Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 15:49
Static task
static1
Behavioral task
behavioral1
Sample
Aura.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Aura.exe
Resource
win10v2004-20240508-en
General
-
Target
Aura.exe
-
Size
343KB
-
MD5
5b82f58dfef767e24021ffc205c14b18
-
SHA1
1cf35a41bc428fd46c96069dd592b81b2da558aa
-
SHA256
f45bdf5984dca63e9cb56eedf128d8a720d75df58c60d9943f859a7f5bea337a
-
SHA512
5e14390ad5526edc775fb2182e5ac101d3d0ee14ee64f4a2a15a8b3092d7afbd72ca475096257121683e69420129b1b3daf44cba3c0de9a8481a086d79182bb7
-
SSDEEP
3072:TMu8A44fzQZ4B34rke1wk1OFvGtg7BZOUXmFOwlpXsvGtg7BZGUXObOw+pb:KAMZ4c6FvT7/tmFzyvT7/FObQ
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 54 wtfismyip.com 55 wtfismyip.com -
Detected phishing page
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2000 4932 WerFault.exe Aura.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1920 msedge.exe 1920 msedge.exe 3876 msedge.exe 3876 msedge.exe 2068 identity_helper.exe 2068 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 4104 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4104 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3876 wrote to memory of 4188 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4188 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 4016 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1920 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1920 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe PID 3876 wrote to memory of 1776 3876 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Aura.exe"C:\Users\Admin\AppData\Local\Temp\Aura.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 10642⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4932 -ip 49321⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffc7e946f8,0x7fffc7e94708,0x7fffc7e947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,14851016632793113005,370546808651540600,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5568 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3b4 0x2fc1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
1024KB
MD5214b2fa780663e5b1778c56a8c0c63fd
SHA12a82b012c67b9f595eb9d236514bdc5fd69f99e1
SHA256916ba93a76b04c7ba7dd845ba5df93b495016834581ea315af3b99207251cf47
SHA5126d1b74be3c6db291094fd464f4a6e9495e5d88eae0ab98cd94c27c2d201cc002c5dbac312157693ffb97504b14b1137f6faece68e5bce762a215d58466555ec7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD560757ef592dc14e27b4b2758b235a2d9
SHA1b7945d1802b491c901b3d2d74999ef8e3ca4f613
SHA25663867e26bf4cbabaeb9ef97f3735542338f3987c47c5fbde8974efc232604c48
SHA5127efde2848999767e91f24cca117cdca3e0a0653b1d8e269f2c61823e3e925ff971d274aecc5cf53db53e0715fe872c94201dc734bda07d325929971a32b4f391
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
467B
MD5e2595ecfcd3989b1b758ffc69129b7a0
SHA1ad0be3535b21d3a89e399a3e818153248ecbd2cd
SHA256cd11be11cb84bf9706a08292e2f9e51218992fcb9d9096926347266378a87be3
SHA512484271d63bda72a261ffd97e86a139a5db43c7bd071d520a359c76bd1e1d5a8950520eee6ade491c16e269d2520d5c3d51cebba9f2614b8ba9b027adc5634c22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5734399c0a328b47978368248a2e7a058
SHA177a1b74ae8d01bb9927815dc131b77df0afab595
SHA2567a2473722962a713c56866942e22cabd44827ac66c176e04a326d33df260eebe
SHA512acc30aba23782f62ffd3d1ab7dcb116b47499e47c638091934692ed2cf11a0fcd99338a4ced2b305205735c37d8c1733d50310a1508bbc13eff6d79142f46f29
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a92c5383a518c282d452615f22e37415
SHA10a81ee556193d7bcb65b5dd63bc54977bd7abda8
SHA2566a2dd5477d0ddd8e06624f7f97937dc3cf9b5e43373851c2ac7c57492c097705
SHA51280a91a55eb5ab3b7eba519fc975afad593e0a25b988e589e20cc7b7b40abd8e25009da1881e695080e191befde13e61bb7dc00897e5c0dcf41819b021e2eb7ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5acd0c78cfbc33a593f46254552befe3a
SHA1163667bd87a23143bf35e2400a02210beb236036
SHA2564012b1ba6e03c4c32b5d4740b964ed73532d0a81259160b8d450085451dfec79
SHA512178ca8ca349048562f127fbb8ce8427a840895cb31d9874d70e1b49a3a1db12cf577a230e50b2b0ee32ed738c2f896d18072eb36b7dda3ada75e72440e4b92c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac5913d1-823e-4e6b-a9eb-42ea57ad897f.tmpFilesize
6KB
MD528234147f3aab1916c849b9adb9dcc3d
SHA11457d4c7d6f6934a1790235232dc01c8c4e2a673
SHA25688ab6dbaa29a893df35345cae5f1ef2cee3c40f3a11c1e1c878ebb6021775e44
SHA512018c1533156286189ff3befeb4b725218a234aa192de74ceca3d00cefcb800300ae4c4b10178dd2898417d41580de1b51e9d9191517d8a498c565a197164e266
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD53ea448ff1e2c8044320246a01e36af27
SHA1fa5f5d0661fb7aca46d1f63e70a9dc61a8d505ae
SHA2567d151ebb25b14dbc15b3f4b5faf487f6bc8f6ba86993bc470e9bca50469787e1
SHA512e353ad685c925bf401f0e8967690f9379c846acc450682a35d74fd17edcfb3426e64cb119831f53fe2feaf02653c0118d06e15addb34bcc66a2c57e2a69fadec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD50b7f221b322c465a378b860277de3979
SHA1570877e92562f7a705378846658e4c96810e64e3
SHA2568eeaac47ab73ccf15aa0cf04b35ac6ff7f59f0a50065a9322a71ed313ff67fc7
SHA512c8e88ad8278284ce47e25cf33c956d4ee200f34d76327a7ae7bee7e6b6581a8b974d79ce7b16fbde681251548f1d858996be71503dc4edb9974660c6363aa1cf
-
\??\pipe\LOCAL\crashpad_3876_YDORVFRWCPNWBVPAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4932-0-0x0000000074A5E000-0x0000000074A5F000-memory.dmpFilesize
4KB
-
memory/4932-3-0x0000000074A50000-0x0000000075200000-memory.dmpFilesize
7.7MB
-
memory/4932-2-0x0000000074A50000-0x0000000075200000-memory.dmpFilesize
7.7MB
-
memory/4932-1-0x00000000004E0000-0x000000000053C000-memory.dmpFilesize
368KB