Overview

overview

10

Static

static

3

HawkEye.exe

windows7-x64

10

HawkEye.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    89s
  • max time network
    92s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/03/2025, 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HawkEye.exe

  • Size

    232KB

  • MD5

    60fabd1a2509b59831876d5e2aa71a6b

  • SHA1

    8b91f3c4f721cb04cc4974fc91056f397ae78faa

  • SHA256

    1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

  • SHA512

    3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

  • SSDEEP

    3072:BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD:BMh5H7j5g54YZKXoxOuEEl64HZAi

Score
10/10
chimeradiscoveryransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Chimera family
    chimera
  • Renames multiple (3251) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 26 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HawkEye.exe
    "C:\Users\Admin\AppData\Local\Temp\HawkEye.exe"
    1⤵
    • Chimera
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pm60e3dc.default-release\YOUR_FILES_ARE_ENCRYPTED.HTML"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "file:///C:/Users/Admin/AppData/Roaming/Mozilla/Firefox/Profiles/pm60e3dc.default-release/YOUR_FILES_ARE_ENCRYPTED.HTML"
        3⤵
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x30c,0x7ffab5bdf208,0x7ffab5bdf214,0x7ffab5bdf220
          4⤵
            PID:5852
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=2652 /prefetch:11
            4⤵
              PID:1328
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2584,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=2580 /prefetch:2
              4⤵
                PID:2756
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2140,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:13
                4⤵
                  PID:1244
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
                  4⤵
                    PID:5352
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
                    4⤵
                      PID:5312
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:14
                      4⤵
                        PID:4592
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:14
                        4⤵
                          PID:5920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:14
                          4⤵
                            PID:2232
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:14
                            4⤵
                              PID:1028
                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                                cookie_exporter.exe --cookie-json=1132
                                5⤵
                                  PID:5124
                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:14
                                4⤵
                                  PID:1476
                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:14
                                  4⤵
                                    PID:5848
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6044,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:1
                                    4⤵
                                      PID:5604
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1608,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:14
                                      4⤵
                                        PID:672
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3704,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:14
                                        4⤵
                                          PID:5596
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3760,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:14
                                          4⤵
                                            PID:4572
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4812,i,6021965574426300140,14429118134680148301,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:14
                                            4⤵
                                              PID:1756
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                        1⤵
                                          PID:5432

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML
                                          Filesize

                                          4KB

                                          MD5

                                          67ffda22a543e3043972b26a43b622f8

                                          SHA1

                                          c65815e7ba2ecde6a567846f7e98639d0a2a7e0c

                                          SHA256

                                          8a3027267193928ef6d3f99d354944a0e9b4b3859a4413f4064a39311109ad33

                                          SHA512

                                          58c3d17af8157602ae6cf18defe72ecbfdfa73e9bff965584962a915f498dd1cb2e287e6b4725d38476376f280fa518e5296d58a5e5f15b381c272e0de043873

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          280B

                                          MD5

                                          509e630f2aea0919b6158790ecedff06

                                          SHA1

                                          ba9a6adff6f624a938f6ac99ece90fdeadcb47e7

                                          SHA256

                                          067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b

                                          SHA512

                                          1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          3KB

                                          MD5

                                          8a032daa4b6d29bb4ff95acfe95e5b7b

                                          SHA1

                                          556aadda534576699e3f7c16199e250cf56b00f0

                                          SHA256

                                          6d46fea8514c66412a79bf8af4b81dba23a6f875978c304c6f424772e587cf73

                                          SHA512

                                          6539888f9bcc9857a806f58ef1b4c6fee67edc5f7a879bc2271e903495b9026807e9db4a73712992ea348758e0200306f52270c40c9f2f980205b7b6674a70f0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58c05d.TMP
                                          Filesize

                                          3KB

                                          MD5

                                          7720bcc243709b4a58837811380cf490

                                          SHA1

                                          c9659eb626bfce3d0cf177bc584c535aae5f2c40

                                          SHA256

                                          3c9d67d82180f4c8b5343b9f642cc81185e7e47704e6b095646fe277b72207f1

                                          SHA512

                                          f686ee772e05014d268074994ba7bf59b788628b8b82f82c068b25ef7d1b6ade47921029570b58b3e15b5df1e7215d0c732c08c0c20725aa75dfbb96cb2643bf

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                          Filesize

                                          2B

                                          MD5

                                          99914b932bd37a50b983c5e7c90ae93b

                                          SHA1

                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                          SHA256

                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                          SHA512

                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
                                          Filesize

                                          41B

                                          MD5

                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                          SHA1

                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                          SHA256

                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                          SHA512

                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          46295cac801e5d4857d09837238a6394

                                          SHA1

                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                          SHA256

                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                          SHA512

                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                          Filesize

                                          107KB

                                          MD5

                                          40e2018187b61af5be8caf035fb72882

                                          SHA1

                                          72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                          SHA256

                                          b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                          SHA512

                                          a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
                                          Filesize

                                          23B

                                          MD5

                                          3fd11ff447c1ee23538dc4d9724427a3

                                          SHA1

                                          1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                          SHA256

                                          720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                          SHA512

                                          10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                          Filesize

                                          40B

                                          MD5

                                          20d4b8fa017a12a108c87f540836e250

                                          SHA1

                                          1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                          SHA256

                                          6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                          SHA512

                                          507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          16KB

                                          MD5

                                          20ae5a0dce2ae582d48a085845a0be43

                                          SHA1

                                          af4faf031f5d6b9b8e50a9c9c393194ec343d2fd

                                          SHA256

                                          4c8d0b81b727c1ba20a51dc45e66d96baa928948d522c9f47afe4eff6b6d9eb9

                                          SHA512

                                          e65ebc164c6a72578739a7b44e5a77056d16cc291b87ddd79af7e96b56bbfd3f773d5d9af21e77ff314f58cc34a3d8de1c913142d6c54b9366d4f33e4d1c367c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          16KB

                                          MD5

                                          54c404a22169954f1811d0f3c2454aa4

                                          SHA1

                                          68a1425a98ccb74420283f046b2a7c7a0c7b163e

                                          SHA256

                                          f4dd3bb630afed266237fd94fd0866f8765e42e7d1c4b3b9631f2958f514f115

                                          SHA512

                                          b36913cd72cad09eebfb76c6d9a4adcc096c0be85d483361454ab16935a48037978ebdafd9e490ed12f93fa10917f982f80a59e073fad65c73ad84506b2852fa

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          16KB

                                          MD5

                                          57daeec51cca66dccb7ea29fd0c98921

                                          SHA1

                                          2b4c71e11de9fddc0607706789d4a95c491aac9a

                                          SHA256

                                          c3652e7eadbb77053d95fbc5038680ca16d560f58622c40453c951ac46c63d26

                                          SHA512

                                          93ac56e7540c950cef4623d6644da694898258f54dfb09df051d5d0eeddcff060ecd1269c8803959e849ab5880296bd77f7079c737e16c94dc8c3a5eee2ba243

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                          Filesize

                                          37KB

                                          MD5

                                          81ff285ce3b7592f2bb5871d58225b98

                                          SHA1

                                          1e5bdb70a75820d7fef989e2bfb3a830ca4cae59

                                          SHA256

                                          0cc1e99eb4dfbeaa2f3e3a899db0fe6733a4ce9af9437e5fbb5684894ded479f

                                          SHA512

                                          66ef378ceaf6b196c949519eb0c29e15362a1f9a5db71d9d8545425a14385134e1a1675139656b9e10120c6a82247717d16bb11048b313a4e77ac342ac6a462f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                          Filesize

                                          72B

                                          MD5

                                          9c6c70d0c755891bad57cdd7a9838092

                                          SHA1

                                          728a9b0567a4d628d19c72f11b0650dc0acc2cf0

                                          SHA256

                                          efdfafee91281e7b892568808a72f42c698d403162448dc44cd3f700a46d6db5

                                          SHA512

                                          26f5ff8801450144dc5b91849e0db212b70a7b1c524f55359cb224dd8ccd3a17e4fc72464f63b22038ae6ae69783f3ef80646670359aa1e45c5a48c6ad3b3185

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d220.TMP
                                          Filesize

                                          48B

                                          MD5

                                          ccf8fa775777e15b9d7f76cb2bf42d36

                                          SHA1

                                          cf459fe647c37d76926f38abb120e2afb69ec220

                                          SHA256

                                          5943ff489621a165e7c67a5d39c5e222be446cafe3887a8fbf56da2066257e62

                                          SHA512

                                          f0dccbef7ad5ba7949210a55aed8425b611041c21677b91a5461b82f25ec5a7c3b872b0391ba1bf52a05b5c3c219358270a6a3c833109ff5ace74227aa2236c1

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                          Filesize

                                          23KB

                                          MD5

                                          dae0abc25e2c82bbe89e35957e9882fb

                                          SHA1

                                          a8552023d1f7f165de8d51127ae57784afbcd9e9

                                          SHA256

                                          576f9b1f2a8674252064cfd75a0e71685ac5cdc21717729b3de50894ed36d4c6

                                          SHA512

                                          60a244b9bf50cb8ca93978fbece93ab4d896b49fd6ae65cbd07b1cce1cbec22b119fadb3f7c81e7f8c8b70fd65611b028ad057fdb2512a9bf01b269647ef9347

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          50KB

                                          MD5

                                          7c76845c679eec8208659f0724ab65ca

                                          SHA1

                                          76c1f301a14663fe61daa89f33f159bc80c2e38d

                                          SHA256

                                          4435518bd1ca37abf63ce570be7b73e74c823138d9792b4a16af47828c9b9ee6

                                          SHA512

                                          e21c0617d3d0918a01475e2dd22b50abb16f012aeb10415a53893d5addc925ea9fc58e1b90ffe360e510743b90c2f0e4a67ebdeeb3fa87cc47d42f14d280b633

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          41KB

                                          MD5

                                          a54cb380c2d30d2c873e1f0b6c7795c4

                                          SHA1

                                          6e5b418b7b9525b56e8f1b33089b3d336d9706a7

                                          SHA256

                                          371b4086b5fdb515b190ffdab4053cbb42f1a1cca413611dd3a138eca32bb9e1

                                          SHA512

                                          3c1e81c10649cb28e413bb784edbcfdcf9a721bc79402d11690039d51d74e454bb09ffadab949bea2c8970abeed8a58b90d37ab9881f319064cfd62ec120903d

                                          Download Submit

                                        • memory/1336-9-0x0000000005120000-0x000000000513A000-memory.dmp

                                          Filesize

                                          104KB

                                          Download

                                        • memory/1336-3-0x0000000010000000-0x0000000010010000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1336-2-0x0000000075360000-0x0000000075911000-memory.dmp

                                          Filesize

                                          5.7MB

                                          Download

                                        • memory/1336-1-0x0000000075360000-0x0000000075911000-memory.dmp

                                          Filesize

                                          5.7MB

                                          Download

                                        • memory/1336-8-0x0000000075360000-0x0000000075911000-memory.dmp

                                          Filesize

                                          5.7MB

                                          Download

                                        • memory/1336-0-0x0000000075361000-0x0000000075362000-memory.dmp

                                          Filesize

                                          4KB

                                          Download

                                        • memory/1336-600-0x0000000075360000-0x0000000075911000-memory.dmp

                                          Filesize

                                          5.7MB

                                          Download