c54d526da6cc7ab50db767bb1666e111a334df6f24240667d472d0522e06ae7e

Analysis

max time kernel
845s
max time network
849s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2025 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TouchVPN Installer.exe
Size

1.0MB
MD5

7ec7f13778ff6a2c47bacd5f421506a0
SHA1

d3e49937895de5b700bb455a4f2c65e5a251617d
SHA256

c54d526da6cc7ab50db767bb1666e111a334df6f24240667d472d0522e06ae7e
SHA512

834d2175b4a0c83d26fa306687e87dbb636fdf449a0b02dfe123bd42704597aa948d0ee91a79f0972aba009c2a058007ec4ce7e60d601e93898dfc56b43ed383
SSDEEP

12288:qvUGQWpy+Tac0RDffXJjyYpcyoNHSy5viczPESsQ3BaE32VfXJjyYpz:lGQB+2DR7BWYpcyo44u0aPVBWYpz

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	TouchVPN Installer.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
3620	msedge.exe
3620	msedge.exe
4252	identity_helper.exe
4252	identity_helper.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3588	TouchVPN Installer.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 3620	3588	TouchVPN Installer.exe	84
PID 3588 wrote to memory of 3620	3588	TouchVPN Installer.exe	84
PID 3620 wrote to memory of 1868	3620	msedge.exe	85
PID 3620 wrote to memory of 1868	3620	msedge.exe	85
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 2724	3620	msedge.exe	86
PID 3620 wrote to memory of 1628	3620	msedge.exe	87
PID 3620 wrote to memory of 1628	3620	msedge.exe	87
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88
PID 3620 wrote to memory of 5036	3620	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\TouchVPN Installer.exe
"C:\Users\Admin\AppData\Local\Temp\TouchVPN Installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9NBLGGH5GB3F?ocid=&referrer=psi
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce8c446f8,0x7ffce8c44708,0x7ffce8c44718
    3⤵
    PID:1868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
    3⤵
    PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
    3⤵
    PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
    3⤵
    PID:1664
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
    3⤵
    PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,12877749141333651579,6386588817081042923,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
45fee71556d8cde31a8ca50b65080a58

SHA1
b36fe57613841734400eaf417f0f774f89af1efe

SHA256
4740015e1dc3695e349ddacd0b6767a0184e5298b3a95aa55a8a19b9b24c56ee

SHA512
99c4ac68a9525b9661561d213a81aca90569c56d87d1fdcc57ffbd8633279866e82ea6d78f778ae22cf5bdc6f897bcb61635889f75bf97b311fe727cc809dc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
339B

MD5
36241a71cb5c037c9fb83a36a3a70cec

SHA1
2db701ea9421dfa6800d09c5c1e8845d93b9b907

SHA256
3cfd309540de0ee8389d603086fd25856050a9d4c5258db6bbf8a99606906661

SHA512
fc4b43a16e9be8d9da40318c4399b1553a26f0fff572f27ba1efde1b3ec22ca63d72601adaff93435fbdc235b8f1ead8879129357573b6edc2140463f0e8a495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c10705ef97522dc7b65fff93e0f74832

SHA1
a31bc9fb30458aea223ee1c2529a989e8d703dce

SHA256
a2d529fabd2361fe92eba88b833feeb23a109f3b454012ce479a18082cdd4525

SHA512
39d31c991d96eb789154dcf29d08fab7fd3381d76d5c7295484b92eb7b5a9275ed89e4f80b6f350e427885bd45da9d88a72eebaa3e5901fdfceb8e40c12c3c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9111290f35d7f45feb90453e9a7bf16

SHA1
34558e99413bcb52a7d703e90b6d330eb8443ba7

SHA256
e09c568231e74688be828faaa5e0c512f69040628388890844236bfe2b65043d

SHA512
142ce4101469ba014125bc115f8cfdef6f1fe76d7fa1c88ac38e6684d3be3ca04bf076d60d2d494f1d582f688a6a9b25d1dfa403a2a84e76a54684d99e085ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\07b22584-8a0c-4818-8e36-12038c49c9c6\index-dir\the-real-index

Filesize
72B

MD5
3c760f91a1b74a4ea4255f1260a4c45a

SHA1
50a75d4b7e6c2eddc20086a92889873d9a40a950

SHA256
09a8ba1037f9a723d3e9580cd94cf80b3f410c4d998b1d21100d1a2d9190938a

SHA512
d430c871d6b6ebf19bd6c83f1bf792d9e7001953a112defb357bc41ec493e5874dee0128021843b647251e3ef52971664b8a5adfa63f433234f2cf27e3ad5ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\07b22584-8a0c-4818-8e36-12038c49c9c6\index-dir\the-real-index~RFe57d85e.TMP

Filesize
48B

MD5
e25fc0e1b5b3c2367ecc66f94e08e40f

SHA1
fe3d81f12fe871493cbf54c510ee4d8b834f9ad1

SHA256
0f75a8e101f1dd5346298806e91165e47a845ae359bf6efbfe8c870492b76a87

SHA512
e71299228253dba6dc5b268bf36901a4ee4c6d6b6454c4808795a4ce7f4728e07e4863a2d12f88cfc6af78d3cee05951e5dafb8b1d2bfd3b88167a805be46793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\cd265aac-589e-476a-8006-8357daad78a4\index-dir\the-real-index

Filesize
1KB

MD5
49e02e9b2e5a50835fedc40676c70e49

SHA1
0de925f8b305bf025f23d578b3ea98fa13950e29

SHA256
07dd006672b604dd64477cff05e53788b8c16b2ef0b1cdceacee58d6c6152fd8

SHA512
d540a3caa2be88ff57cca67d560dec6ad8fadca5f722ee6096c34d6583caf6c660a4d110e92fb0e1ec67cc44ee356f47120dc770593d7894654da29035bd2929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\cd265aac-589e-476a-8006-8357daad78a4\index-dir\the-real-index~RFe57e510.TMP

Filesize
48B

MD5
dfcdf3c638eede71112fcd61c7c8a707

SHA1
6f1f0a77e86c40ffbc99efc67791eebff23350a1

SHA256
3931e19508eb4804889adbfd55c8eeb807fcf6215346dec5f76e1d4fd3673d4b

SHA512
e2eadc6b795049752f9687d5ee701d24833c9fe48a4aa35112c248e37da887e984eaa8e8b4faeca2a68264003ec5a8bd39a32f7a0fae0a5c3ba51388dd085d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
dffd950584c01c1ba01da50a1da593b8

SHA1
bef7f09fe13e1e29cd853a558bcde6d826175297

SHA256
e1e3702b614eccef4acc4dc576c37283c4333cac4b2b4c6231c51ca914bbf3ec

SHA512
87b2c968633db6e3273b690a0ca6812ab0c7fc4ad4feb76f2fb6b46f4afe173780e3808801ed6f62002855de933e6abfb4935aab4067c8cb9bcf3e92fe90a8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
734dfb90a10b118297d8abaae5651d0d

SHA1
00b113d6e2a96aafe21774aa4e6d14545eaedaa0

SHA256
f14da91b8fc9d2637d1dfe91d480ae9c74750fd37e3b69e89ba9f4309e36e1e0

SHA512
e862520359fba2ee02a24fe5d30a69edc43531907fac94792316b40ecd335226ed39fb1d90853e9dcbdeaf1b91b1991e5f1061289cc8a0bd35351298b2fe3be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
c7d96d8e19aa27c7289cc22b3973708c

SHA1
2ba1082dc025914ebd31041c6ceb95ac624f41b0

SHA256
40bd4d47f9b379e6deb33c669132c838adaf20cd31269d8a8a0f77490a5f2d22

SHA512
a15810cd7ea1b7cecd569b171e4abdf9d9775edd8048db73a7b2b3ec3d4ba630cb9f2b0ede2f1e43882baf4194f92a5616494a4d140707288053647eb021ea2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c838295c092d20000d3d822ab94a5892

SHA1
b09c176fad86df64a02d2d7dc3b201c6ddf9d081

SHA256
9ac7dd9da288640a3d2490f05f3f0e8d7325aa5f328c05cdf7b6556b80d8e218

SHA512
019414977034f91e89b32f4c654ccb3e3df3008fb6fc7753e3c8d9ff9a2b67c5339bbc20d773d68025fd58dae51bd5b2087a8e6aa5e0bcbcb786f9bfe75f4233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d820.TMP

Filesize
48B

MD5
b13c0938f90c6aae55a177a4a8ec7c61

SHA1
3d59d348edbc1eb0534c7848f3b5275ac7e8e569

SHA256
886ca2653049b6b4d0474e04bb8fea6e758652071bb734f231c224cb469c51aa

SHA512
55f83262400645c1576481e8d02c86b39ae4eed6de468640c069cb554a3a9f23e44d90ec653b087cfe5cf5f5300b0d7a782b0d30aefa75777447898221a2f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5e7ce7e6b0c9c4068301cbe31395f346

SHA1
50689f88e6e40d9260bb4cc88d42e8a7acd8acda

SHA256
d5eae8a2afbd8d1bd69790ae1b11ea7a40fc71ade22d32869fb59756bb9d0540

SHA512
14b973ff3627330a7bd06b6d3913216d491ed8f7f542deedc3a5aa8178f16b242bb5970d443b4eb5a80970d709f8c3f68ca7d35e5d7ee44cfca9d62bd4d1cb1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp739A.tmp

Filesize
1KB

MD5
a10f31fa140f2608ff150125f3687920

SHA1
ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

SHA256
28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

SHA512
cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

Download Submit
memory/3588-0-0x00007FFCD9873000-0x00007FFCD9875000-memory.dmp

Filesize
8KB

Download
memory/3588-31-0x00007FFCD9870000-0x00007FFCDA331000-memory.dmp

Filesize
10.8MB

Download
memory/3588-25-0x00007FFCD9870000-0x00007FFCDA331000-memory.dmp

Filesize
10.8MB

Download
memory/3588-3-0x00007FFCD9870000-0x00007FFCDA331000-memory.dmp

Filesize
10.8MB

Download
memory/3588-4-0x0000020DBE5F0000-0x0000020DBE6AA000-memory.dmp

Filesize
744KB

Download
memory/3588-27-0x0000020DC1DE0000-0x0000020DC1E06000-memory.dmp

Filesize
152KB

Download
memory/3588-2-0x0000020DA2400000-0x0000020DA240A000-memory.dmp

Filesize
40KB

Download
memory/3588-26-0x0000020DC1C00000-0x0000020DC1D86000-memory.dmp

Filesize
1.5MB

Download
memory/3588-20-0x0000020DBDEF0000-0x0000020DBDF2C000-memory.dmp

Filesize
240KB

Download
memory/3588-24-0x00007FFCD9870000-0x00007FFCDA331000-memory.dmp

Filesize
10.8MB

Download
memory/3588-22-0x0000020DC1870000-0x0000020DC18A8000-memory.dmp

Filesize
224KB

Download
memory/3588-23-0x0000020DBE980000-0x0000020DBE98E000-memory.dmp

Filesize
56KB

Download
memory/3588-21-0x0000020DBE8B0000-0x0000020DBE8B8000-memory.dmp

Filesize
32KB

Download
memory/3588-19-0x0000020DBC580000-0x0000020DBC592000-memory.dmp

Filesize
72KB

Download
memory/3588-1-0x0000020DA1EA0000-0x0000020DA1FA2000-memory.dmp

Filesize
1.0MB

Download