Analysis
-
max time kernel
1680s -
max time network
1782s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12-08-2024 10:25
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10v2004-20240802-en
General
-
Target
sample.html
-
Size
146B
-
MD5
9fe3cb2b7313dc79bb477bc8fde184a7
-
SHA1
4d7b3cb41e90618358d0ee066c45c76227a13747
-
SHA256
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
-
SHA512
c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1512 msedge.exe 1512 msedge.exe 2428 msedge.exe 2428 msedge.exe 2996 identity_helper.exe 2996 identity_helper.exe 2956 msedge.exe 2956 msedge.exe 2956 msedge.exe 2956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 2956 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2956 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe 2428 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2428 wrote to memory of 3208 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 3208 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1220 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1512 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 1512 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe PID 2428 wrote to memory of 316 2428 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d48d46f8,0x7ff9d48d4708,0x7ff9d48d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,9708579134105898303,418267047000040662,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1580 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x514 0x5101⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1d0d2dc8-083e-4608-8639-384b85bacfe3.tmpFilesize
6KB
MD587ebf88ad7e294c721a87c201c19d6b8
SHA16f26180ded4981d7cf2448d0e03cc48c15c85d31
SHA2569310ce1d57d85894d4040ad62dcaef7d3407b94da3349917dbaa3fcd1e4a8933
SHA51218b52eeffad7d6c24b52149e0337ff2ce28ea4b76d7f08786cbaa8ab859d7f1cce80ef608c6de2cb9188f112a963c023a9a85a1f91089babaccc45be0e569306
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5030aae330ccd8c88ce2a4a5a0cfee79a
SHA15a639ea33f85a7e790e56a4d208c166ff2d93230
SHA25693c572c9efac7d5bf30061278f6ecffdb64099b835f77fcf501843d71dc8903c
SHA512ce2e6d03464242b2e5abbf49949a4ecab7e06ebff6ca1774b9bdc1292cafacf9fd19808887ef778cada5d7f8507c13ba4f062c722e1341705069f110d78558dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53ea106938f364f30e1523d9e31de4e41
SHA11cce7e2595d9e9855d4f5f000c3d4cfb526a00aa
SHA256a24b43ab5863bef336dfd0564282ab2d9ebbb45ef026f3b15039eb30dad3b637
SHA51258fcde0aba4c0a022cf5832423a65b9c919a570daf0b5ecc28e410a9dbb2171811a56c9cd1ed7d89179ed9e2157de3370b837598cfce373a684e1215c36da646
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD551670b4722af94fdcc8a5700c6dca402
SHA1e580042151023506caafaf2f01d1145ca7624502
SHA256262e4058d45966ed382072ee2627a447ba9b21c09264bafa31775c5cfcb0eb1c
SHA5120fc74bf96b270152eb1f3723a685ec4a572ada87011a42d6e3d8fa57ce863fc257e979291907d1cb83c8c10e13d03b6af9060b5771fc068c403da78f483ddede
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59b83977c0809f5f4d71c31c6fa84eec1
SHA1017bf163df80cc03fef501bb078ff193ee2d5fa4
SHA256c3c5c82d92e01ec1e51a8d7a6e75be782c9f17ef7792744ea76e1d2c83b204ef
SHA5124d8e120a3c60c64ef441f0ad5f6b5de3a30c59c6f4540906a967d7e9ef87733e3d480572fd9dd69faabe157828eababafd9d200771cfe11bf71f8a0d218c0916
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5194bb0390bba129a09c6226019a9d124
SHA11a3465d9a5015102fffc63a89eba23c3edc6ca71
SHA256503640f5f7df6da9b1355836690849ca683350246c9da370916b5ba60b83a248
SHA512ec02f3e4f0f2a04cedda2dbcb8d594b3da2ce7325cd83f568f70756d0cb728148c9daf6c83617b40f685a771bb3a7b189e81a5fda983ec8cec9f87a0b9b5da90
-
\??\pipe\LOCAL\crashpad_2428_OWJSHJZXCAFOCYREMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e