Analysis
-
max time kernel
236s -
max time network
238s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 02:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://itunes.apple.com/app/id1273998507
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
https://itunes.apple.com/app/id1273998507
Resource
macos-20240410-en
General
-
Target
https://itunes.apple.com/app/id1273998507
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2288 msedge.exe 2288 msedge.exe 4740 msedge.exe 4740 msedge.exe 744 identity_helper.exe 744 identity_helper.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe 4740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4740 wrote to memory of 4680 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 4680 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2828 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2288 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 2288 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe PID 4740 wrote to memory of 1992 4740 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://itunes.apple.com/app/id12739985071⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ce946f8,0x7ffe1ce94708,0x7ffe1ce947182⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:2828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:1992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4160
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵PID:4208
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:744 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:3988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:5100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1087295129634507674,2940632049467879850,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
528B
MD588074a7b103c182b0021287e7adeb45c
SHA1875d3bb27087d0bf883cc704cf118094c1f96ff0
SHA2563428c0f784473769c016ecf6fb30f90a9a07cea6d9cf3d8b5a1a6760eaefd119
SHA5123456bd9504af8453d590564dee92fb9f6df8ba3628f1b9c6eed6673168b97a5f4ace89292e68935e2b002cf9ad4b207e73b923fdba2225b7b857c1073258303e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
335B
MD5925452cb36090a065787c5cacd5df1f5
SHA197520e42773f3c52068420e6de457bde3cf93af5
SHA256bfeed8ad8f5fc79a95a14821119cf870c386e44410f70c7519c44843ad29ea19
SHA512ff2956e4fc8263f1747cee7ae4ce977098502fbde2e76b46f3d0baa75a3d760a3ca711d7f436846cd2a6fc04877a42f411ba82e60407370062f313383e7adfe5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD563bddaa38ac48aa9fb51fb5fb3fc3a57
SHA157e7b690984668ca216f4ef7f61fb0efd40da1e2
SHA2567905db9433a44bed62723268996968d30f2ded15b88293a631c6c2b7d469e8b7
SHA512e90949f4598458ec044e0744c4c47e2891e6f89fee4508cf6fe3dc31a826be561bb18fb2a25e2e742b7946448db1a4dc6cb46d18649f67b62f2f7491c0fad69f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD50d2acfeb8177136c327c1867fa814f2f
SHA144c091241d2a2ea6c4a28a85c0f9bc83d0b547a0
SHA256621d0aaa296593cebdeb1aaeaa2e93ac0ed84ecfa1a66bc674597f1f720e2921
SHA5129a7826ea41d25a995e6586f9b4b18c45228cba2422c1eb5a3ad17d7ffa20fe9f24c3c2981cafb23b87d1d0cd047da228931bffa77fd028b16e6e408a2a7e6f37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57d0dd76e899ad1005c405ae70934e1bd
SHA1d7ba08f908dd56a0c04c28f9c665d5754fd66181
SHA256f56be11dc3bf5c453a3b8e7caa1f0775bdea03ef61c9c576dd6478529bfaa0d1
SHA51223a7eccb59d0bec38d4037ff6a77d81603428c115d0036fa0b64992fcc2d56051e67883faa7fb58abcce71f4d34dd0de79a44e0b9863f7491d7eaa2036b82dc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5586b2102998045a6e6723adfc4d6113b
SHA1301cdcec1f92e30fb6a61b3c09819d0bad45ecc0
SHA25693d605f8382f0546d6988e906405420733a4ad45b5a974a7d1bcf44555126e54
SHA512f24167cb6b3204cbe0291d606e73793b5e539ca34a7422f7f2ce024eb14e6652345dab78134a795d56c044f52609cc828c1f8e20b561f4edf8fd0abc3d8d1a2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD50c6af24f42e6404e5208e055dbfef29d
SHA1b87f81eedf1c550823b696cb5decb470a207a269
SHA2564b97476afad1b7cbe2a2b8edaf901e2fa82ed26798489d6469349c245e760b37
SHA512c58df4414d03fd86100ac790b6517bc652d889c781c169cd9673c98e54e3f5e1c711b20c802276d09c5e0fb109c777b1b7bd5cf898a7165788316998ad30134d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b546.TMPFilesize
1KB
MD512f86e1d98bba79237a8ffdcee9906a8
SHA10223bdbd29eddbd17057ce4df895871812c68d8a
SHA2564afcf66185a3e332aabbe7a7b86369eb4c0801fc1168ad5e73a316c43658844f
SHA5127b996920533b4437861b5dcd9652464789626250aee2ea4c3eaa0a232cf80076caa607b604cffb262ab5da55e3c8181695663d4599cc04522543f318b8d9c473
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD58b2e2cfbb599b07e227742da6a7564fb
SHA1d109c68ae63779337316bb5c1ab317194c437bf2
SHA256862b730d2b345dfec9ffdb1137979c7799754bb9bc155053b6e055d806f8c63d
SHA51218b2a871327a89486482e381f060954ce5b74c5d3546a81f582c0bd9ea4b49361babed5fdf2c5e74ba5306d9619cfc7c98dadea8510d4cb48d1c8df07192b6ce
-
\??\pipe\LOCAL\crashpad_4740_VDOFRQLWKCWJLYNRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e