833bb7569d971ac2d273f65cd058b351088da73ea1e434fdd03e4e9b9c2294b9

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff.exe
Size

7.2MB
MD5

0d1b9d2d5b85391e82453781bfe00418
SHA1

726aaed369d012fb875507fe832adc7383d49cf1
SHA256

607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff
SHA512

01b8a86a55da77341fd5b3fec77fd50ca2ba3f235acbd936d869934120c91de3a01575e6aebe550b46704f88b0664de91b797b458d9d8834e8355e9b20b61063
SSDEEP

196608:xG2zS/1s5VsKYNRSWsQPQJvCvHm9EVi9RXUykSI:xGsEqVnQwxQjHmuiTEykS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
1536	msedge.exe
1536	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4428	607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 1536	4428	607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff.exe	90
PID 4428 wrote to memory of 1536	4428	607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff.exe	90
PID 1536 wrote to memory of 1016	1536	msedge.exe	91
PID 1536 wrote to memory of 1016	1536	msedge.exe	91
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 1408	1536	msedge.exe	92
PID 1536 wrote to memory of 2348	1536	msedge.exe	93
PID 1536 wrote to memory of 2348	1536	msedge.exe	93
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94
PID 1536 wrote to memory of 3724	1536	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff.exe
"C:\Users\Admin\AppData\Local\Temp\607edac6bea52a4ed99f07b5670f7896a25770d87e14dbc94d5fdc33145fb6ff.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vegax.gg/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8aee346f8,0x7ff8aee34708,0x7ff8aee34718
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:1408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:2424
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
    3⤵
    PID:1224
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
    3⤵
    PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4826066034140106725,12598654899856114285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7a718f11c9fbe4ff817ee453377bf5f2

SHA1
1bc6841a0be026f841ea83d6fc2bc95202880195

SHA256
7609d3470dd361b1136bf48b660a531a7f67db1e5f8025d070cdf1823f7171fc

SHA512
1a22c98d79b2cd1cb0f07c6426b3322a6dbb1d87d9abaaf538506fe619d530dbc7692d4938248a9518642f4405688ae8970dd1be494f6fcf1e655eb9217112bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
725B

MD5
28148dfed865e2c40b39fdc663dd954b

SHA1
e95ad1787bf0bdca36bc1492c331798e1867173e

SHA256
02b2a823d24c7ca5fd981146f719c45c7c368158768fb2dd5797a6c519b3c3e3

SHA512
334c7f2642d0e728f7686025f796f95af2250685f2910c995dbd527f4bacf53a4fd7375eb7d9d31dbcd3c9395aad0bdf3c845bd1b117dd93135b92cb59049773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
532593484b9c00b285237fbe0fbf3444

SHA1
0ecf25f9690cf49625da853e3926d88147ffd8ae

SHA256
257a1e980e913166d8efdc5a28c780197d90437d9e142c37bb78a0e52c4a2adc

SHA512
2d5abcb14c571131d41f1208d0515d37ef34d52fa3b143626f6f17e5f93d06e4e639a964e1a03f0985f6abfa840346a34bfeee5e300bf4c9b4e57455f7768a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb4b9af09e23022384fcb4b9ffd50e36

SHA1
eab24a4ad16eaabdf55d250c2b994567fa4b2405

SHA256
a7a7150b30e9bab5db57a6d12202c5d83059a7e678a68d72678064fc689a1a3a

SHA512
65c2343b3d616bc62a1a16a7849f0d30d5aa985958c15c37b79b45199c752ac0eb82e653d5d63f0841e391b0dfb93eed81802bbfcdcd8ee5a4398e950e68f6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6b64320a0e49ed84b660d4aaa256024c

SHA1
04f303d8129cdc4e36f1250fa7968ba0206d68f5

SHA256
75f28c470078b9ed48b44b7d0f30de38aafe30e43992fdc2d51cdf784f58a35c

SHA512
c7880c93e8370910ac5dac001f87ad46c1bfa509151a0a9f9b258c74076d5b706c91a1159a1dbeb5819ad990fd0693cc4fc4d7de326fdc3a4447128baab0e23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f230.TMP

Filesize
48B

MD5
a84e1ac09ed58c4956df95fd2a5aad88

SHA1
6fd00df7dbbbb2159f04109dfee79d817dbc14ec

SHA256
38656cdb0e8af53ccb7727cab69fba86d7aa71fa373bcd8ed8002682672ae1e5

SHA512
c65f13a4cf135450f3a9630208ea82fc94ee7c42d5c3b12dc6e538a51000b63c5d9006d6c13c0a509884359cd7d6c82a6295753fc8f2cf135f8d934d32bb23b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e079777a5207ff5dce05243da431f2c8

SHA1
7ab5a97e61fd0e2e66e88f3379a8e116050aa8ec

SHA256
feeb3cb9c7beb5e81c10b6513f6e3d361b3dfa54d6658e5fa2c114b1efd1f623

SHA512
efc238a9011681f3b50665c33598c855362613883fb2478d181dc59e14b475f9a841c437f24e9f033bc5db4a7fd7dc0f4052000c60f8f5457a2a65f01b22c824

Download Submit
memory/4428-4-0x0000000008A50000-0x0000000008B0A000-memory.dmp

Filesize
744KB

Download
memory/4428-3-0x0000000007A00000-0x000000000832C000-memory.dmp

Filesize
9.2MB

Download
memory/4428-2-0x0000000005480000-0x0000000005490000-memory.dmp

Filesize
64KB

Download
memory/4428-6-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download
memory/4428-0-0x0000000074720000-0x0000000074ED0000-memory.dmp

Filesize
7.7MB

Download
memory/4428-1-0x0000000000580000-0x0000000000CC0000-memory.dmp

Filesize
7.2MB

Download