7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe
Size

1.4MB
MD5

9fe7a5643e8ad0f3918007d1cc7f31f0
SHA1

765dd954e5f62380c2a99ad701a562882a43b5f2
SHA256

7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f
SHA512

d1784c2e2da341e21cc7f33d64461c42fcae22b1159ce9cf06bdb4919916883bb67a8a21cf8713167fd31ce660ddb298b7e435b1f418b167bb6890db2227da63
SSDEEP

24576:gyLwgTbhsRfCuyTMuGT9E+4M1oxOMq5S45jG2LqAzOxa:pLwgPhsR6uyTMufA515SgzOxa

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1212	msedge.exe
1212	msedge.exe
3772	msedge.exe
3772	msedge.exe
4032	identity_helper.exe
4032	identity_helper.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4392	7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4392	7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe
4392	7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 3772	4392	7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe	91
PID 4392 wrote to memory of 3772	4392	7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe	91
PID 3772 wrote to memory of 4316	3772	msedge.exe	92
PID 3772 wrote to memory of 4316	3772	msedge.exe	92
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 3216	3772	msedge.exe	95
PID 3772 wrote to memory of 1212	3772	msedge.exe	94
PID 3772 wrote to memory of 1212	3772	msedge.exe	94
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96
PID 3772 wrote to memory of 2572	3772	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe
"C:\Users\Admin\AppData\Local\Temp\7bca2044d66c92d40bd1caedf5a31ebb40672c88b27c9857a51d5fe5ca58da1f.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.kuaidaili.com/usercenter/api/secret
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe042346f8,0x7ffe04234708,0x7ffe04234718
    3⤵
    PID:4316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
    3⤵
    PID:1528
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
    3⤵
    PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
    3⤵
    PID:472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9456072908690450586,17937469652445641988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
873f2bfba764ee7c635804a93681f837

SHA1
f273fc0040e592aaa26f64c377f94fddadd55f87

SHA256
369154a7af680714a8800e16e6a2e73f3a2f24747a079b3169b825f46026ca6b

SHA512
eef70fde606e36a287ab33f369efcf46ef01b8d05bc13a4c8e220d8dacf6084533787bb463142dd1ed85841c913d26e75eb231f7a47993ffc4cddf4a1976490a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ad5220923b21e26498583df419cf614a

SHA1
508b2c71258f7e68f5e15e3cf11a8d64c66820f8

SHA256
8ff10c55ad39938559a5f6855352f51f0a7b25eb77916f283faf82092459d6d2

SHA512
632d2c9deb6e95303e0083811449b3167feb1027c23c1ac9c922679eaf1774343894524cac7dc877985c98f1705a9fe2ef96b9d5c4e8dd1b0133043322d024f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
772dae58d2c3957babfdf245574c85da

SHA1
72f9e4781dd06fea4aef84268a8a7b2399444d87

SHA256
07d6735625660c22370ac2b87a2b70a08309e7566a5a59e722f6222e2730e4de

SHA512
e48d80ec1c384a850cbb27b16a926cc87a9c6c82c8cde2e64bc1c8148eae7b660765d17631ad92c28a966c84811b6d3b681ecb249c038ea4ed9dd14fb441bc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79365b4bc093d37e174a7b9b33532257

SHA1
f88e833dc42e688a7993317b927f4b40e4d91ac7

SHA256
95efd34f4373695c9107a490ab1b3aa6dded11dbf573178e81773e94ebe87f42

SHA512
6019104279d9fe511bc0a73eb6dada54b60d480ef92f043ad3f86c0c1dbee6833042b9655cce1a885739f570b3e91503572a4e14d96415543ef515afdbca0056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9779f011953298d8a2e83ad40793a11

SHA1
24b16bd5b64bd9ea70d4591124c8b21e95d0089f

SHA256
e472b8bd2e24f1cb4d24bbc1362484899d313dd85b74c344f3aa3755e2d43f67

SHA512
ee1cb0c2eba219425bc331f7eb1c7e3bca5e2ec37903980b75fb9c324484abb032314712ab0fd48717a81043f5eb10c99c901f4280b2ddac063c5ee3d0837881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b6443702d6fc14c59c0bd8d75ed338d6

SHA1
b6f201730de4d97868d3dbcc3aa40cccbfefedd6

SHA256
162665556205b5a80f63fcd08d722990d01ca1d7279924876774ad587d0c44d9

SHA512
ab01bc37b428c6ce128801232c89cf8aebb62a9a15e429f61335e55a4d4a2de15f78eb3185348b91f69e54287ccb8fe6df6f388af3dc78cf22b085564712c505

Download Submit
memory/4392-0-0x0000000000400000-0x00000000005A9000-memory.dmp

Filesize
1.7MB

Download