52204a7a3a6324a1c1304540a9172a0e7afbd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\6e45ed09-aaa5-4fdd-9815-b30e3d949e4f\index-dir\the-real-index

Filesize
1KB

MD5
6247cb02f233c6243f9e1d09892d9887

SHA1
6beeff8a79638345c88aaf3bc1dbd92c1254b9f2

SHA256
2cc5717c9e65c87f48363894de9ce11ab48b6b5c8b34bf0cefa3557a1d822506

SHA512
2549cbe644238974851b8005b1acf779f903cf7fef8899c50b2b0f2b1e25fbc53644e91e2e53fd7320c9b7573b457770ec3f2b97dab654dbb5818139eb722334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\6e45ed09-aaa5-4fdd-9815-b30e3d949e4f\index-dir\the-real-index~RFe582853.TMP

Filesize
48B

MD5
08f9cc45fcfd77de85859fadbef68e66

SHA1
d25c60ceba72a3fa3ee7976ef7db384b25b966bf

SHA256
ce7de26aceed23669fd4dcd22287672095491b45ce4b692945a5043fea890d56

SHA512
b61f3db2a405c6e3d896da65ff0ae8ecdaccaf7d2a656f3c6c897965b020d762ba98feb096c648466868a73a2c9e7b7ee8e70da71538c26389e01589d105be46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\736375d9-a1a2-4936-9e3f-9fe6f684f9d0\index-dir\the-real-index

Filesize
72B

MD5
119cf3f283523dff30d85ae9b154a8ec

SHA1
631a1974acf10956037446adb1419412c4748fa4

SHA256
a2c1f2866afe4d3171e4d54ce5c70f28e29edaa5bb2b6cfec53f29813ed2cc86

SHA512
14ccd65021f89d0022eb59f081e1728d47519e10104eb8cbb006ad5a435f8bde332ff282cf1ce6e8c504be9d384c5d27e883a51dcb844f5dd3dacf9feb23ead9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\736375d9-a1a2-4936-9e3f-9fe6f684f9d0\index-dir\the-real-index~RFe580b75.TMP

Filesize
48B

MD5
f7575333effe07d7a86312a41a7f6419

SHA1
d3099807622fdc89266158dc24f23360305e3501

SHA256
62c4a32d03719985c492de308c019ec158488793bbe82dcd66faa6dcdc0bd498

SHA512
a936f30b39ffb1cdac621ffcf6f3bd2f1ba4b77a828810a78096e10dd1dbe1fa889af3fbc74021a594320756eb9e1ea3226900a95a4b7823bb26599c396a5284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
18c698ec64d297cd4debe71a939421b4

SHA1
cb9d63c1c1043e4fc0e58d1db7ceea1afdbce520

SHA256
914dce2fb95f7fff995ea60574021abe57a991ed11705b402754efa65991897e

SHA512
f975feec42f4e7002ea190742db1c4085553b743e138338a7ca111bf6b0bb82ed64e848d78226e03ebcd91fcae0d25535c3f076dd80f3b1f703d8aa4afc6930e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
bfe49b0d76b5a4d2c1f2b2954f65373d

SHA1
d3cf70c5a77180beab36096ac3ad7e019276b300

SHA256
46fd8171a89e7e822fb23d58cd38afed700eb4d50780d2460d5717812e485ec6

SHA512
fdc3c8f3847a351f3140414b11d707beed12590c3ef70d7fa2a371d67670b0800c5d08a460d151c204ac33a18daa82f5eb49b8a75b75f74b8bfdab3b96a0adee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
757edcabddb71f3bc5cd67f417e570cc

SHA1
ee0c3134493a2b852ed19464d3206566f4766abc

SHA256
bd6b62c3fbc94f1c08405fd233b91d7d5648dd0f3484a6e97b400bd5bc6a47f3

SHA512
af5c8ac410b5d91cd1e00368528ee1d0bfe47da002d8d8613fa1572b4624a98a20fc297d7c6a30d39bc96bbc025a1c8e1dd2ac326dbd903972a484a21414aca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
30f6796a637588ce5f1a18b73862fb0b

SHA1
29d151075067b2cc666939ad5d64a07509dee58d

SHA256
c8c8720ddbb1873ecc7a1816ea800121c2918d56d66918d898584097a4ac4ae9

SHA512
011bf9e6b2f808bf4dab8dfe64bf2c80462c7c9859ce79b23983c068c50ef748c1f6c177420a9436bbcb8f694d20f16ef95f0419f7d7f43ac6731abb1cc6a22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580b26.TMP

Filesize
48B

MD5
00c6a085aed11a2d5c8cfba9d7c91da1

SHA1
66eceda61f3b67529e26f186d7b9566354748413

SHA256
f282eff8342d4a56986cf26ff18a1f1eabf9ae2a3bac99484169277231437149

SHA512
c8d25194bd25ccba3bb2699d9fdadb3fd46826789f765293af1cabba517acc9d70f447b8570f5f2b719d189117e949c969614e55dafbb0e71eeeb692a3c0203a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
671b24895e8c319be1a6aa3d4ac21888

SHA1
8728f043c2cca1d7817df4e08641c2a56802ad11

SHA256
5c5a1e130402e8682d49613a93bb802157499fd9b657b6c9930ebdb2b4c252c2

SHA512
7b336da08daf73a33b889fbfa19e75cc70cd60dbe101b099a89a7c2b173dea6b679d468b18fa5c8b9140831cb572427ff1586b601929d361d0c2d21a00f110b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpA076.tmp

Filesize
1KB

MD5
a10f31fa140f2608ff150125f3687920

SHA1
ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

SHA256
28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

SHA512
cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

Download Submit
memory/4780-25-0x00007FFE03250000-0x00007FFE03D11000-memory.dmp

Filesize
10.8MB

Download
memory/4780-23-0x000002DB26850000-0x000002DB2685E000-memory.dmp

Filesize
56KB

Download
memory/4780-27-0x000002DB27B10000-0x000002DB27B36000-memory.dmp

Filesize
152KB

Download
memory/4780-22-0x000002DB26890000-0x000002DB268C8000-memory.dmp

Filesize
224KB

Download
memory/4780-0-0x00007FFE03253000-0x00007FFE03255000-memory.dmp

Filesize
8KB

Download
memory/4780-24-0x00007FFE03250000-0x00007FFE03D11000-memory.dmp

Filesize
10.8MB

Download
memory/4780-21-0x000002DB23CE0000-0x000002DB23CE8000-memory.dmp

Filesize
32KB

Download
memory/4780-26-0x000002DB27930000-0x000002DB27AB6000-memory.dmp

Filesize
1.5MB

Download
memory/4780-20-0x000002DB239F0000-0x000002DB23A2C000-memory.dmp

Filesize
240KB

Download
memory/4780-19-0x000002DB099B0000-0x000002DB099C2000-memory.dmp

Filesize
72KB

Download
memory/4780-31-0x00007FFE03250000-0x00007FFE03D11000-memory.dmp

Filesize
10.8MB

Download
memory/4780-4-0x000002DB24380000-0x000002DB2443A000-memory.dmp

Filesize
744KB

Download
memory/4780-3-0x000002DB08170000-0x000002DB0817A000-memory.dmp

Filesize
40KB

Download
memory/4780-2-0x00007FFE03250000-0x00007FFE03D11000-memory.dmp

Filesize
10.8MB

Download
memory/4780-1-0x000002DB07BD0000-0x000002DB07CD2000-memory.dmp

Filesize
1.0MB

Download