c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896

Analysis

max time kernel
185s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 12:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Krnl.exe
Size

1.8MB
MD5

e9cdcd3816bbd105ca2f309af36bc16d
SHA1

fc3fdd5e7fa88defdf76b8307b0fa2be48a45db4
SHA256

c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896
SHA512

c8aa7fa445539017aaf09936f308c9743c1d1cfcf00ebc98ede98212e22acf8ea7d8738a9d11b759910af866b1d0786e4850bdd12a9fc7002d2d9d4cef5c3867
SSDEEP

24576:ePABanooMW/8umFbh8A0SsKFucT+KNgxysc5U7ecSgL6y+gk+rnxdarFsP:eP1uB0SV1+KSxyr5UzS65+x+rnxYruP

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000\Control Panel\International\Geo\Nation	Krnl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2944	Krnl.exe
1896	msedge.exe
1896	msedge.exe
3292	msedge.exe
3292	msedge.exe
3428	identity_helper.exe
3428	identity_helper.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2944	Krnl.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 4216	2944	Krnl.exe	84
PID 2944 wrote to memory of 4216	2944	Krnl.exe	84
PID 2944 wrote to memory of 4216	2944	Krnl.exe	84
PID 4968 wrote to memory of 3292	4968	explorer.exe	88
PID 4968 wrote to memory of 3292	4968	explorer.exe	88
PID 3292 wrote to memory of 2732	3292	msedge.exe	90
PID 3292 wrote to memory of 2732	3292	msedge.exe	90
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 3688	3292	msedge.exe	92
PID 3292 wrote to memory of 1896	3292	msedge.exe	93
PID 3292 wrote to memory of 1896	3292	msedge.exe	93
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94
PID 3292 wrote to memory of 1684	3292	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\Krnl.exe
"C:\Users\Admin\AppData\Local\Temp\Krnl.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" https://apps.microsoft.com/store/detail/roblox/9NBLGGGZM6WM
  2⤵
  PID:4216

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/roblox/9NBLGGGZM6WM
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x94,0x7fff451646f8,0x7fff45164708,0x7fff45164718
    3⤵
    PID:2732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:1592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
    3⤵
    PID:1272
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:2736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:1140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:4188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:4000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17996287614282375537,2827515305778376276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
f981d6fb56796029616e790579484769

SHA1
5e59abd4b5e58387c3d93a0e2c96d39d3ca21443

SHA256
b1c9b5d837cb9d4fa3d6b699cf84b74e95322c7ca2a95a36e80ea171e399216d

SHA512
4721beca05bf4f489d7e3ed44cc28d33b1607a4e4f868b2ee8360b998c009f6028a076ebf0600352e17da9e67f6229edd09064f2aa673230dead04060e0904d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
651B

MD5
45cc9b77dc86eb2b0617d0b902f7c11e

SHA1
05f2506e7f4db868383de4d9a26c2a0caadbec27

SHA256
fa3f3af987344bc97ecc01e14fe751649721e7415cd789c0f0fe6f3ac0ee6366

SHA512
75991b7b78e40fa02e1d6de06dab05287dcbf8ba0ed29cbcb3040a818e39ee7951f42350113178de7956299a0cee132a9d0ccee2310fbb474524390ebddabb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bd41642c04101a417447e97b7319b02

SHA1
8c0cfd09904e4f9c7019c01b80959cc9fe802f3f

SHA256
1fe0d94520642c805f82f34d0d3685c10fad3a44eeb27c861eaa5a6eef6b49a8

SHA512
6411ffbaee9c36bf6d1a42373ee4c96b217bfbb16d6862e74f87b7925ba5c5d63dea1c4081c86695cf694035b01ab1fa1e42496af9eb6ccd416e29b4333a0867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d5af4125e0a589bd94b837b511fe3f1

SHA1
51b336865d8ec53b162e294f8957a6ff4b116975

SHA256
fee81b8aa55ddf4a7498728c177d987db458796d1e6a35c2df368cb026474b06

SHA512
a6d9befbb0a769be2f674c014cd65de73f5eaac1203c1cc5c3e4cb4150ab6a5005630dd358106af68104fe5b7891f13b06ca1cc201b916bb8786905807143ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\0a4d7002-c303-4063-9247-dbd5b1888305\index-dir\the-real-index

Filesize
72B

MD5
f8583d88c2d92650f9a3333498937b96

SHA1
4440bd4602d3c6dfd38f54b2343979acc09e7c91

SHA256
380ba64458e1800c54cee279b091ac10b4d6e29f067b012484792756d47d573f

SHA512
7f2f5e5471fc80e091a1dbc86b5f592340e0bddb8077704334d23b3419684fcea2591777619977fff0d788a9cb7ba64bcabff84efb1c8106d8cb4c92754daab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\0a4d7002-c303-4063-9247-dbd5b1888305\index-dir\the-real-index~RFe589fb6.TMP

Filesize
48B

MD5
3396517e3d556937e3e28499aad6ddcc

SHA1
2e273fb6febc1108710701a4652c1186c734a3bc

SHA256
f53bbef8ecd898ec85f091229f00147288637cdbda1e3f00136d4ea5ca0b10f8

SHA512
9cf14f3e87192763a63bb7eb8068d55361c37bf47d4e7540a432799796a9928ccfb68b9a9a47413a4193e2be5cfe613639e271d0f8c19ec52758aab5c3d56ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\666bff84-368d-4fdb-8df5-6cb9a2226920\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\666bff84-368d-4fdb-8df5-6cb9a2226920\index-dir\the-real-index

Filesize
1KB

MD5
5e6453dd363d6bdda2fe958b5cc878d0

SHA1
a35cb70e5b701fd74ceeab9a982f7bb7dfd409b3

SHA256
411effafbbabe67cfb0c5d9d910217f7eede7f5f27667112ffbd2ec10e4310af

SHA512
c87f91265ab80dc14d0a4464c0bcb0648afce2f7654c69c0233dcdea01972d2a55c6d547999bccb287a6a5a2fb33e02e7d39351df30e71e87e2197b9221988b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\666bff84-368d-4fdb-8df5-6cb9a2226920\index-dir\the-real-index~RFe58b3ca.TMP

Filesize
48B

MD5
df7eeeebf0e7bcb46794c22e81b2d784

SHA1
d6d9b3f4fb74a3361696e78177ea966647288eed

SHA256
2efa750a64e73405a4024ea0b4a23b6438ec4960b474e286632cb2c9e76bd44e

SHA512
979f915c8198651bac5aae66ff8da1910e86c578568012ec032c88825c33d9b787b476e96e556b0b87668780eeff7fa1f0584f85b6bfa156dbb18fde71431dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\972f1ce6-f31d-46ce-b5c9-3649e675dddb\index-dir\the-real-index

Filesize
72B

MD5
c7a4836072e14db993ca13c1a41e218b

SHA1
f40319b3c6ba9ff1bda675625c4297bf8b5bb19d

SHA256
5598f7e921f754fa5868de1a5c5935528dd4459332ccf8072ba2b68d3d29e102

SHA512
4a279068b859cfaa517503ed551e12f39649f8212b0e0e7c8d9c94c5b8e3c90b3fc3fb533cfa92c85d7f98d9621eadff5977f0af78b63844ba1cb3076c628684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\972f1ce6-f31d-46ce-b5c9-3649e675dddb\index-dir\the-real-index~RFe58a7f3.TMP

Filesize
48B

MD5
80f20b826090a7d6e655546434e7f4d0

SHA1
a0efa769ff0326cebac133b6d9d8b4e54e66a388

SHA256
78d55d67c88752f6c8d4b5ee0101acf8d8d0ac0aeb34dddbf164dff2128f6c07

SHA512
21e12566b47586b1ecae706f2f71b36555e26af0d882f443ecae68f9bcc939f74a7fdbc70572292cca6b5e21fa0f2c6026890e14313492bf272e136b0350e4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\dc19d0ca-7ea6-4e3e-83e3-ed18b3d88f92\index-dir\the-real-index

Filesize
96B

MD5
7be57bdb4b76cc0cb96b23b232abdd91

SHA1
cd5ed76e075f5987137cc70dae4a2cb44383d4f0

SHA256
e15c68f842dc4b5eab16bc0c66d04ea10fbeb8c76e8de6ad169936ac9bea33af

SHA512
e516f17bb5ade411f3162fbd4a2bc4a73d315436e3388e6f6734d89933f31e5e0113282d44b80c8111e7e708eaf3d855d05f5160423bac858dbbbe4cb5964378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\dc19d0ca-7ea6-4e3e-83e3-ed18b3d88f92\index-dir\the-real-index~RFe589fb6.TMP

Filesize
48B

MD5
00bfbf0f26afa64f70c1c938aad50535

SHA1
e64ac17ab1d1571aba9d2dce6524070ce6fa0ecb

SHA256
6a78d2a121435368183c5685d862354eb6858ac34d63b0b7cf159164b76d2350

SHA512
c978b441b636cbec045131900b8c9a5d49b042ace932edb5433959ef34dc323a94f2f72c731eda17c35d66c065b75fd3f41e6808b428b018d04bcadc509f0059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
161B

MD5
640ae25eff462fd9b10311c4d451fa39

SHA1
3a4190c201d8f62d3e678cb2202303259c537e6e

SHA256
11c61d2622f8db5e89a53cbf6836598588f7bc7f648ba9b3d8188a9e46ef9123

SHA512
2f4500193414a805f76c24263e4ca62e19201cb11420c5956e055f947b00a2bce35ac1cad5f136334250571f58de041b3ea197e80f83cb09ef3b90fc0039c676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
230B

MD5
7e65a8435de78ce206963b6420252102

SHA1
86bdad6f3b933831dad532c4545f1aefc470de9e

SHA256
2e5836b239006cfb09c7ab7e0a63c794265cded5965c413452e1c820f2bf27ef

SHA512
faabe01532be96834034bd5511248d4564bba2e50b464d867e050005998655628726c9662eda3c8ccfbbe190a584fabcb656d05930b42dc8645cdb9dec8618ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
325B

MD5
84499f85ed0316f47359ecde182b541a

SHA1
627baae8d72a7a184ca4fd76a12de4f5f669d621

SHA256
ac4c87a1ed0d8fb2bea5b8de54eaed912b15ac6f0982b96346f847fd57b0ba2d

SHA512
70e0040bf2fb9dc12368f42a03aa37da4470256879275b79a26daca6c6289c37da664d9fc5a7aa02362e395ae5e80558c881788cf1e398572e283207860deaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
322B

MD5
9f82de437a8524c16e159a8263f92b29

SHA1
ae96b8e72f56da34f54d7c069652d0f64001f82b

SHA256
86f23d212ec057f0e556cacdba07ea0c7d2e612576981e4e75f2c0bebe8cd9e1

SHA512
64e8439b85bb7219937be7a7a95818208b39d099ffb7b34e1b79d30f224d26caddb00f4b65a0ae8a0e89a18a380af9b0749462bbb3fc9d3dfb5931142e9aa6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe5850ab.TMP

Filesize
90B

MD5
5ba9842a538beae905ddd2d20ae1a7c4

SHA1
1d7392ead0c339979116f873baf8cc2645b41d05

SHA256
d45c7fe643ac234a807dc9d2230d6e0d9138093ce727ec4226dd28bc9279fb65

SHA512
fab924434888336c8c225bddd798e913b4309ba089fdc6a366af7d8b2d016ff2d0f5eb92606ca52802d336df049e0464f26c671aa3dfa9f7c1b22cc2bd0435ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ddbfe0ca6bd7d2d17aea851869e35308

SHA1
b18c420364dccda22da130afb6589fcc46e91ee5

SHA256
f7ee587114982d456c0dfbfdb36e9e163aa8fb32afa76209dfdfa0663088f466

SHA512
5e20d613205269f2031c9357e352dc0d018bb972f03781726cad28786fb927129b46604ccdc66af0bed06d278d9542d62f2265a0ce18d349ea7ed5dceea64d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a718.TMP

Filesize
48B

MD5
57d68afd398fe41e8024293712c368f9

SHA1
a48204fd9a714783794ad715615fecb564c25f94

SHA256
684398e048897cd4a03577ffcb7feb0d0e6e8558755a4c7d1370ae3834ffeeff

SHA512
80e29a0c43fbde858733d8e87af44f75420f25ddba4cdef7814fe7ed44c4d5c37f09fd219166601036508cea140c45fad84d1a2b86ee17f9d7fee256868b2faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4b42c41b5b7ae3e851be8d582a4190bd

SHA1
fbb2444c5651193fea073d9f401284c897377ee7

SHA256
b8ad09d559de8b2c02ba1be17bdfb93e9546322499e4df95d35fcbe2705b5aa2

SHA512
0fa8132a9b3714f191b1cf103ecd3519d9802d93fe4db7a4d6425950cb7020461aa1975006e58a06438f58e0720cf33a8077e1261d4ecdbd59756fe3bf0a99ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c213.TMP

Filesize
707B

MD5
a0628af0f1b498d0c7b9f3fe4f116af0

SHA1
219630373c9e1927bb8f6edaf6cb4c51754aa2dd

SHA256
675ed3fe72454989d938c53494c4b44500011ef06372cad507823c1e2ade7043

SHA512
73768a658a8991068adeac137ede817949bbef203b0a6d2a1c8d9760997c9a64f3be9d0541de2dbab5c1307796a31748f2b0e26a5de99a3f6180740c8433c207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30b001e9b0c1907ffee8ef4c79d00bdb

SHA1
e21b2fae079a03650899dba6224853fa75068d4a

SHA256
3b4899762399331efee0ff2152be5479d0616d3f30581525801d232beaad219a

SHA512
75f0d66b11d4c4e163b23552c5e8cf598ec7ac9f19e8f113e3ffe2421781f83bfe60988f8f10044fdce5ddfd0515d043a6ffb56a876ff4f625e0fa7ade42fd46

Download Submit
memory/2944-0-0x0000000000700000-0x00000000008D8000-memory.dmp

Filesize
1.8MB

Download
memory/2944-348-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/2944-235-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/2944-8-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download
memory/2944-6-0x0000000009320000-0x000000000932E000-memory.dmp

Filesize
56KB

Download
memory/2944-5-0x0000000009360000-0x0000000009398000-memory.dmp

Filesize
224KB

Download
memory/2944-4-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/2944-3-0x00000000083E0000-0x00000000083E8000-memory.dmp

Filesize
32KB

Download
memory/2944-2-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/2944-1-0x0000000074DF0000-0x00000000755A0000-memory.dmp

Filesize
7.7MB

Download