2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9

Analysis

max time kernel
145s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe
Size

6.8MB
MD5

c31297188ec9fbaa60449f769339963e
SHA1

8502d9e0cef18137529f0a46ad6e69a1577e6cae
SHA256

2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
SHA512

9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a
SSDEEP

98304:R6DR4dluF+W6hP9vBLhuWF5DWLiiyru97:gDR4dlzh1/TWL5yW

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ca33b3f7-6770-48b0-a459-8928d2a57b7c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240428101708.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4452	msedge.exe
4452	msedge.exe
1244	msedge.exe
1244	msedge.exe
3604	identity_helper.exe
3604	identity_helper.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1244 msedge.exe
1244 msedge.exe
1244 msedge.exe
1244 msedge.exe
1244 msedge.exe
1244 msedge.exe
1244 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exemsedge.exe

description	pid	process	target process
PID 728 wrote to memory of 3840	728	2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe	2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe
PID 728 wrote to memory of 3840	728	2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe	2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe
PID 728 wrote to memory of 1244	728	2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe	msedge.exe
PID 728 wrote to memory of 1244	728	2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe	msedge.exe
PID 1244 wrote to memory of 464	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 464	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 3212	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 4452	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 4452	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe
PID 1244 wrote to memory of 388	1244	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:728

C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7feb388c0,0x7ff7feb388cc,0x7ff7feb388d8
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
3⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
3⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
3⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
3⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
3⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
3⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
3⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8
3⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff67a535460,0x7ff67a535470,0x7ff67a535480
4⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
3⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
3⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
3⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4880096880b1f0434582d6222f6d8a85

SHA1
d6a05587f3a788f2ed886701219058e59c8703a0

SHA256
7c29ff4214c40ae73d6cf1433498806ab3fd0260cb261385ba16d4e1a0bb43ef

SHA512
53ade178f5abe25af3976f6c17c4cdead2347e663407c7327e1ccdcb718a4662b1c40c96758f84bdf865fde15ff9b5c24cc4a83199e6035644e57d3318938a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
280B

MD5
1cfd1ca79fd1548818005ba18fdac227

SHA1
4e59aa18e541c586d7925d3053a4194158960af9

SHA256
793340716c117d57f0bfa69817fba2a3ec1cac948e08215d77696268ec37d6f1

SHA512
3f2a4413554bcc74a2af7f1dff338d76021241a4af5e49ab83d1eef457c84f15b03b0a721d5cdb008b52e1847255b119c486da444abc29374fb034eb14d33525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
280B

MD5
1d5f0f39d2570f66ad817f241f466132

SHA1
4c1f46009869b82c5c1f0e936b3ce80fecdf0e94

SHA256
9874d200a801357910ef4568ab2d11dcface4f37f147770802dd4703da5c61d6

SHA512
209b831bad032859a1e7e229398ea6307e6fc712857a1d0a71218fc66462b94554ff1cf8beddd89b0e65a582005e1ee64b051db8e5c7c2d4f50546e57a79781c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c35d2c264335f4a369c601807785d74

SHA1
317feb460bcc70c63a9d72505c6ac6ebcf5e529a

SHA256
28096f7703d0f10cfc01000e94eaca4cf537a308a1d340ad49c25b8133b169c2

SHA512
684e085629fa6129027a7836f3881b039236d170e4cb549f7e59593928557e0cc3c2d287d6312809fae062dbd1a282c3fb6c2b8c463e34ee927d7a27643d55e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cfc5eb6ab3acb7ef4a0ce6ce86032fb5

SHA1
b1358e94f4820e267dfc4f398904ff5614f49853

SHA256
d66c9bfeeab6ba9244f587f1420a52b1909f90271bb5541f31d8fd9af67e740e

SHA512
78b81091c52aef93c1cb0bcaaa912e0a731df6e47f93d12c428cfde95d5bb47c2f988f2c20355531ace52a9322809bae27dd976ae63bfb40aaab8d4a65be2406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8e2a8097697db11c32adbae4e2efb370

SHA1
50c1a290546e75669196cef45993499595d7ac2b

SHA256
a663834cc19f19caa6e9136f80e3422b3c3a02960d61eae099e1228be7ac9cf1

SHA512
7d5af42e73fe1180952af6ff8df155a576172efea0dba25e1ea7a67cb073b1c1bdae23e224dada1910cb44b23dc034e3b24e56352d0586cff245487c81fe5f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
736512a8b4c64c305bee9421a2ca1a1c

SHA1
386bd60ca7bfe38d8b160e88244b938256615684

SHA256
0ff3a6493fa73a6e4b5b0caab5b5ee57d706ce2e8c32b0cc96b9480549549049

SHA512
532deca5a0dc69955c6b444ff06a2f22c8b5d83d91cf3a081d4d67e08be483e23c9c714f662b8dc9dbf58edc52f44c987ca398dec1041c58d04506ab9b4cc221

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge_installer.log
Filesize
4KB

MD5
0631c6b55b5cd12be264a74ec8912986

SHA1
60acceb7c047129dec404c734f96b62a1e935c84

SHA256
05b10f9674a9f1bb7eeb4aaf1de8bd6693049b605637d018a6b898006150502d

SHA512
cbca5d0467bb837a1941f927ab8ba7d97bfba1f04a7e5a9ab915035ac0ffbc21d8ce42d049b2feb791df7ab9d2dcd137a09f23ec499d45968fcd23f1b4b38f48

Download Submit
\??\pipe\LOCAL\crashpad_1244_VFDDPDJTGYJCYEKF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit