5444f6432f1d82d11dcf35928e77cd69cc26287a08dad5c324a26adedf7a005a

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2023 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe
Size

438KB
MD5

230d8a7a60a07df28a291b13ddf3351f
SHA1

de71fd21781ae1eed0dbba6bf915a65cc4c0f984
SHA256

d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d
SHA512

b3305950a8d24b247a16b35d49f53dfbc367332879ddafcb7d95a1c44ec02f7ed66d26acbf9992bf39193094c7bbefcbbe59ae514619491e148bb59cb32ddf01
SSDEEP

6144:Ldgv30si81H+Uyc4WLrxBcQtz8Q0bDC3zUonh8CD2Kc+hO:W71HTyc4WnxBF8Q02UonhsF+hO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Center240600609.dat

pid process

1852 Center240600609.dat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1852	Center240600609.dat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4004	msedge.exe
4004	msedge.exe
2860	msedge.exe
2860	msedge.exe
3192	identity_helper.exe
3192	identity_helper.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2860 msedge.exe
2860 msedge.exe
2860 msedge.exe
2860 msedge.exe
2860 msedge.exe
2860 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe

pid	process
3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe
3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exemsedge.exe

description	pid	process	target process
PID 3388 wrote to memory of 1852	3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe	Center240600609.dat
PID 3388 wrote to memory of 1852	3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe	Center240600609.dat
PID 3388 wrote to memory of 1852	3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe	Center240600609.dat
PID 3388 wrote to memory of 2860	3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe	msedge.exe
PID 3388 wrote to memory of 2860	3388	d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe	msedge.exe
PID 2860 wrote to memory of 1764	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 1764	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4796	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4004	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 4004	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe
PID 2860 wrote to memory of 2236	2860	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe
"C:\Users\Admin\AppData\Local\Temp\d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3388

C:\Users\Admin\AppData\Local\Temp\Center240600609.dat
"C:\Users\Admin\AppData\Local\Temp\Center240600609.dat"
2⤵
- Executes dropped EXE
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sharepoint-vaeit.com/login.php?ref
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
3⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
3⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
3⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
3⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
3⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
3⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
3⤵
PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
3⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
3⤵
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3135662176454003270,6419171119088783087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8365846f8,0x7ff836584708,0x7ff836584718
1⤵
PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8f0cdba3e639a70bf26cf85d538ce1a8

SHA1
b457faa0d6c55d56d61167674f734f54c978639b

SHA256
c1e48c2dfaeb607efc713e1b5c01d1ee8a9491d8f3a2a5f4f3887e6c1f8c2f63

SHA512
3c270fc58170c37f51427aac2d3092ddbbc17832556718612cebb0c32c04e7e3b7e157969d458a4b9c3e8bf781c23489319338960cefb5cf530673f2b8f81609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2cbf0461d9488ae26ca867bf173cead6

SHA1
d041438e2ae602271a6e22ae0e4994af9ada5762

SHA256
644c4ed73feb6de33c46e7752515100002193520878a20902e52df9409eab165

SHA512
2bcdc0db3462c625545f936463f569ee97993fb50080665aa79b2468c6a91cd59c335dce2094a4dd5947c1c2b11ac841ddc42847afd1690918f1cccac7a9b16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f78454b91eefe37c6ffe005674e2a32f

SHA1
1d7c05b43292aa5af90f6a3a5285bdb8791a34c0

SHA256
a1c1d8c9edff806b8f16e1621065d6a9c019a67a7cc0b9e8d1bab9152f394db2

SHA512
ead9e4592e0b5bdc19f4c86883c277851293263a75f57caec6fad1d603eb3ae8f5b8ee357f32d68af1fc0d88e48a23a5f6cce06cd4263c490b5316b03606bb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8f472f5706f7f7e9508673402592ad03

SHA1
18e3a5699bbba3203e3876d0d28c560a5e6a9c03

SHA256
a98515127ff6537a7c2249265c6f4385320472a03127dc3d47c0d19eb2510d09

SHA512
7f1cfd39e3e078b180c6636822265565d07ee13929043095db13cfbadfcda476893244184aae3b204eee4f46a481e317455a8a96301982faac30ae3a82898234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
705d0f00fe825cb3bb66abe140c53dd1

SHA1
c1d1c243565ca3f309aa48bf62f16af54e7334e4

SHA256
c9581005bdc755801338b96d290492917ba10fae1563c194e6099579474aa97f

SHA512
374c93691f7d847a684238f8f9177cfbe5611b75285c1db325ca2aaf7179ce1e7f7874cb34328dcd6dd79a49a6df7e6edf056be64dfb7bb184e22ac0e64eb1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Center240600609.dat
Filesize
69KB

MD5
a0de79c3b449175aa97725e16c7e74b4

SHA1
1c57f8cb0fb4eb944634ae1e784bbf51c181a97a

SHA256
2102dd512f557bcd74d243c0354b9f58ced6036fc6a9be2620377890eec2348c

SHA512
d1a72cd238becabd9d0ab99cedddf22fbcdb6f410573995cd9f9c79efb68527d269e5f1331eee7905ee68af87be1dc1bd5b96769ac5b7ea30561cc84478a6e01

Download Submit
\??\pipe\LOCAL\crashpad_2860_KVIXKAPCBGTLDRBI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit