0f65ace9a1a0866f0b418e2b820aa183ba1e8efed6bc3eedf51be95c8fcd5818

Analysis

max time kernel
150s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Size

20.8MB
MD5

40c2296bb73cc933207be149d1ad97b7
SHA1

7c2c9f91e6d21410a37603cdbe46a2fab34b76e7
SHA256

0f65ace9a1a0866f0b418e2b820aa183ba1e8efed6bc3eedf51be95c8fcd5818
SHA512

088c2898c84c5c71278c70671f4b91d9e0de2fb612f4e766f5ed66ee3fadbde9184361d55d863a18239f09f11a9a6e78d5d67b24336129080a5218afae0f296d
SSDEEP

196608:r2VVO0Oo8/QwvJffUGvOZPcYyLhBLAe/C06Lnwap63lj:oVO0OoavxvOZPjyzAea060ap63lj

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
37	raw.githubusercontent.com
35	raw.githubusercontent.com
36	raw.githubusercontent.com

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4464_1807271466\crl-set	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4464_1807271466\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4464_1807271466\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4464_1503229449\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4464_1503229449\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4464_1503229449\manifest.fingerprint	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\shell	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe \"%1\""	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\ = "URL:com.kesomannen.modmanager"	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\URL Protocol	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\DefaultIcon	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe,0"	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\shell\open\command	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm\shell\open	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ror2mm	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2432	msedgewebview2.exe
2432	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
4464	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3500	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 4464	3500	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe	90
PID 3500 wrote to memory of 4464	3500	2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe	90
PID 4464 wrote to memory of 4688	4464	msedgewebview2.exe	91
PID 4464 wrote to memory of 4688	4464	msedgewebview2.exe	91
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 4512	4464	msedgewebview2.exe	92
PID 4464 wrote to memory of 1296	4464	msedgewebview2.exe	93
PID 4464 wrote to memory of 1296	4464	msedgewebview2.exe	93
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94
PID 4464 wrote to memory of 1932	4464	msedgewebview2.exe	94

C:\Users\Admin\AppData\Local\Temp\2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe"
1⤵
- Checks whether UAC is enabled
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=3500.4960.16325775990067044212
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4464
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffc38392e98,0x7ffc38392ea4,0x7ffc38392eb0
    3⤵
    PID:4688
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2
    3⤵
    PID:4512
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2120 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
    3⤵
    PID:1296
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=1824 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3524 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
    3⤵
    PID:3260
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    PID:5016
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView" --webview-exe-name=2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord.exe --webview-exe-version=0.5.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4572 --field-trial-handle=1776,i,11421592726588746712,8198859361016740406,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3536 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
d55fb912233669fc71031cabd4e128d9

SHA1
72d99630874c9e7a37f1895ec7aae7aaf4df2b48

SHA256
a2d6cc41b34ee21658d3a76b45009fc013e1847a6bf65221e06daed1256c65a9

SHA512
0cb595329852b10944687e6f01bef175bdbec86d344702cd813ce74bfaeeb7e274f815d09768bdab923783a5a6a9cb250dca1d46b7e9517803a95076d1595191

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
1ce3e860e55ec507436ab79962ec19b6

SHA1
0510fc47135ea076662193f9970695d636f3d343

SHA256
b69cf482848ad179cd22b9239de93aa55a9921e33346b6fd8d5f30b533bb0a17

SHA512
2c48f968e63a1a5e46facfa95028f0269c0d7c5eefbce7c1dac8879cfd739d8506f3c99bdebded6da8dca318a617c947f1b398506b2a5e1c5c6bab8dd9d51931

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
232973c7dfab16b282fb887d71893abf

SHA1
8f5ee4102a54dec737b65dd0e5ab39395ab32d24

SHA256
a2416bd7d264223713723a425fc031c8def424f48c8a97f40b00f9408a28cf4f

SHA512
21cc0e3254180fa70941877bb337ad5b0fd2c3ee2185f656c9ee9c5ca4cdd923ec95faf556a5815eaf619843672cc5e98dc56316dabc341ad1d055ed1e27404b

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
52e37404ecb41121b4c6505297e210d1

SHA1
44aecf14a26da41adc9b71fa49baf86c8bf9614e

SHA256
148023a54d9e3e8b5f1e1ffcbc545fe8f398f6a77bfe998fb96969abe2d72e9f

SHA512
a25a2c9f4e61355841de7dd4beaf296a4e32b7471d30cb9eb193208d6e25596691d6b1c600d669b29f84b89badd18a64cd667289b2c029a732e38ff8a0dab555

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
2179c1c44e1c6f56058249fe8eb34b38

SHA1
40307158aa7e7fa91580ec043345418327493c7a

SHA256
b339c075358c259d3ae7a54bf632e53c1007fb59c6cf7ead815e415e84fff20a

SHA512
2c8e7d4fccb0359913c93bd65cf6fd2c1cd2ae7953818dd6b2c9a60acc2c529da11d08926bc9b5fec4610c19c2f9575f5acd00a23eb6ee0a9684aed6d734d366

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Preferences

Filesize
6KB

MD5
dcda30b95ecabd7ef71a18a260dace2a

SHA1
8d305be6a79b892fbf36610e3e3ee9d29525e25c

SHA256
5cf36896b3cef2f18b27067935adaa307cb4c19d14a9099d617d9c73aff4938b

SHA512
e0e0235d92cfeff0533ba23c4cfff50cbc23b7c41bdcc0affa3b44105863898b8189e1088c1a175a2e16e82e277546306cdae1f860eb0a13b791a8e203fc1c32

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Preferences

Filesize
6KB

MD5
1b355c030c559d0443659af50b2d5bc5

SHA1
1e50bcb5908c9a4a24e32e55161d35ed4e45d4ed

SHA256
931f482083a92534141a57deb3802c99a913dc7d30d67775d87123ee47002166

SHA512
7cf90b8f94cec48c372b4dff503747e0c24348a064b2e3691a7554d0818f1f7f9a237645b99c556128a754625d2fc5cbdb6335ada3c74b40b89493bdcf93be6e

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Preferences~RFe58e087.TMP

Filesize
6KB

MD5
f53af709f649b45b08e592d2fa8faa08

SHA1
de9a36a8f03b6b3763e6a08dd5ef97ee12fe997a

SHA256
e5e5a696c9a8d605e3ff6e16555ad36f10dc0d391287a89e343e885a4af3512f

SHA512
47096c558a260deff1a5339c38a7cbe411c5104aa6fc1f14f031725d5031a59bb0601aaf5ef5073c99177bd3d87cad08c115402c074ada7fb470622b1fe600fa

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Local State

Filesize
2KB

MD5
4c305812b9941f0d0e163a1d365cc96e

SHA1
3be2b0f0197f43e45f0139bce2fa9667cf97a738

SHA256
fe70cad79ad6b4bba11dcfb888954b46156ab03e7bffda6b75a28569a645187f

SHA512
c70185c660307ee444d49e1ac7cb36a0d3ef5d62a22d328c6e5505797d630189dbbf683de25470f03271083eaf3078aedad97d3d8902e175f9c0293d9dd65399

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Local State

Filesize
3KB

MD5
8909f73ba67c7d9f7e5e0716ab5d7df7

SHA1
f6280a40e3447990f197e5e85586516dd4e3347b

SHA256
75d90e643603418966a1dfa5fc1ba7b8c6191bb22a3df274505848b02148cfaf

SHA512
cb3c52a00cabcd7f538f909e4f2b9752ce6aa4359fd2bb038b408dcc8cee470549f8496ec91860f8ea431aef4bf68f2b3c34f4e991f1b2c8550e610fad32d584

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Local State

Filesize
16KB

MD5
3274f0b476ede7406b50d3edea212d1a

SHA1
def0cf0472152a57b7ba1c0406660085c86fab8d

SHA256
c5e1c585e879d39715c684e8a0f021c2982f70765a64f25dc839da7016abf8f1

SHA512
e55ab4a467b5200deaefb44b6c1ce3f991df6fdb7b2b738a38c19c4c918e850bfbc034e95c74d05f3257c8af2a6b8d2bfd5e2bea52a65d454c738b83b1c6c6df

Download Submit
C:\Users\Admin\AppData\Local\com.kesomannen.gale\EBWebView\Local State~RFe584198.TMP

Filesize
1KB

MD5
afa6cabe2d951d994d18df52bb9d0c16

SHA1
8399d7004e4a51ad0a3674cf4fec1968d221e6e9

SHA256
f7cb08ee1c2feffa32efdda1aabce55e69a9bb9ecfb44fae9636c3da25635e52

SHA512
959a9d31071e056202c350c5bff47ec0435b1fbb53189a456c0e5c446494b8c947c0de8acb28b28bc90a79f44bb203248d6d3f6403bb1016bec0025cb533d865

Download Submit
memory/1932-46-0x00007FFC5C7A0000-0x00007FFC5C7A1000-memory.dmp

Filesize
4KB

Download
memory/1932-47-0x00007FFC5B8B0000-0x00007FFC5B8B1000-memory.dmp

Filesize
4KB

Download
memory/2432-277-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-278-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-279-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-284-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-283-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-289-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-288-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-287-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-286-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/2432-285-0x00000139D0F10000-0x00000139D0F11000-memory.dmp

Filesize
4KB

Download
memory/3260-116-0x00007FFC5CF30000-0x00007FFC5CF31000-memory.dmp

Filesize
4KB

Download
memory/4512-25-0x00007FFC5CF30000-0x00007FFC5CF31000-memory.dmp

Filesize
4KB

Download