hxxps://u[.]to/PoeHIA

Analysis

max time kernel
32s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28-03-2024 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/PoeHIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

4032 msedge.exe
4032 msedge.exe
3828 msedge.exe
3828 msedge.exe
2808 msedge.exe
2808 msedge.exe
948 identity_helper.exe
948 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3828 msedge.exe
3828 msedge.exe
3828 msedge.exe
3828 msedge.exe
3828 msedge.exe
3828 msedge.exe
3828 msedge.exe

pid	process
4032	msedge.exe
4032	msedge.exe
3828	msedge.exe
3828	msedge.exe
2808	msedge.exe
2808	msedge.exe
948	identity_helper.exe
948	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3828 wrote to memory of 4820	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4820	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4996	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4032	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4032	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe
PID 3828 wrote to memory of 4624	3828	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/PoeHIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9af3b3cb8,0x7ff9af3b3cc8,0x7ff9af3b3cd8
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,4040123170946298589,3143966296395643746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
7b7dad21016ee993a4d283966b0f5723

SHA1
4c3381d4f3f625023f1584cc59495da09827300d

SHA256
32909b8c2422eb27870907d383597e8f349ce9b3a04f8a769eb2e9b6666721b9

SHA512
ce5c1b744df12f3dacaa806de8d6072bf0ae643295b8875a3fedefe189a0b197bf1684a60a0f22f8383d7723364ae457feb06449e71988883608f188978adcfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
3139ce076ab9c451a9618ebc2a89cf41

SHA1
026b49e4f2b9e8518478440cd752dbf8f7d1d385

SHA256
c34a59cd12aac4e68b8d15af7e5eb173c241b46400a90dcb99738c3c163b735d

SHA512
e782a69ed7f2a905f17c6d8452e1c9e48fb75135db3cfa7ed72bce798cb53619e3954e37bfb6273bd1c8d717f50dda333fc0d2a7b01c686147c5f270bbbbb103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
845B

MD5
79c2f7fd9b1eff2182d45174be847e9a

SHA1
a0ac495be12f61ac068c4a81ff420a2bbd3bc4b5

SHA256
34d2142830d94ff6af41738140305a43691fa0e6436bcd8f2ffdcfe53038b5d2

SHA512
cf0e17934875d6dafcb0de818be3d495696074e8d2e83020c4f152b28482bfe15c5b9834d2365d088ef969b4a2fdff01051d9e4e807a410331f2590782fcffff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4208d94b0f692d22871f34c29ea7b4b6

SHA1
8d202643981ffadda6241967a270e04e9f1b45bd

SHA256
6fd8a4075592cd6c04c43c1331ba0ce0531acbf5e45e6ccf3b69ea04dd935695

SHA512
8f96e30dfd61f7234e9c7d152ca22bc753d0116f7f6658d7ebf0175eac14865c3f56e520939d40671c400ab26f1d90186988e5363908cbacf7acb4adbc09845d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0595988c531a256ab4087da49bc99df8

SHA1
ee2c9d5ef397b2c4e03e566a440f0b89ff4ed99e

SHA256
c629205abe2a75c49bc52dc56a08d134cffae24dae21984ef3826b89ee3402c3

SHA512
6e944569ab7ec491b4f57f11cbd490db1a7e6b439b0ad0550c291bafcff3f3e5bc391e953e6145f1a4425ac34d1c9abe857a713eda23264c1c26e5d41ef44fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3abae064e7afb91f255737083b0daf9f

SHA1
195313b05f2bb97b1d1125c307f215c3500e4069

SHA256
874a728efbac4008b506d7e6f3576b76427656b733a4a4b9e6a7d8d908ee17c7

SHA512
98285e9ee74685a4f05e5f2363acfb394aa0df249f7cee34045f99bcc4ec037b71fdb056dec15e494e5f3d00cc26ee5e3a8836c1654a0ef22b169f2b0c2e5f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
850f0d555fb437ba04a542abfa1a6c63

SHA1
13b53b9f950e7db2405556240f1b2b319047f6d1

SHA256
6073cc4594930c0f72a4fde83aae4da03c567a29f697c4c63eb50331e4a5def9

SHA512
9a2b87cee6ee220dc4ca852a73a4aba5487c907b6bb5bb9ab48535e05daa4381bc72bd8058a847619249e557358eaa2647daf234e6fae317ee972fedaee0c5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
03cb824b4ded189b583c0adba146cb46

SHA1
489b32e4ee0cc4c4d94d84e190b69d06455281aa

SHA256
dfe820b110d92197d3af83ae545853b3f4a484b450d4a84cb4f133d0fbb1e6c6

SHA512
51374be50390b7c4f9932e981c55ca25c87d9aab9e03aca2d19848f440f5b4df422f4238dd16ab94910be298b70ec4d0c3322c67a92efe6fd848ccf81b20a7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5dc7bfade198bbaaf2bc8b01f527d818

SHA1
79818dd320de1b80590bddb68c79b63e88e9ca4c

SHA256
b25c65f6a26aa74eb23700b07fb33f59c45e7dfb7af673989999ebbabc461b2b

SHA512
83f4767a394f34c67f75ce32674049323fcd6875717947fd3be286c1cef80ed16b7ab4c76e66ff9dd3f0e4b473fed37c7ed281591177e3300a5b0db996cbda83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ac7cd2c102267a9d574e223864f511b0

SHA1
1768970f3de96872de4857f197fcabca440edeeb

SHA256
35a653d33d847da890703d5b501deadae5a8e5b4fc29fdedb52153627766e279

SHA512
3c8f173a0cb2851f695120637c417983859da516bb7e6eed0d9d58fdaa2ed4fa40168c1cd903775cf3338cf578cf64d8435c5ca5aa1050e8dfac056288b33be3

Download Submit
\??\pipe\LOCAL\crashpad_3828_KKLIAEEBSNEPTXXV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit