c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Krnl.exe
Size

1.8MB
MD5

e9cdcd3816bbd105ca2f309af36bc16d
SHA1

fc3fdd5e7fa88defdf76b8307b0fa2be48a45db4
SHA256

c24855d316a3f7e445035168a2f03dd09d8e69ae35cd4c3d1c27674288383896
SHA512

c8aa7fa445539017aaf09936f308c9743c1d1cfcf00ebc98ede98212e22acf8ea7d8738a9d11b759910af866b1d0786e4850bdd12a9fc7002d2d9d4cef5c3867
SSDEEP

24576:ePABanooMW/8umFbh8A0SsKFucT+KNgxysc5U7ecSgL6y+gk+rnxdarFsP:eP1uB0SV1+KSxyr5UzS65+x+rnxYruP

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	Krnl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4260	Krnl.exe
5032	msedge.exe
5032	msedge.exe
3180	msedge.exe
3180	msedge.exe
836	identity_helper.exe
836	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4260	Krnl.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 4480	4260	Krnl.exe	84
PID 4260 wrote to memory of 4480	4260	Krnl.exe	84
PID 4260 wrote to memory of 4480	4260	Krnl.exe	84
PID 3796 wrote to memory of 3180	3796	explorer.exe	87
PID 3796 wrote to memory of 3180	3796	explorer.exe	87
PID 3180 wrote to memory of 3652	3180	msedge.exe	91
PID 3180 wrote to memory of 3652	3180	msedge.exe	91
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 3520	3180	msedge.exe	94
PID 3180 wrote to memory of 5032	3180	msedge.exe	95
PID 3180 wrote to memory of 5032	3180	msedge.exe	95
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96
PID 3180 wrote to memory of 3788	3180	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\Krnl.exe
"C:\Users\Admin\AppData\Local\Temp\Krnl.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" https://apps.microsoft.com/store/detail/roblox/9NBLGGGZM6WM
  2⤵
  PID:4480

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/roblox/9NBLGGGZM6WM
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8bf1946f8,0x7ff8bf194708,0x7ff8bf194718
    3⤵
    PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:3520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
    3⤵
    PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
    3⤵
    PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11826753376651217923,15787535672056951181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
4b3359c5261d7dcd22d99c18da2c6c5a

SHA1
46e5fad45c5791dcd3182fec04e80cd2208b36ee

SHA256
2893b995ebe8cc218a080016b7f0d7a86dd5d2c7410bf4e461fcdab3a4f99c03

SHA512
9c0f99deff06ceed5b30b8a358c9781c70216be43be04656b9d1e5ec382c0566d2e333b467a81c267d90763831543382862ae5f95eabb0108df8308395c7b692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
651B

MD5
08219efb991adc5cd8bf1eb5100ec7a1

SHA1
c9fa18c005687725c331e629dbab9964b3900135

SHA256
8d893f4cb9cd90e78182b918a6308331b2099482c951320638f4faa2b8f36c82

SHA512
a9d840578ef839cede2b3a9e517af6ca615ae2869f39277f18c409308ae9e392513f89f50081e00bcd9c54e99d917d25173992318894c3a0cc8fc485554cb723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71643dec520f6afb181cfedb66ca1ab7

SHA1
338611d70e1f90ae9ae4a9a9fa4bd69789a018b8

SHA256
0d0cf376dc0e243002e42b6f7144ba2d8a70698747be8f1cee6e70690c0fc11a

SHA512
f28a495a34ae6a167e90ecd7f82151c1a0089595284698959313c3714cae5c4848b191bdf35807355b7a21a2ce9a3c5d4fc2d9f587a582a660cefb113baaf7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd7f880c440818f4a08fc8c085f9b60e

SHA1
ab86e47ff31c6aee29e6d8263fe49a5bbe8b5ddc

SHA256
cb432460da37260ddc563f45112c772d008983eab26ff45db0e802474c7f5471

SHA512
769dd17201d3a0e74237cd204d566dba86ee38fbd213c8b35028a2e37236dca646eab9f1733711b599e61a13ac83dcf18fa4513710fe84a5a4d5070436058d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61bdf4f15b250c92bfdd6a5d615748e9

SHA1
c145ad69788fa053958acdabefd3802ee7e7cf4c

SHA256
88a2ee79b87b134fe1756bc051b2939f60c8b6ac95b20e6f7d87ca3c68eacf84

SHA512
6c9351ab4ac1511d5498e3813dacaf87337f69e476c2aa0a8e1b076687f3d62ac07896f55e069836875ea2d3ef0c50dba04d2a03a5ca266ed4f216064c95cb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\8d57ae4b-5aea-47f7-918d-f6613f83588d\index-dir\the-real-index

Filesize
72B

MD5
b572e24b888f3ffc88f02493ef5a2f50

SHA1
4ba2092216cd67c3d9ea84f8bcdaf7365f593671

SHA256
d26dc7ad1bd16ccaa26a7dfc981c5876cd82604b5101da7ba3f3b6407296f44b

SHA512
f571e13ffa71aec5d233b88aed333fdf54f4ee0de2c43c042c42972cec680a21832dde6ebe2af22f1ee76a452b10ce680613109794c312e8f2458b798c4f2714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\8d57ae4b-5aea-47f7-918d-f6613f83588d\index-dir\the-real-index~RFe58abdb.TMP

Filesize
48B

MD5
776fba229626e2f2510e6b10efefd45b

SHA1
e28e0243a2ec0028c493b8f2c51c42beeafd968e

SHA256
f1698df8dbc4b341c22fe32e03bbc65b8120ceaaa44bdafa1049b31e6ec6a147

SHA512
49ef93ceaf30fc84264222c8118e472c311d5f903e4cb4b8c2a263bb075c340c95229e9d9557b4c049a752426961882d5c32bb4ddbe9a66175f03e5e7a2b119c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\978f812e-0a54-478f-b771-172cc94533c4\index-dir\the-real-index

Filesize
96B

MD5
c04b37e4f506648e7d303fda7b77d23d

SHA1
cb6c75266f555612f0ccfc072a91cf21998ad09a

SHA256
be7bade924e02eb3b7b6a856b4b946a4e46707ade2566211e302fed322edb3fb

SHA512
b2aa629dd633b80ca22bd814242eea7574c03f209888b928cbf083ee4d218ad4c90db468f7c56c0246d856869c5895fbfca8bd970b44ed64f71e603ab752a06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\978f812e-0a54-478f-b771-172cc94533c4\index-dir\the-real-index~RFe58abdb.TMP

Filesize
48B

MD5
dfb0deb8a0df7cc2c09f45729eea1bf9

SHA1
32a873386a01b506d276e87be06f41de50bfebac

SHA256
afa98139f67b69166265c1500f2474e406fc527ca46a810bfcaf255bc5c2775a

SHA512
bc6ce55d8ba18add72b2604ded8a30be9dcb5edf89b0b683ec6d23b3477d7db59c8081ac6f54123ed2fe1aaa884ec539702166673b3e16d81fe5ed007d7e350c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\b48b96d6-4bba-4ae0-a497-55fbfb84861b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\b48b96d6-4bba-4ae0-a497-55fbfb84861b\index-dir\the-real-index

Filesize
1KB

MD5
76d6cf4af3c44ed51a4e47e941860daf

SHA1
2866ebda9c08c68f91d2f4a60bb6a043bab88896

SHA256
58d7742258263887dc5b681b369cd5974b7c50d2d9383a2d4294ad927b863aa3

SHA512
e7a63205d2aa6be24d247f1ea2798d9f3868fd5b4ed067013624efd31b4586370a71cea6d3340991fa9643b1fc2dda12a100393d0b6bb9f6b8334787fd817040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\b48b96d6-4bba-4ae0-a497-55fbfb84861b\index-dir\the-real-index~RFe58bd50.TMP

Filesize
48B

MD5
67d9089cc60fabc6b123f9a3d2653c28

SHA1
7582c2c89839541adbcd56928a2115d91959ed1a

SHA256
9ad0b406bd2cc0f8a5695b319a60d8038ef3534d3f0664e931fae5cab827c093

SHA512
bc06fe2e7c2a8527d4c33b925311283471a97e8917436ff1fbd12f72dcc28e38771b711fb60a785411868a38aa29321cd7833671ea2dfe8597d09523c0efbc57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\d9fd2a4b-80bf-40a2-a3e3-9fb517c84779\index-dir\the-real-index

Filesize
72B

MD5
979a071b849d7fcd04ff34a878bfdd29

SHA1
eb83d83b7609b900b4c7cbb0263d80472653a173

SHA256
135bfc1144ebe1b50cb2db5c325a28529f2eeadf2183c3a8f0d944a4c2a60f90

SHA512
6862f4e1117a53c80f6e8cfdba720b8cdca8d983dc70cce5ffd93b0f5c7d7c38f30543820fd5e00292d001ca61b25a0c7d0b465726ff1081e1ce148854ed25c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\d9fd2a4b-80bf-40a2-a3e3-9fb517c84779\index-dir\the-real-index~RFe58abdb.TMP

Filesize
48B

MD5
8a71d471cf3baca175e9f0a640cdad2f

SHA1
84bd6c7a3ccabe92d5278c030ba062440925a0de

SHA256
111ecc85ab63262acc299468cab4fd6b8596b6563a63758009e1419ef57e34fb

SHA512
e911e2886163eff991ff8420c285c358838696323347238a0ad5c1382a4f18b1ad316f59d624e906cd12245ca86fca2a5f7c6497f1d28cf601620518b474bc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
161B

MD5
3bbd6f8c93429c01c7facfb5dfc07299

SHA1
954b837984ee880b055575bab78c4c791a63b4d0

SHA256
0ae0edb28c8388aee4634f4dc6ab04efa347f022897a814070df559a08add975

SHA512
fc10ef1d6fad0f5e6c469838873318454280d9692dc766188f1bc578bbd543e68d5fd77f7a59194f46f6f5ef8408e50d6bf37d66d2c114347da3504b7137927e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
230B

MD5
d7c475e54e81104faa4e5f65d2f07787

SHA1
bd778e7a07096fef24420ede4e3a9edc97be0c46

SHA256
49be680542f30722e1176b98487aff38f276a8ef37240e822ab7f1d50c0b8481

SHA512
5b6287c9db2493bde1e1400f5f6f3d69c41d15354bb6ccc7b48134faff57d6608d7fd56c21a43abf3410a25efa22090a260eb56d004f4effd871e846bd81cc44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
325B

MD5
b33fbd7992016cf58de9033adfc0c665

SHA1
55a547c3cc0b10512a3596b6e33aaf7be129775d

SHA256
d0eafa33bf2b2f381325c758efd434a4512d6ee7ced5720961da09ae00a3961a

SHA512
83e7dff9a738b5bf9deb22f713b2e574186f892d3827e839601eb1be5f9f5176df75f4ad38159aff573b9ce61b74cf88432820d5af7287ab8322848a2fbd8024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
322B

MD5
549d30f58949c51340a054ea08891031

SHA1
169d89f66f2bdf9c566ecbec7a4917576947f766

SHA256
cfcac76fca74ea103417a607b129bad919ceb255ca5d62b41406a40557fe179d

SHA512
1c4fd92f46f0ef51343f461be1584d5b6cbef3e3df94695ffcb1daf372adf2d1a00615606cb50fe644e98584313f331354a315308f893c667ce6d389ec634b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe584fa2.TMP

Filesize
90B

MD5
b835811b10908a9efdc46d8b0edf9366

SHA1
a2fd065c0a2862c3f500f4ab024810c49ef43cf1

SHA256
d889bedcf4ea1414e0e5216b4387247ccf75240179f6175e7df5a1963c4f9da2

SHA512
8f5f5448dec6663e39064b7768ce7d92a8aeeeaf5a3ba7c879e1c0b6124163bc7c35ffe8035d16a5ac3bc784019dd2ca8ed8a1bde519e1cb85df5a25572a9891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
47e045f98e70c4f5697b5adbdbca848c

SHA1
5ed07c273f96976f8e35a46d5016a622f3daa410

SHA256
536b4a020314e5d64c873b9db94d7d5b1ae32ca5d6e0d9699f2133575898c073

SHA512
7e5ffcfe191529abe0b9527b16ffd59561bb3547d52db79da016f30dc9591e6495cdb540e53145e8dc09f37fce6b2cad60d086aaa6ab3ac71ed67ea24e534d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58abdb.TMP

Filesize
48B

MD5
0e97e05a558b0a69b5658e34590a06d4

SHA1
c6eac5dd1b24926851a246c954c88e51563c4d90

SHA256
14c91b2bb6ead14ea22ef36602199eb1a1286d675387f6352558185cf2a18f57

SHA512
c1ee94e6d52a68bfc9aa672c52cdc406d481fa6043562e1e1ef8f2326dd9f818d0e270e80fe93f55dd8c306a44d2a9225cee3b84cc998dc9b619e392a4b5e715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
81a7006a603daf818d0689a2cf2d98d5

SHA1
419222fe6523212e542a1955e900650243999bc2

SHA256
254f70f21552fe427a65a64d0e1fc167d227d03adf8903f5146f9174f6b7fdf0

SHA512
ee8ebc05deb472316e103dca30e53292f2bbe2e6acb396067f7878e118ad3b9f7d1f9a2d65d3e2aa2a424b43a778ed777a125f37d71e8fc5162a1729dcc532bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c1e4.TMP

Filesize
707B

MD5
de6681b5ce49ccddfac123d2342b28a4

SHA1
2019982fc684b10827212381613c3891dee98a71

SHA256
6b49c99c5690a016847bfcdfa4ebeeef3516f0ba074563bfe45769d540338bcb

SHA512
bbc3d995199e74369e695ad70edefa77143cc3de2ff114c39feac130eb3d89725cfe4169aac8037d3667170c5ddf5bc454b39543334678e94fb710cd42d73493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
c94e3d7f8b8b25131c7943ffe2652308

SHA1
50646eae45ccf412d5bb64257065681b7a0e4357

SHA256
99bb42cbfe7ff76b1d525a91179df10c8947b1030fb0cb6e4f5b59a5854d76c3

SHA512
1e0d3372e5d57822ef48cc1260362c2e4d74f5c73400a29710de4438eb73008285b6a3566fa121b74a9d086b6a4435a674a505b5eb39a62dff9843fd09085c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f81d85f67e58368eaff2cb7e024379f

SHA1
36a306fe4852a08f9a90af81ed6e602b45a71591

SHA256
73bb366ce065038d1b5f58e89523fa1f78326cd180b896a4e24d17ce9dc45750

SHA512
0ed3088239a52e8e829bff9338a7664c0ed61b97eb21451724c04f0b6e8dc7ba58e77621b5e7943d48a81ddf2d7ddaedb675eed7376292f6f00237887c53d667

Download Submit
memory/4260-5-0x0000000009880000-0x00000000098B8000-memory.dmp

Filesize
224KB

Download
memory/4260-0-0x0000000074780000-0x0000000074F30000-memory.dmp

Filesize
7.7MB

Download
memory/4260-6-0x0000000009840000-0x000000000984E000-memory.dmp

Filesize
56KB

Download
memory/4260-4-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4260-3-0x0000000008900000-0x0000000008908000-memory.dmp

Filesize
32KB

Download
memory/4260-7-0x0000000074780000-0x0000000074F30000-memory.dmp

Filesize
7.7MB

Download
memory/4260-2-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4260-8-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4260-9-0x0000000005960000-0x0000000005970000-memory.dmp

Filesize
64KB

Download
memory/4260-1-0x0000000000D50000-0x0000000000F28000-memory.dmp

Filesize
1.8MB

Download