hxxps://japediu[.]bio/csDkT

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://japediu.bio/csDkT

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeWINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

5804 WINWORD.EXE
5804 WINWORD.EXE
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

524 msedge.exe
524 msedge.exe
2316 msedge.exe
2316 msedge.exe
3400 identity_helper.exe
3400 identity_helper.exe

pid	process
5804	WINWORD.EXE
5804	WINWORD.EXE

pid	process
524	msedge.exe
524	msedge.exe
2316	msedge.exe
2316	msedge.exe
3400	identity_helper.exe
3400	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

WINWORD.EXE

pid process

5804 WINWORD.EXE
5804 WINWORD.EXE
5804 WINWORD.EXE
5804 WINWORD.EXE
5804 WINWORD.EXE
5804 WINWORD.EXE
5804 WINWORD.EXE

pid	process
5804	WINWORD.EXE
5804	WINWORD.EXE
5804	WINWORD.EXE
5804	WINWORD.EXE
5804	WINWORD.EXE
5804	WINWORD.EXE
5804	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2316 wrote to memory of 4652	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4652	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 4200	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 524	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 524	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe
PID 2316 wrote to memory of 3708	2316	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://japediu.bio/csDkT
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffe778c46f8,0x7ffe778c4708,0x7ffe778c4718
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1460 /prefetch:1
2⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
2⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
2⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
2⤵
PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\MountTrace.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5804

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
ee594570dd39bf9615f28ee22bba15af

SHA1
1b12739b1276d03e50346821270a59579fd0f57d

SHA256
53014dc922704f4541c08e4ed1caa1b0382ee4886ff72424fe036caefc524f63

SHA512
f820bb3aa581f1aa9724d33474369e78385bbe76b2603ae8d17858f8c293a796dc303a619797b8c0332c230c008d373cdd577a6a9c5a70b1f357ae8ae50355f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
944B

MD5
24fd16dd4bb43b47fdcea604d4282e08

SHA1
9b3d3a52eb9a1bc85f49f8f3d3aed5110533aad0

SHA256
36f9250f6d01b3165a7d3757562575c68329a0110fc9af49f4b4eaf87d19abac

SHA512
dc0278f41944924684e7377440b09df71c06c0fd57645c9bed4056217e49d83975cc00b38dc9650d6ffa0d04d7c16a80b62a7214727ce1522a0d42d8fde38660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5845b16c044040db9a6f8b3c3c7a4a37

SHA1
a80c11f426cec57d2dfbf8a4200158c314e7fcff

SHA256
e121ca78bd459d0dd1c9a70697603ce6ca7584a9b7e859fda98787a5a11ca6ff

SHA512
0ac1f0f69182027479f67e750b7e403ad8ed574b5eade57a65bda74fdc4ba7c5eff220c68d800cc84215de917e2c6e776d3c8c7431878c5e6fb5c0cb55ced3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1dc17a1cdcbe95ec36ec42f0df0210fe

SHA1
0433a5c348a1263ccb0f3b95bb33a9acda8e4a57

SHA256
f9126950435ee0230affbd944cdea3711cc4300eb9e7efa1b67b6feaebc885a0

SHA512
20c43f71e117165d2092e1ec38822635c7aac69128b2c98d5bf67435a2391416805f74297d6b9b47ab49624a25c9d6a15b7b5150be6d307f1d4acd899bc9dc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
817efc7aca83ccf219d9b4969bec6e9e

SHA1
b268da9de0488c443029e30460a3ec3c367f4c83

SHA256
19d7526e1f156b8471cb4c2ae5c9955c93b23e5201b079b81b888df304469dd1

SHA512
5bfa092450e4a5235045be2a3b656fd030613845fb98eacc366aeb0cfd9767c9bbb267a834671d0155ecc1522ea45037f044ae7a18111b722b93f2b8a53c3eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
a6b6da5fcbe615b7c30e0dbb53f32324

SHA1
8beb86edc3ea3aa380ab2ddc657267fc13a9ecb5

SHA256
32cee179843de179dc901b8274f890fcc159eb68c4b59bcc0cf0d05fb2f3c303

SHA512
44ec5fc51629c6178b4de2b08d16ee4c310bd2bbde155e7e64b82c0576427ae082273a6134d3f29b4695cc03c1dc3511e6f47818492bd6668c48de5a791bf5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
86bbc7e26fd29e0680c0728ac26b5aa9

SHA1
53060f77d941da4d9b0bf76b830dc703f93bafcf

SHA256
d3171ddc05200d72d7b7cb676046bca6b130876b3690e472e7021669af81e49b

SHA512
0aea02c88f09d50c4cef64980a7238a54290719b8b10e995aa6f2f4704eb5f6f20e5f57d9380b49800666edfc9cda8302ab1a3cb5e007e0eb6c5d27500799260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
9b0c14a5de0014b00dd0b15436ac4ade

SHA1
55aac728d45ab1b9bab02095549c02f4d2063e3b

SHA256
83bec74227e0279d8f57bd6533fa2b1dc665c3ba8a58f3e8e0d90a75099fe001

SHA512
d0d9a00c242547122c79cc610e78579d2b01a0f37ede89fe837fcc4d6d2ea60553ad7778f99128c45056ecc1b5f21a68f1a1c88af434b5b60161ed09a26a2d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
ce64c877da2b7e16a6899c201f609dfc

SHA1
05b1ca12c8ccecafec0471340cc42efe3d8cebca

SHA256
cff7934254db354c407d209972f7d7e0a85a33c50dafea14fa8333223b5684f6

SHA512
8b01ef9f1ac45c9bfff73c73e126f831a32ca45f1161048dbd49dd2b400b7c2337dce76d731e84b77fa014e5b91e8950afb5b14ac1c57c663909399ff40350ed

Download Submit
\??\pipe\LOCAL\crashpad_2316_LTBLPNJTPXAKSEAL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5804-231-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-237-0x00007FFE44440000-0x00007FFE44450000-memory.dmp

Filesize
64KB

Download
memory/5804-228-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-230-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download
memory/5804-232-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download
memory/5804-233-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-234-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download
memory/5804-236-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download
memory/5804-235-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-229-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download
memory/5804-238-0x00007FFE44440000-0x00007FFE44450000-memory.dmp

Filesize
64KB

Download
memory/5804-227-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-265-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-266-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-267-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-268-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmp

Filesize
64KB

Download
memory/5804-270-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download
memory/5804-269-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmp

Filesize
2.0MB

Download