hxxps://emortalityclient[.]ru

Analysis

max time kernel
410s
max time network
416s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://emortalityclient.ru

Score

9^/10

evasion

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	java.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	java.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	java.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
152	discord.com
153	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2592	java.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	java.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	java.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{FBD36394-6B84-4E1E-ACF6-D8BB62ECEC5D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
1392	msedge.exe
1392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2532	2892	msedge.exe	112
PID 2892 wrote to memory of 2532	2892	msedge.exe	112
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 228	2892	msedge.exe	113
PID 2892 wrote to memory of 4720	2892	msedge.exe	114
PID 2892 wrote to memory of 4720	2892	msedge.exe	114
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115
PID 2892 wrote to memory of 4332	2892	msedge.exe	115

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://emortalityclient.ru
1⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4088 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5804 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4720 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4876 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4888 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:1052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3888 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4900 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5932 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6008 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
1⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6328 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6700 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffd3b3c2e98,0x7ffd3b3c2ea4,0x7ffd3b3c2eb0
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2208 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3152 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3496 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4632 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4748 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3836 --field-trial-handle=2212,i,1368472863442276769,1289148611625067453,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ЗАПУСКАТОР.bat" "
1⤵
PID:4388
- C:\Users\Admin\Desktop\jvm\bin\java.exe
  jvm\bin\java.exe -jar NightWare.jar
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Checks processor information in registry
  PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c09132f63f35c25d2a214a1d2c32d0a2

SHA1
472cff6a955ccbefce499a2328ae772961bc7c71

SHA256
135db7a53ca1dca3fccec2e33af3b0b62bb3ecf1a73ca1596726b223b16ce1c4

SHA512
cab1e2d23ccefe768b71c8b45604e9c4a783784fcf9f2884e1a4ef6d62fd26ee27c1fcda315fe613c982e9821a7f0226acf373e357416e80c6ca880d900564fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f3a7f6a671ddee990b47df8bed96cbb2

SHA1
322139413e6fe73bce8faf6de9e3ef354153c6cd

SHA256
7dd1965176edfcdb02eb818f221bb42f251b1bdf8a4921cdf0c42e2196477de4

SHA512
263ab7c4b6de1a915e620df59e295720dfd37ddaf8627c5709958c40a2ea52132853613e308f662ab8a2166d8649973c9a0144f0fa1ac677f2895afabd8ef5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
911d1c31c74367243ae82e63781522d2

SHA1
9398f4a93230e49c29751d70d80df8c243d29785

SHA256
aacbff8b9526b2ba3fc3f39327e77b3a2acea4e26574df317f3679f86bbcad0d

SHA512
38933ca4ba051856d8aa38a43d1c3b94618bb9e0a8775fd583dcd752bae8a6c0991e7f873b995635027e9495734c0baf0f705e06923a2f6487f53fbe110d77bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
a6edfab800bb4a20866bdc8deae54d16

SHA1
28a342db75a533917f968b7191fd1ef30664c9b8

SHA256
7a8f70e15daa0d1e1677a8625f6dc3355191d46452bbdb1972d6a391056211bc

SHA512
8386c9b9c8eba09f10aabb73dbc11c68e099ed95edaeb318899bd4aabeb599dfe122a857596b8d76ebd81f28e9796eafb86fd3275b4bac06af3d6462e61d528c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
59KB

MD5
b22a9705db9a304ec082efa9913bb162

SHA1
c4a0332733fc13b35f68efe50f4817c383e470a4

SHA256
8fb8e25593392910558fb0c6c13ae92cba9acb3ff1538f94b730bba858f951ec

SHA512
40df9af4572a9a17d6f8672771141e4b0c51c636bb5e96f3e8972fd5144f8a0486f5a31efdce3fb0b8c5dd338b84ef0e799f5189488ba2947645c3b3b2a0dd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
b8f760ae183793d87849230e6cbb3a03

SHA1
37c503b4295752836ee8abfb9c2ac86f5caf171d

SHA256
b9dc04b8d7f80be3872380dc24140f00df21dd669bf2b3df5d2cf8c595e4e837

SHA512
48ecb6fb9ef2baeba766789798236c666e07602e335c22e5eb7076d59e4c2b44886d811b962cd49568a2bc210178b61bfcd505834eadab6e01ec6e4a1e3611b3

Download Submit
memory/2592-150-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-153-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-147-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-149-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-151-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-152-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-154-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-148-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-173-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-184-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-188-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-189-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-190-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download
memory/2592-191-0x00007FFD3BBE0000-0x00007FFD3DBDA000-memory.dmp

Filesize
32.0MB

Download