hxxps://gift-catch[.]com/gift/activation/id=9561943697

Analysis

max time kernel
112s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gift-catch.com/gift/activation/id=9561943697

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{6880F988-9222-4535-9CFA-8F8DC29A5169}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2008 msedge.exe
2008 msedge.exe
2244 msedge.exe
2244 msedge.exe
4296 identity_helper.exe
4296 identity_helper.exe
4000 msedge.exe
4000 msedge.exe

pid	process
2008	msedge.exe
2008	msedge.exe
2244	msedge.exe
2244	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
4000	msedge.exe
4000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe
2244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2244 wrote to memory of 2132	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 2132	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 1768	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 2008	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 2008	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4648	2244	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gift-catch.com/gift/activation/id=9561943697
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7d9946f8,0x7fff7d994708,0x7fff7d994718
2⤵
PID:2132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:8
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
2⤵
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3364 /prefetch:8
2⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
2⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4712 /prefetch:8
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
2⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
28KB

MD5
38a35c7070979fb4c845de40cada43c5

SHA1
b0f804f348b746449e6589b92dff685509737dad

SHA256
fcff4301dc083af2be2b990bb6485e9e06ce9d2b373a7acf8a74f61ea69d861a

SHA512
e7e5b167fa9187ea785be311f43e15f33d51c20e9d07e1e15e3a761a7b6a857b2ad270e3f0e6cb0d85327bc0aa3454646a2b5e040b30edede216e57cc113f089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
a187c396547c8128e0210dbeea653ebe

SHA1
e22f1cadb3c7afa35041e44be1818964a1bca530

SHA256
4840c1c4a760e65aa16c69b730c27e63526f3be5ee0e6af7957aa0b37c03365b

SHA512
b04240ed3156c3d808cdecd7b240bba8d317b59d9029ba3f7a9755fcf1b4c5748b63353dd8d948e5d0de597483181c7414ef88bcf7afda712e8fe284d1515466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
969B

MD5
6ce89c7fe68812d9404ac858a291e949

SHA1
4761eed4c050bbfcb8df3a7a102538f3c65bd829

SHA256
0dceafba58e74204a92fa96aabe7454dbb3d17de87cec5289d495a4e8a00d2d5

SHA512
bb3e36e270c1846dcf609c81921c0f19dd39678d6a387b528224d3d8546ea3b8142bd0c45b8ae06b23c2d9131cc71f1ecee99e9b6dae63006e237e12601a9830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a7ed62b03e9bc51ec051d7a0a13f828a

SHA1
77b7f3c0366c3e995107161e5d48139ca1a7d9e7

SHA256
ac495e7aa1ab74266af250288d0bd0067d99457b11a5f37eeec5bce686be7a95

SHA512
0eee5032536538995d92c4b6a8409882f62de029a9bf73038eab0dada036a565d86de6c6866f666d3a6d87d7c38ad89e4a9c472fb3d7c463c4162b96b8aa48a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
57f78f979cdc9ba56228f4cfd02c3737

SHA1
1161b52326e9da68089f68070039108ddefa2b24

SHA256
eb40bdbe2910de17d9574a482b1c9e93e85b258604d48b61076f57b49438ffac

SHA512
247644b7c186f117b2a62aa5d63863f394ab865ceb40969883068e4c30e8d03f7eed06d4f4c1f149e4ab2672899e8495f38e8378c362b3b1bdb1438ae312e3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
433347577461e38e0188c799d7376665

SHA1
d86bed32ac068afb2cb2135fff7e171b66c26d50

SHA256
093c10164722dfaacc3cb26d95eadacad44a54453f7683987b127ee5cd5d2527

SHA512
85de939b72ea7e719abb3cb3588f99145dad3b921c7785343811983883fde8d6d98fc59ddfe6a99da0de2449a1b877bfc5f8446c4c563255557c7b4873aeec2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d4f063ff3c11073916e523ffb569dd46

SHA1
47781503c56e1357cc3c4ce5847881fbf0fdc0ab

SHA256
3d498ddc619703b11e76f6b49d6af9ea63534c5f547151c777e6a6867d8db725

SHA512
fb7a3ca09df1fc9757c06b8f5ddfc408426c17d54dcdf8ed2cbb6a91409ad781dd762de38e650a6aedf4d5f5048fb56f61164f99f67e79487236c33243f4f6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
30676683614524f3b4a27024e2228a71

SHA1
17c92a6dd39e07bb14bd5d05b5e1e49183d394c0

SHA256
2ae566ffe0ec2c08261537191e456f3c41f7776a63c57af11a7181ac3b5b0843

SHA512
d0a178b43854cfb27e325e0cc27c9de03931d2490ca9633b558cf236bbb2deddfdacd14ee2e8626bb5922c51d841da5eec192f47becdaf727123aa32d2299ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
46ff6e47b3123f77d1ba45dd90fe5f61

SHA1
598e6f5a00c1921035f76eb99aa0e2109f16a500

SHA256
1a0fd5bebe183cccd0235d4bda286618fad41c6f405309d2ba626e45fc84c58d

SHA512
ce36b3c038fb6feca6159217c8c4f19a2e7662d19d5e9a8eda3366e46ff03f181f88fe9556fee3c21ad6e0fc26a6434cc547dcaada2cc78e362ddc8b19daca68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
ed424b14a5eb0f2df578dd0b8e6ea0c3

SHA1
1cfb43cebd10663819e6c44a46705b6ffe0abcaf

SHA256
e220aea47aa5f64be5bd130eb3642be4873126897695493b682661d1665f3c7a

SHA512
31b9a4ecca620037916769ec013cfcd44d249af1e713075a3cc37a9983ab7115c0b3c44333f3c46043a6bb8da7720bc188674e4e11ed209cf3608a3e1c85e0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a5b1.TMP
Filesize
371B

MD5
7613b1c751d3b03f667b9758696679b8

SHA1
c32d0b6974450dd6b5b18ac4ef6713b99700f185

SHA256
41db85f3246cbcf506d3a0ee5ae3d906feac6101138003ae8b3b97b73bedcd5e

SHA512
1b6341a6b1f0539f53e48857efe6e09da642f4391a126b444638ab43d13b562bbc4cffaee923e77aca12a60b1b4e4831ce6aa136d7ed31100b1a2dd2e36ca249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
54ab7b50be60bedf23884a4e22da17a9

SHA1
ee966aeb09112d254ee20e0e8aabf02d270e682d

SHA256
887304698fb44ecac59e2ed94ea3bed6c014de9d97b3f7cd35015b3b39848d7f

SHA512
14b0c8e674dfdf12bc3fd5a6c99f028cb05ced0494dbdae3c8d266c9756765ba155a016e5402fef0bda20eab75ed618a50cea8ea4657b1c733592e044068d7b6

Download Submit
\??\pipe\LOCAL\crashpad_2244_AQBUKOXWDRVGAHAE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit