hxxps://bazaar[.]abuse[.]ch/download/1632642cdbdc5568afc3a0612dc078e01fae6a96148934ec9af1faacb6926cb4/

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/download/1632642cdbdc5568afc3a0612dc078e01fae6a96148934ec9af1faacb6926cb4/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4736	msedge.exe
4736	msedge.exe
4900	msedge.exe
4900	msedge.exe
1008	identity_helper.exe
1008	identity_helper.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4900 msedge.exe
4900 msedge.exe
4900 msedge.exe
4900 msedge.exe
4900 msedge.exe
4900 msedge.exe
4900 msedge.exe
4900 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4900 wrote to memory of 1012	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 1012	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 752	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 4736	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 4736	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe
PID 4900 wrote to memory of 3056	4900	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/download/1632642cdbdc5568afc3a0612dc078e01fae6a96148934ec9af1faacb6926cb4/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e1eb46f8,0x7ff9e1eb4708,0x7ff9e1eb4718
2⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
2⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7012898922393078595,5685897087546037879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4424 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
201KB

MD5
c445ab4315d0633d446998c80764cc36

SHA1
47d3dee9845cc6e29b6771dd6560793b8b93000e

SHA256
5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242

SHA512
83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
1dec7039705ab9e4b7b3403b36def8c8

SHA1
826bc1397d2eaaa85cc2a9585bb8a23b9208e276

SHA256
2b481cf2495e08ffc1911065e3b7f20f7c9685ecfb0ec8afbcfb8be73b4b10da

SHA512
eab11eea09bb58300ad7a395ac8ab1fcc2de988f11ef294a7058af31ea294ebaa9274e4b8479033c60a8835d93c1e8b1354b4677c4890c2e9f3390a07ace8efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
cede81c0b3d425e18b5355371652dde3

SHA1
c2558b87b915a27dcacd9fc45225cb974493a37d

SHA256
1aac2737870c1f6e39723d57a949fdc0c4d3f1bc9158f88a7c870363a2d3ef7a

SHA512
5ee3c948c831040a260b52130120ea5c167102dee76139ebe3273032d180023d24c8a431ad7bc7406e2d38c6dffad02badce919ea966cb5155fe846d6efdad14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c7aee0900057dc481d4a27856df96f17

SHA1
28d7269ead2841c245eb5bf2b08fd805e03a11a5

SHA256
7e28fe52fdd28f1321f928094e89e225add905d636a27f480f634bdae511b3df

SHA512
8b1978dee7156f60be02b473a17323e5dddc2318a62ab87482d11216bf27e521ba7ace126a985c95af71624ff236bc957e99fc0dea3e6bbaa6ed631972c06646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
afcd71084f2a41cb775eee2675441bc4

SHA1
a1fe649a0256547786e40aecec0ee3530817ebab

SHA256
27a46425d2a3b05766fb08972f974f0d24905bce274768132d5bfc79226c9725

SHA512
6dbc08048cc4d4ab05c8e5ca85424f1faa3230622e072710557120a55956cecbdbba790b40b4832ec6ad1f9f9bbe1ee7ba74cd8364cbf5111c2615c1e6a52d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
9009cbd9d2aa4552ac08e34e8274932d

SHA1
2f4c0d76ee7ee3d119d6687b2fadb83a84d55c73

SHA256
7ecc460c9796be180e10a1b01ddd0059bcdd2084d89dc66ac7632fe316998c27

SHA512
a5b499878d73b2b6a2c929ed48df646d9f1f3ed7bcfea2b128919f0a3c5c3be004e71e3268067db145950b78bacfb2ecd0f8b78d255e1782ce9968085e76e06b

Download Submit
\??\pipe\LOCAL\crashpad_4900_KIUWODAAUHHRUKCT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit