c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb

Analysis

max time kernel
188s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 00:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe
Size

240KB
MD5

1cbcbc1633b28fe2fa39888159f8b620
SHA1

478f21da29db9204c9cbe5df40cb374fb1e67158
SHA256

c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb
SHA512

6e3fb26467b4ff3541233a2c2716c7e167e1f730fda9d1a806df55028fae47aaf66b45d4c4ab1f02c7f91c4fa9d391b8916286008f3766be8bc36a37b819cb53
SSDEEP

1536:GLWX4TL26l7x9DA6jT/HZ5b7v7O8puWkSnZQAP3Q:GyoTL9l7x9DAoT/HZ5b7v7O8LkSnZ1I

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4808 set thread context of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1828	msedge.exe
1828	msedge.exe
1848	msedge.exe
1848	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 4808 wrote to memory of 3680	4808	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	83
PID 3680 wrote to memory of 3404	3680	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	84
PID 3680 wrote to memory of 3404	3680	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	84
PID 3404 wrote to memory of 4792	3404	msedge.exe	85
PID 3404 wrote to memory of 4792	3404	msedge.exe	85
PID 3680 wrote to memory of 1940	3680	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	86
PID 3680 wrote to memory of 1940	3680	c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe	86
PID 1940 wrote to memory of 4944	1940	msedge.exe	87
PID 1940 wrote to memory of 4944	1940	msedge.exe	87
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 4596	3404	msedge.exe	91
PID 3404 wrote to memory of 1848	3404	msedge.exe	93
PID 3404 wrote to memory of 1848	3404	msedge.exe	93
PID 1940 wrote to memory of 4488	1940	msedge.exe	92
PID 1940 wrote to memory of 4488	1940	msedge.exe	92
PID 1940 wrote to memory of 4488	1940	msedge.exe	92
PID 1940 wrote to memory of 4488	1940	msedge.exe	92
PID 1940 wrote to memory of 4488	1940	msedge.exe	92
PID 1940 wrote to memory of 4488	1940	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe
"C:\Users\Admin\AppData\Local\Temp\c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Users\Admin\AppData\Local\Temp\c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe
  "C:\Users\Admin\AppData\Local\Temp\c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbae2c46f8,0x7ffbae2c4708,0x7ffbae2c4718
      4⤵
      PID:4792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:4596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
      4⤵
      PID:4928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
      4⤵
      PID:928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:3936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
      4⤵
      PID:4112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 /prefetch:8
      4⤵
      PID:3236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
      4⤵
      PID:3492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
      4⤵
      PID:2736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 /prefetch:8
      4⤵
      PID:1968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
      4⤵
      PID:1440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8463364880382943271,7221289735280820609,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
      4⤵
      PID:1192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=c0b5976058d870c9499df19e385a9797f8a23eb3d4cb352adfa559ae19d49bfb.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbae2c46f8,0x7ffbae2c4708,0x7ffbae2c4718
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3994300927751454799,4915154327075706003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3994300927751454799,4915154327075706003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
8572f60c3d290ab98bc369ae8eebff9c

SHA1
4264dab520f77ef609ab5ca24e4c1bbd1a7f0df0

SHA256
b4be06a39491f6df0412436b81b6cf29a608866dbcc88435a540201a250f0549

SHA512
c4ec373649d008874a7d4f2da0e7eb7123e71c895c7bd84ac230375871c3f97dfc7f7c950a37677fbeb2b87082c392a4f1f037228149fdb06b5f29f8c1e25fe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
43b5123d5e0c37fd9cf9960ecd4f0de3

SHA1
843ad7ef16af42ecad2bc70a9f3cc46a499295eb

SHA256
d9a0d547395a224c2b84a585f4f46f8b38c98ed760a2cf44361d2c98770781f3

SHA512
1c9cc311c292875f2aed2174f18b5c71dd5e0122dc892dc7d7d041a9d37cc24accd2aed01f07bc8ab9a5ba0a5443819778d455dc0a2e423ab14ddba9b15865a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a58a7931227f93b9a54bc982c0d99582

SHA1
7591b129f025f2003039a81830b9cd5d7043d3e2

SHA256
a6751ef5a8d88960e0fc22e205155f766e840d13c46c962166f35e3bf8367ac0

SHA512
24eec66ba6b79cebb2b920cdad34f9b68fcc9503a2e4bc718ddf3d39b8f959ee1c7b0e73079b31a0e8acc98960fcedeb7e49f38b8f5036aa21294048f7f1a79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6102471af38b45f30decc8db2f59a8e2

SHA1
35428c52f58b3a35d5028929b6298d6b95d6bdec

SHA256
57e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4

SHA512
1040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6102471af38b45f30decc8db2f59a8e2

SHA1
35428c52f58b3a35d5028929b6298d6b95d6bdec

SHA256
57e3a5210c5872fc5d56b4111a4d07e512ef54a79128391084c167c101a9d7c4

SHA512
1040720fe63680c7a17ced8026e3a2e31e0e73066bd0c3d74e5cd4a19c0e6f23dc30e0a41f62d92c0b9cc9840895ece4b3d36a200816e400feec49e54599b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b64414b48d06661762b90f52da538667

SHA1
24064335a6955be098d1aac304a0d2c49d83c6d1

SHA256
98b1833dc2132419242745bb6f3f1f23c00fc6c0f984d8cd54da5dfcc53f3a2b

SHA512
31ef03ad25d6d514610c18a46331bffbd98833f7cf9f1043b2e9723da5443f418f49c87eb246994bdd19de4320714d368ac5241208262cbd5880f55e453dfa4e

Download Submit
memory/3680-135-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download