hxxps://redirect[.]networkingtrusting[.]org/bpm/a/banco

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://redirect.networkingtrusting.org/bpm/a/banco

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4044	msedge.exe
4044	msedge.exe
4656	msedge.exe
4656	msedge.exe
3744	identity_helper.exe
3744	identity_helper.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4656 msedge.exe
4656 msedge.exe
4656 msedge.exe
4656 msedge.exe
4656 msedge.exe
4656 msedge.exe
4656 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4656 wrote to memory of 4388	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 4388	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 3892	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 4044	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 4044	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe
PID 4656 wrote to memory of 2968	4656	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://redirect.networkingtrusting.org/bpm/a/banco
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec0ba46f8,0x7ffec0ba4708,0x7ffec0ba4718
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
2⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
2⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
2⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
2⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3349011026233459357,4812371743043539409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dcf7b7f6db8648c9118903ae11d4ba7f

SHA1
74265dafa33994ef7148111bef9efbab6e3795bf

SHA256
e37da26dd87b61af0f60814c294039c308daa1d9854b4b9329d4f0f73390fbc0

SHA512
af9feca3a642b8b75de639cf8652772b3cd8af45071125b2f0e3a6c9dec6f29d304ce6d73c43fdb43d0ee1d10295700658104d5b0b6ab775440f2b9ded3ba406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a1c7c8628309cb2cba92459fe2e71e8e

SHA1
baac2923b088bba88dfd7a31f555fc3cd2c3c377

SHA256
0090e38f869c2dd4de536e6753758ba86bac959f299004a1ab3755f3e11a7657

SHA512
c958c4e8ed85749be852fe1c1d53f97b23e76d9bfabf0073a5a3a7c5b12f556da74770fa748b5943723c5f8b7b87bdb6bad35c4adff4f89909e37381763f3e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
4f870419454e9922f8bef0d40d9dd7ea

SHA1
a8a5274667dd7a4cd50b2d505152e754eb4f03d5

SHA256
b66512b6cb411d880183d1c121472d49f5e9b2f14cc762ee7d73a17345e79e7b

SHA512
93241e9247ab701278a4b2c1f28d3f6a33de5353879c879a5a38b60d3473b3d11f0463973e2fd0807936a749881916a74c1ab7bba270a28f880bdb60334320da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d9f1c8c43de327c2080f3702b571df08

SHA1
80904d903c98cfde348e021c1d8c1102704b2c21

SHA256
938e7c997e5df02d0e2e4a46123c7c0b77e467f6fa7b2fd1fdccae318b83541d

SHA512
bbf307c18da0c225993c9d578c3f63fb588c19602fcc80e85dd775dc4c49428667d04fd436197aea6fd35992372a51c06b75907e350b1f7e8e853f252f6531c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
14569803727aacf754ce9f2ad98675b1

SHA1
9a3f0b20090b25511bc604b5eaa7d8e24ef1af7d

SHA256
9fa7d2ad48ddae534c25099cb2afccb1db098387ce69412b87fb9d042ffe7f28

SHA512
fd1ad042a5303fad50c727db613af58ee06f902df6b2c931264f89e4812a02fafbaf6a1985f781a235a6f21ba239813ddda7ce3a79770138e3108d379070d176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3fbd518c22ac07ab316f3d492953c40a

SHA1
ee975630a736dc7496eb9fe65045b8301e88c9b8

SHA256
2c893b1fa3cef17fe68858c8e3ea333bee17247394b080aa2b5c8518073f26c6

SHA512
43d5338eddfbf3e6af3bbad0e76d131f2e59c27b6fbc67a12b612296324b26f21375e36be50922ba495b529ebac2b01a39800ecfd035d10dbfc01b06ef1352c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
f62f39afecefb4d599158edd0c332ce3

SHA1
c204efb7df0bfa812978506a3e6fdb88dbb2e2a6

SHA256
d0bfca70a679b26ea7ce6cada90113f728e32af376c90fdaa6b9f8e1c0e316d1

SHA512
09ba87ba4c25971482b8c7cd78361f9cf188861b36f72c0391bcf8d8cfe2e362a17c281e044207fafedbbf863653185bf19cfbb79756a8bebe7f57befb9a771c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
2a84db2248c0d2753a4ef7457907ca6b

SHA1
cd8805a79d9c37cc9758cb7830086075029fe778

SHA256
58a05f1121ca4bf4e93e367616fb0598a84cd9c41712e9abe0c84a13e59f94e9

SHA512
5aa5978dc276325047ddb3c8cf2c41b76dbe7c516b22fe99b717f49d55b11b7a059d8c66a7095672bbfd3a71c2cf44c8e8a6aa67dead15299daa106b5bf8f8d2

Download Submit
\??\pipe\LOCAL\crashpad_4656_OMYZQSFJSSTLYONO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit