Analysis
-
max time kernel
50s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08-04-2024 11:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qptr.ru/EDcn
Resource
win10v2004-20240226-en
General
-
Target
https://qptr.ru/EDcn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 2336 msedge.exe 2336 msedge.exe 1420 msedge.exe 1420 msedge.exe 1572 identity_helper.exe 1572 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe 1420 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1420 wrote to memory of 3424 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 3424 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5052 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 2336 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 2336 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe PID 1420 wrote to memory of 5104 1420 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/EDcn1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb34346f8,0x7ffdb3434708,0x7ffdb34347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
43KB
MD5db2a509594a5a1893b68ab6751b4821b
SHA1de248758ad71bb86150de155daa2fae0ef82186b
SHA2567205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51
SHA51237a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
552B
MD5a300b040f9c417b50883bd7c3ccc2419
SHA119a95db905eabb614c0096bdd1659f917dc739df
SHA2568a4a14ac072567b5ea25ff925782a953ae7c00ff8a1e8bea8091dba60666df1f
SHA512759533cafe51f628d08945c2c6473182e1e433edb362371bd395da67d3e12f207b12f66fa0eff6ba2a65cba692650fe72be827cac02b0e06dbb8a153142ecb73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
911B
MD566b952a583e0382f160bedcebe84b8d4
SHA1d77a8ed556f2407c7d332b05b4c1bf9c3f4c437f
SHA256f7da0720868846c8237a485bf4ebac6cdfde90399870321fd9e93d5c3bf34beb
SHA51259eef8caf40332feb7145769f1b414c89f06f812ec553ee229b03df16a446c3d1de48a588b6bea27e0396b810c824c0cec2e04e6a073faab7631c9724bb6ded8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59eb0fb9acb59d79eeb0f9978065acab2
SHA14c9d5474aebb126b49bf9659dbf246de009e0031
SHA256b184e1f730085fbc394e9fbd80ebb3e5c4c6e7cad7dc0245139e1924309f9ab5
SHA512015a34a5758b7a123c15608a8459f71004316901dd90d2dc8dabd351ea103fb322c4273e325101c09f9bbc5c253c5bddab82a51c179a308a946176f97b0ff2ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD522fc81c5fe38b3918e99835392712d68
SHA1f136691ec68a918e25cb265e0cb06ec3487d51f1
SHA2560a99f2ba75f390b219bb8378c335de4d818dc96a850145d40e595b7d3a7dba32
SHA512c19686e8f762b2bb9b36f9b3df2a0b12b8c04bfe8f5532191dbcd29b15fe1ff1ba0da971d6bc39ba1fa8ec71497c457be6bcc0e222423768cc21b11fc333d3e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5f117d391033ff05c49cf0b2e190dca3d
SHA13b292078bf6ef64bf09ebee16abf36c932bdabe0
SHA2560bb587f997e4f53c451442bebda6d1cd42be6e58d94bc6bc3ef2a28718e863ce
SHA51230a839bb4f6ee302c8f1fcd080bd655c930b995a4c1806619176d5b64d1c3bffbf7763ac837e8be39a26b5e18525f8f00cb7c0476e4ae78b98f843e921a9b8c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a2d5a6d088a5485da890a6597de6250e
SHA1972fa0c03af1439b4f37a8622d9f2023a3627b66
SHA256245689d0af120153d771119fbe0090b2bc35aad922e82348b810221b6a8d4246
SHA5122273bcf3f4f546722bfe77125b1a157548c9a2f5c0660aef2772c2c6fe8a7c84bb59585ba1c3f95a06bfb673ff9f1a9c7f1496b629fb2e919eb58f9a0310008e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD50043b7182e367d7eeca91b5164cab34e
SHA1e6ac7a0f46f66063ec0fa8a0ece5336215dfcfd3
SHA256dd152776f0157450bc100e6f663a3ef8d22949feedbf8a2e8038b9e5b24ae927
SHA512037f7e4f60efca2f79a0137f7528ed11a90c2def0a8e28d46c824b896fa92a073559d0e3f8064c2881d97e62ab9aa8c7f116d64a7d6302903aedfaefd73d1bc5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa3e.TMPFilesize
707B
MD58340bccd6bcf9ce01137ff766bb9956a
SHA19797b09db89562dd4e88dad179b0325ceb21483d
SHA256ca2526d0117f9d0341b51cfc4f3d9eda23c0e86aed6bc41fff650733e6895f3d
SHA512d601d59de4d4673469a65dfc276b9f10e709976f2ad2d7a08260375f3139cf969b5464461c7530006a02dd9e7df1cedbd438335b5304c5d70f4ccf5d902647f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5576628bff447dfe1665af18b0906bc43
SHA13ee344969cdf246d2463429235cec56aebf6687d
SHA25608e3811a2cffa98d01e2e82b401cfb6371a7ee4a5842ac9a9a83c62030924f1c
SHA51246702fdf6d88d05e8d25f3a243df7dce09c0ca9e14f224168f8e7f8dc3f63cc746fa6614d1acdf31e36323cea60099ed4c24097002abc2db70d8cb63d582d28e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c94f6afdb4d1415c094e397f171a4ef6
SHA1fb67b498c3eb7464847d9c408b91eec0d40c81f0
SHA2569ad1c9cee375fb7ca1aeac31b1d6da116c57d0b37144b6005ed25e7a8d0b26b0
SHA512dba7653cfa43761dd364114b3f5c931cc910ef32e7ee516b38ce1a8448555f8bea0ec93b4c17c60fb676ff9e9a419e0c87b21cc67040960bee78bf2f8bf10987
-
\??\pipe\LOCAL\crashpad_1420_RTGJOHHDMOUSLUFSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e