hxxps://qptr[.]ru/Vmkj

Analysis

max time kernel
43s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/Vmkj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4672 msedge.exe
4672 msedge.exe
3388 msedge.exe
3388 msedge.exe
1988 identity_helper.exe
1988 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3388 msedge.exe
3388 msedge.exe
3388 msedge.exe
3388 msedge.exe
3388 msedge.exe
3388 msedge.exe
3388 msedge.exe
3388 msedge.exe
3388 msedge.exe

pid	process
4672	msedge.exe
4672	msedge.exe
3388	msedge.exe
3388	msedge.exe
1988	identity_helper.exe
1988	identity_helper.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3388 wrote to memory of 3136	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3136	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3320	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4672	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4672	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4728	3388	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/Vmkj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c8646f8,0x7ffa5c864708,0x7ffa5c864718
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
2⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12233606432222263631,18074315541139847222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
2⤵
PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
69509478ea1a926e13cf72f140985948

SHA1
04dc2379ddecef620fd782376d0defbbc985c2a4

SHA256
9521bfa5183a25e70acac945704acf76904a5b64d426a2f9de9719d74f7c54c1

SHA512
01eb8c26b0083ae6668c71fc05b97e2031066dd6105d6f482c35381ae5dfe3d8435474304dceaa826ce4c8c5755ac5b22d334546531b3dec6e2dd16867c63f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
108e73e9012f0463322b59aa8bdb5617

SHA1
dd09f351596ae7fe6df15008dcafc9f547408b72

SHA256
e9978a0d783d6152098e96a34da9a69082b642158ed70d40f70904b2301cb220

SHA512
55f87c3840e755808b5f16ac730663412d2802f8d009b598b6c8b13e0da6d67f456a74db43dd80c6d365f329a9cae0fa2724d3d5bdf9f91065be19123feb7a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
911B

MD5
c85abbf016d0713f5c062e14d2a11b63

SHA1
2abdf0a9c63041902c228f077fc0fefb0dfe8efb

SHA256
e58ccef975422e4b48e76c48445ba7f3e84d33e8552e3780360e612fa5d1e6b9

SHA512
2b231399557ea5023c4cb8e7584103a29cfba545652430fb24c53998a24514c96e1b1ed4762017edbff7a2966aaf30db4cc5e81be8fa93c6aefe2145e893aea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
06cb8ce20ead23adc918939677319305

SHA1
8976c7469dae73b80d5c07b2806da1845f96c9f4

SHA256
6676921f2fdf1f9b72036ba864312b8481a80eb6f1866ae3f902e95c9324f582

SHA512
26271e2b4f9f20e79a752df8b68f00f023e5b7d93acca4b1a4b9e2e3770f02302a6bac39b91fd898a2368065fe89b71b10c6361e16025568669f61471c04b792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
82f297a2e11c460177baf5269e585f54

SHA1
28be26ad9e28bdaf382d77b2e4c3cded5516cee4

SHA256
03633006a7c85a09077f2a6e91fe032c4c5574fd561dba5227d8a0a668b93c06

SHA512
25de64da81c164d29f21010d59148b7f1ca837f9e7f67d454cb4ea5e6a4853095543863a70f4e1afdb5a6872321752ab50593e2f818848c7fe2352da937ba109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d5a40a71405786c10fbb50d6db8b77e7

SHA1
efff9df61bed23a46729c199bc2d4814c6bb7c30

SHA256
caece25b2128a0b26028a1431ea0f7e5f92214d0c77da5115599cbd7d20dc12b

SHA512
97dd0cc9d12848a1bd3c94b8561fa02d60d61bd22fad23e3818394ab3ec01ed622801ceb52b5764a8a3e6ebee8e1ba02915357e0cb057eda0d057fd50d168f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f078c083018e2a07e9a80e2ea310fb39

SHA1
23cb757eefa5fe3431c31a839531c9087c493750

SHA256
c4eaf515afe952de2684befb8515a50dead55e871d0022c30d6076e5a190ef60

SHA512
65efbb0f74d7dc9fe3896e2b62b1b3cdb5ceeb906b56b467a362a0e1c9ca2a3e7f3bd15dcdd8012e3db81726d76f322613b73169467fc990ab06235db1658bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2b18a7d51e15e4e4e1b7523fdfd36371

SHA1
b1d109422bb3acb700037c13bd39ef8ce3ef9669

SHA256
96682728c40551f320dccd2de4c598f9bea5d92472d45c5de742ba0655083ee5

SHA512
d2afa5b7a2d1a3a84f3911e40be08e59470249d99ab3ace6c705200f78aae883bf5cf46bd6a19f75e522b300c5cfda34280b36f51c3d83b31b891d6b7b23127d

Download Submit
\??\pipe\LOCAL\crashpad_3388_KZIFVYYDJLLFXIVB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit