hxxps://stingray-app-2-i3pkx[.]ondigitalocean[.]app/Wi0n010B00Er00100dd020/index[.]html#

Analysis

max time kernel
147s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20231128-en
resource tags

arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system
submitted
29-11-2023 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stingray-app-2-i3pkx.ondigitalocean.app/Wi0n010B00Er00100dd020/index.html#

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1156	msedge.exe
1156	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1556	msedge.exe
1556	msedge.exe
3848	identity_helper.exe
3848	identity_helper.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1964 msedge.exe
1964 msedge.exe
1964 msedge.exe
1964 msedge.exe
1964 msedge.exe
1964 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4980 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4980 AUDIODG.EXE

description	pid	process
Token: 33	4980	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4980	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1964 wrote to memory of 2904	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 2904	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 4548	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 1156	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 1156	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe
PID 1964 wrote to memory of 3996	1964	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stingray-app-2-i3pkx.ondigitalocean.app/Wi0n010B00Er00100dd020/index.html#
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b80c3cb8,0x7ff8b80c3cc8,0x7ff8b80c3cd8
2⤵
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
2⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5060 /prefetch:8
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
2⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,3984978618630005789,5724553347793622444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5488 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1904

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e747eaa74130c161ac1176dbd608920

SHA1
a64741bb05f85d3dde1c7e83f49e70dac475e774

SHA256
fd21fc821941a71cc892e19791ea83e15e48366693ce6f4c5b9ac800ad078c13

SHA512
4cd7f2c595870e1901aa4e150ef428ed49bececb9ec812c3c01c11240d8fd0a44b6e0a79a8149c2e97f97ca6c84bf5d38f52a73b58f3ddeee57b90508daec13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
04095f9f70349f32ee3bcd82fe712d2f

SHA1
91d045d8ff1b81e3da09d2475ea7781c855c72a7

SHA256
f3803d81b7c8a9edadb365900315e2e1fc28a3c9c4f461769a2c1a9e7cd64085

SHA512
ef28f4a517b87a375788c5db1e6f583955776c62942f273b6d4aa9553c946fe11d3e2c8513eccbbc3df862ea40a1a8a62c67d81a7404e306f013b79157ced360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5b81061164f1468d393f8afee82a39f4

SHA1
533dcbb55284f7297a1d1c6f0309151a40f12480

SHA256
011d79a6a951d93212c9414a588af47cff1eba38a12147c127a3f4faca2a3685

SHA512
9f5dc2d837ed90cd2dd3b7995e9cbfe57e0b09ef2c0710247cd532ec77b3676e6e24e2d9581cf931c3fad960edb1ca784f892038c88e3a1928c56595b176d6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0d47b4acc5ad7c3c9d214ae7b60489dc

SHA1
9756b2b23740ce6ef22eb9a6f730b174254e4c60

SHA256
177c8d0cf1574ab08a01a2a06aeec61c71a74dc8b3c3ba9ac2ead3713156a361

SHA512
d75516b5ffd7a0b93e6ddde159d4d19f9e8a11c992d75ebadf86b25142ba6e213c0357d16630760ecf95a1eff43cfc2fb8c464ebbf58b1c03de1f40c7b8ac147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
aa7c9fc260c1e7df7540f83e29690b26

SHA1
2745bc03cd58370d663599e1ffe3d41077f9119e

SHA256
844a4971ce90e3d4ce310c60ace3d3c25d0b4630f7e46fbc8c0a0c631fb78cc7

SHA512
5e185536faf389064bbe56bb2cab7aa88a1d787bccf005127d09caf0d5721804eb8f6c2a26e6cdd35c10dbe6e68ad614bee8eeac48cd930357abec8f510df455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
930077575c9f0196bf4dae3147d1a667

SHA1
7e42b5fed0ffc0bb638cc51d9f1a8c5b6ebc5e7e

SHA256
e240d73004050b57a8d89edf62f39b03944cb61e82cd8ec91bf503e6198c15e6

SHA512
be0cf0a753f3230b2c7b7622d5c4ceab99de8e8ab853f7f4f218da5c903edc5a734078f618968a18d65f9c0e029cadf8650c40f2c55ec0092005f30dbac9e1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
fa08066decccf9e92290326c04532777

SHA1
778b58f445b9f4051d8fd5c9b38a640605743293

SHA256
1dde139be7104cf3b585082724cff60d165a6390f2e04685a276e73acf8609f6

SHA512
4a3f5a47e7f244a2884ed05891fa5adf83714f500df59e7969844e16a27a6ddf8c300d07d051426ce921c9f9ad72c364cca8be15b8d71d3be6ac6ae9f07e3083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
07b8de36de233735f3bc2004dac0b8e3

SHA1
644117c0b486fc5c00a1b2368181e852a607cf0a

SHA256
05b5db799955813b5fa47df78d4c7203f772dbb5e20658d0d03fc5fe07baed35

SHA512
5a9713329ddcddf14222a2b49052e94e3f80861a1cdc0b6e42a0a9519f67c54bfa87f0a41e356d660bcff29911812f8f0dd7c40b2f7b440b952eb72d1a9e1730

Download Submit
\??\pipe\LOCAL\crashpad_1964_OMTDUOWHUHGYXZEF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit