cc744204664bbe57a739b6dc9ea221a6480c7331677c208b05b451bccd31a102

Analysis

max time kernel
1020s
max time network
1024s
platform
windows11-21h2_x64
resource
win11-20231129-en
resource tags

arch:x64arch:x86image:win11-20231129-enlocale:en-usos:windows11-21h2-x64system
submitted
09-12-2023 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spoof/Guna.UI2.dll
Size

2.1MB
MD5

c19e9e6a4bc1b668d19505a0437e7f7e
SHA1

73be712aef4baa6e9dabfc237b5c039f62a847fa
SHA256

9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
SHA512

b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
SSDEEP

49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4860	msedge.exe
4860	msedge.exe
1900	msedge.exe
1900	msedge.exe
4060	msedge.exe
4060	msedge.exe
3248	identity_helper.exe
3248	identity_helper.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe
2728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1900 msedge.exe
1900 msedge.exe
1900 msedge.exe
1900 msedge.exe
1900 msedge.exe
1900 msedge.exe
1900 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1900 wrote to memory of 1436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1660	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 4860	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 4860	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1584	1900	msedge.exe	msedge.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Spoof\Guna.UI2.dll,#1
1⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffd734d3cb8,0x7ffd734d3cc8,0x7ffd734d3cd8
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5043305942108068070,7383061646288742222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3216 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee2939560b8c0d69124883827cdd26b1

SHA1
b8230d6fa42e20a75f4d1afefd0ba93aefdc3b13

SHA256
bfb53cbb111eb235160480a1d7e6f6aa141a7c17f30cfc0fba1eb2bf8f4c0610

SHA512
634c4a92b77e85adc80649f594fc219a37f5898da3e7a217b976d354ef78878501d8db7cb16159ac24ffaf57cfa670c35ebf6b547369336c3964f9d2b50aac17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
20716a98cd784fd531e144ccfa9aa36c

SHA1
200f82229424f93d7c23a8620613551a8c3be95c

SHA256
8ad4096ba7cb202db2d76eb679542c0293e29117f384eea4f9de44593d0edf52

SHA512
8e503dd92c02e28f88ad1aa4629583a73ae26e63e7a4cc5994d3dd5754e14cf4d46822412275fc2161500d43435a3f5492218e82f1cb8a152b98581e7ea9ca6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb963077f501a1354e0fa088c2dc8735

SHA1
256dc8944503f7804a2a0faaa9c666e5b431d192

SHA256
947fdcec93f22ea9448bfbe944033116829c90f3df0cf4d9dd348e7d404d910a

SHA512
6a4912fe6fba800af2e8e1ca22c553adaaaba170e5375a1f5bf5f4e5748a5a7eacb65ae625ca28ecf96c15e186df4a422e8d6702be4eed598386b79522a4bcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d3d4676ee1540fe154d60fe3136c1b2

SHA1
96e675131ef9f5a54b6ea904c1b40c0946f0cb7c

SHA256
57072efd483a6c9572716586949447d2e669c8a7a762f733dfac07816151d083

SHA512
6bf6910adfa6ab0cd315eb7850f348f8c93e3c7b3bfccd3fad1dd3169ed35c0269dbe735b9d768a52d615ddaf7c812ff5a1e9ebf6e7b532f02f2fcf3135d517a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
40dc593ae4fa0590b7db0804061fc0e0

SHA1
2d33dece1a1cca1ad88e3f03342f64f45e35be28

SHA256
a5ae97d879414cf88e308b1b5034a49e66fd35ab3e775f629f9225b39a4709e3

SHA512
4149c68315f417a9d5a211d63859df4ad58fd9f94216a90c6c934608691e99ae4d6a3df65b67167252bd88a48b8de0fa6b377e5ddc0f9adf5d68b35a6c29f2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
3024d37e37915eda906ff127098b91a9

SHA1
416e6304c64a7bc12b3f0c514273000cb72d521a

SHA256
b809661cd8561639801d27a8b99f5c9a350dfa1a5559d3cc8ef9d83498672f23

SHA512
a39057302f8f48ce0520678cf02b8025cd5cc261dd8dcfc5b46c12df9e52791b4424579912462ec40f1e10f72aba3c787187dd393ef82ccacd341dc0e9cdb694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
48ba2325a1a699db209ec67bea309b63

SHA1
45c4cec0fe277a59e3e8b76d9d41f1b0ca1aac1f

SHA256
bc7f8dc8f7838fb5a6af727979997e6ac8fec734af4b24bbd5a4a846c9e68dd1

SHA512
4b3b307814d3952973450df297b0fcc05ab9333fefdcd7cf3a508fc78710b0d91925c39e4013bd1cfc38927c48ec13b14eb3cd42c2bcd988ef2b2b2e957283fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e01883a8204d5685d38282dafb70cf51

SHA1
26249d6d46d504b57b246a90a10847fd7568d855

SHA256
69763bcdcae91cfcdca79f4706bc24c34cbb7125a0d1c2b97b5a2124c9f63452

SHA512
d464170c40f2e00fcf8258fd6baaa92d3da9524b5d502ba3a086bfeef148f0cd4dc08786ea3595571ef997cf43f091e8dc40d413788e5baad26bf44093c334fd

Download Submit
\??\pipe\LOCAL\crashpad_1900_HGXXVPGPBMKTTROP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit