fd3d994a8df5d39bc52913d67378da483e638cf2655630de616a6ab35d08c21c

Analysis

max time kernel
107s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2023, 10:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

vibranceGUI.exe
Size

776KB
MD5

6cc583a1f3f4500a524b61255f1d2710
SHA1

7c1a236e291746b781aef5dafbcdefa648f36357
SHA256

1cbaa4d4c817743a7ec88bdc3f8d15200e543a86e0b3374c6d05a15a0762970f
SHA512

7fe177862b1aebbbe32de1aace56cba69d35667a0d337847984380f039fed7c61cda60c2e6c02e6214d4178f715e808089f5a6b4396d94dd87d01a97a88ec8d0
SSDEEP

6144:LPaQf/VaGtX5RlJxeR2CoDnpYRkIE3IRv7I1:LPrHVaGtXV6RToNYRkh4t4

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	rundll32.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_display.PNF	DeviceProperties.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4264	4772	vibranceGUI.exe	84
PID 4772 wrote to memory of 4264	4772	vibranceGUI.exe	84
PID 4264 wrote to memory of 4784	4264	msedge.exe	85
PID 4264 wrote to memory of 4784	4264	msedge.exe	85
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 4972	4264	msedge.exe	87
PID 4264 wrote to memory of 2372	4264	msedge.exe	86
PID 4264 wrote to memory of 2372	4264	msedge.exe	86
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88
PID 4264 wrote to memory of 212	4264	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe
"C:\Users\Admin\AppData\Local\Temp\vibranceGUI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/juvlarN
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff90cb846f8,0x7ff90cb84708,0x7ff90cb84718
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14339573295146100391,13779078082009785739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14339573295146100391,13779078082009785739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14339573295146100391,13779078082009785739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
    3⤵
    PID:212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14339573295146100391,13779078082009785739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14339573295146100391,13779078082009785739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14339573295146100391,13779078082009785739,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5016

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" display.dll,ShowAdapterSettings 0
1⤵
- Checks computer location settings
PID:4332
- C:\Windows\System32\DeviceProperties.exe
  "C:\Windows\System32\DeviceProperties.exe" 66270 "PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08"
  2⤵
  - Drops file in Windows directory
  PID:2088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a89be5cb49348ed9d8aab4cd346aa6ac

SHA1
52b576e15697efffa260c7aa7284858ad1ab2a39

SHA256
f31f2f707ce455dbad468c6d381176fd6b0393a45ade14c10fbadfaa048ba6e2

SHA512
acdaea93e2d9edccf3e35c0f6ff2a9fbffdaf3c3755cf798b839a81dd8b7d3fd86e91e2aba9719fbb5c3b59a4dc854c430495279d225cc8fd9479f2d8e2e8216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
6a0760f8be26a5674b2e37190dbc9709

SHA1
93509abb2669b35e20482036401be413ce7d2ccc

SHA256
8f2a7176bcc77cbf284a24667b33c0823602e51bb34976bd207c3855db9e67ed

SHA512
cdf0d791fe5edf02bbb63e82f6b253fe9508ab53d7178f5d8ac3b7e94a1a090da6134c229f43cb6d7d036524d72f3cabfa960095859b6f7bfbf9277f9f2fd3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
682B

MD5
2881dbbf1e014d420691d05b3d18b86c

SHA1
930fb3436c9a97baafd57e7d739d9019ad572be3

SHA256
8f2bed8f445ba4194fadca66df731875a862556b3a79b824fe499a1e2c9eab05

SHA512
5f9a512b90c21018f3da3bef35cb7a3f0de732e415f3fab2be7dcecfda1fa248696e8498a36c7cd975d3b86cf478a56da68cc5de24b2c049dee716071e8e8ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1e08bdb5888115cfe84102d1efaa453a

SHA1
4fe199b5075f836c7bf84d2bf0af91620cb14b19

SHA256
9b0de0a15126e771076eeeed2503f6e31f2669d93f6bf908ee7d292d6dfd7a69

SHA512
c2960b836f25e1fdeb1e67bdb34ac4bccd1e9fe3e49903619c4dcdaf8b5652aa3a61762fc78d81da2930ffec60c9539309d03968f2adc037fb11d1349e503e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
108e2759c432e80cb80db61aceb6f00e

SHA1
68ae22d89114b8c1cabd290cf929c2f777957f49

SHA256
8a89c5b2b72529d1025514e560ca919fe2cfb288a493af6c1b4ad443dd164fe7

SHA512
220c8e0334c309ce175b6e6f51973ee00e9583fe0a2d884e0975f9bb6487aaebc20b7cc43b37b85b5251ef8ca19b84653a952e93963326c10729eb561d665b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2b124f61c93acf61ec7ce467158b4a4

SHA1
a2822f6184b4e0d2327506224b03c15c4447afe0

SHA256
1ac74df78b3fcd89d5e2db1e323f4b5171f40eb342afad7c408957c5edfc45cf

SHA512
25085a2248b14cd56e124d4f46903b791a1d7c8cdb7834389257db6f5cfa2fc5573e099ca7cdde19ffbfb7e97c79af199b6a05a751093f2f34b9564726028354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1128df97dd5642ab9d43159c9d5f6226

SHA1
9ca10e504cf15362f4ebd932a500b4ac12a9b87c

SHA256
f1e66a4077574f873027baf9a9e4ab234b1e1b44d7ad21e529858404d23be268

SHA512
601534fb98c76739feb94b56992a8554b9ad3eab5f50e904112c4e4e7306b86868d093578450bcfc05479cdfa9c5a05395461d26da75f4af686773549397463b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\03393bb4-eee0-4d4c-ab26-bfaa08c81125\index-dir\the-real-index

Filesize
336B

MD5
3b98c321b819bdbec8f1fbb7ac579bce

SHA1
ab564267ff1de74b6f288a7c238d5a6e1bcb96b0

SHA256
0b36403d609f7e8ab8e6d059484dddf9ad1f2c0b1fe2674145a76c447fd2bcf0

SHA512
0b573ead13e778f3003014a2193eef27eb22bab2067b0b20349e30954d1f61e5f44fca5d18b9f4b9e7ce84c1527a8684148f4b4fd83d70b4795de1667556e2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\03393bb4-eee0-4d4c-ab26-bfaa08c81125\index-dir\the-real-index~RFe56f021.TMP

Filesize
48B

MD5
16eee4d1bafe8b8c66abb4f66d9f0dd6

SHA1
0e07e97f8b010850b3d47c33d2d0dfbf76b21dcc

SHA256
78390316399af23880f2ceca6145c4caddffd0112b27954551c57cda2e48a17e

SHA512
29255f68b576b4a3b7122962ea086b3cc7600647480a098c26d239b68eea24c3c407d57d6371b2f523e1c11205f81416d752f8761b9dac2d45612387bc89d607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74abedb4-57f4-45e0-9a5a-e191925d35ae\index-dir\the-real-index

Filesize
72B

MD5
6f85f19307de731404712dc71ccf9628

SHA1
9fdab8b8536d9e7ebed1161ea2cf0d91254463a4

SHA256
0664ce508097f3110e6906c2a5a778285ae41fc6d2e106abd838f0c29d5b1d59

SHA512
f614389c2265adf4732e871668f0c0e1d57c9c060ec8e736b8ac4239a8c93e406ca21103f09aa7c7326cf66b2251f4d7ec48a7cfaf7e9b6aba5cb4fbf01cd100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\74abedb4-57f4-45e0-9a5a-e191925d35ae\index-dir\the-real-index~RFe56f002.TMP

Filesize
48B

MD5
1c090aeed08c029e67f05eb5245d90e0

SHA1
354e63fd62cfe64da582bb62e2d8cc7f467447ba

SHA256
2a91817c97c1835bb3776061518b13b8b116edc72d8ecd2c98e03697c92916a9

SHA512
c95a7644cdd3ff51317bc72dd833a39d97257a6cc5a701aca40f8abfe8819073b1f999aee051ef6d920bc78dc1d5499120ef241fd74399fccd77d9f676d33d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
7241f979db0f4fe0ab58e199b9772cb8

SHA1
ab362735f16612d52e9c3f1ca22591ee57aa78ae

SHA256
31f47380823f6402877e453cb5e4c0329fe17d1f8f140ecdeeb7a14dcb3b44e9

SHA512
32d819bd9bad814f678edb1ad6be38d73f9fcdd767f49d2beafe3df3f43f32d1fe5feb6a27bed1e59a3b2ad59008f33e8e0ded6879c0729977655c3f9cb7d91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
138B

MD5
cf91f0e268866377bee04330273eba3c

SHA1
9e3e2b411c18c3be9f1adb25809417c21bbac30e

SHA256
52ee149f4e0209eac9d192417bf151c2d5270f9e56d1091bedf1447aed4ee448

SHA512
62baf9187e28ea788966b3b4f7c47ee0d7323206e5fe77a42ed3cde3b0bea3a6dc5351f948f965a690d1de782a5c2664346a949cc0949e880228619d1e639344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe56e033.TMP

Filesize
83B

MD5
22f3a606b1515a9804f6027930679872

SHA1
5329ae3637bdd91416192a9940bf012e46f1813f

SHA256
c7ebef0c62f081fe667f70ead66e40174ce972214295912d6e41fedf71edb1e8

SHA512
d42dac3dceed1748e8b469059c6c9a61db969931ef86a340e0cad4372b3656f0e7c9f5f41842f6ea25cff1b9d0029f2b3caa5ccdc200af754b55a7d66df18000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c6d44e6d8ec1271dc97099e266effb1a

SHA1
a80b90e3d9cd846723508d98459823e66f22dc6e

SHA256
d6ddc9f5bf9c7d483ae815437adf608145523522720fe6cd1788fa2fa68c3029

SHA512
a68479758eeb6934294e514eca487500b79e253356127612b746910549a390af002fb3dfdca6209e84eb02c0bce75b81bc1dd909c72b99622c7b873c9c614b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56f021.TMP

Filesize
48B

MD5
67fc678c765c936602427c1485f04cc9

SHA1
0bae3beccb2001bd4bbd10a5df922a3484c2ffb7

SHA256
9ace54dc528cabb062e2206a1a5b154d7fa2f30d23b4e119018adf742a1b38fb

SHA512
a4b89dbf8212cc6a462efbb1797e75e6c008c1f75950acbe3b83df5aab7d6923b6947605aca42d53336c718e8f8a710a5018bb79e18bf7b41c3e6e9082540194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
2bf1293730bbde28174e7a19bdb53929

SHA1
28a5e2d268f493cae3f12cf565cb821f821bde24

SHA256
a2114b94d28cbae83e42702da0be24e684058d7897ec9f860aae18a1d3519676

SHA512
84233ffc31e3d8f8aef23b6e10efd8a0bbacb7405d2587e63f854be90d7e7d593dc152332068745a97a2b7e53b54b80a34a612f324eb8ed9a4b2f041bea2dbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
75620967a21222e3477f483a0453ec32

SHA1
56851caffc2da9d2f78c497a5e7b186591f1649a

SHA256
2401ee0e95e5d38d21e3282d111472543aa6b0da73fef314ecc97e57e8f6e325

SHA512
41d47030ff3824a8b09dc8ae050a0efac9fe4312ab2158cccf6b0651880e0a16fecde0093adee4984f378713cc0982da93c11d228e412caaabc7e29154204d42

Download Submit
memory/4772-133-0x0000000000B80000-0x0000000000C48000-memory.dmp

Filesize
800KB

Download
memory/4772-137-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/4772-135-0x0000000005640000-0x00000000056D2000-memory.dmp

Filesize
584KB

Download
memory/4772-134-0x0000000005E90000-0x0000000006434000-memory.dmp

Filesize
5.6MB

Download