hxxps://travelershot[.]com/apps

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://travelershot.com/apps

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3952	msedge.exe
3952	msedge.exe
2780	msedge.exe
2780	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
1908	msedge.exe
1908	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe
6036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2780 msedge.exe
2780 msedge.exe
2780 msedge.exe
2780 msedge.exe
2780 msedge.exe
2780 msedge.exe
2780 msedge.exe
2780 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2780 wrote to memory of 5520	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 5520	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3800	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3952	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 3952	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe
PID 2780 wrote to memory of 4900	2780	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://travelershot.com/apps
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c10e3cb8,0x7ff8c10e3cc8,0x7ff8c10e3cd8
2⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:804

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
2⤵
PID:6088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4840 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3048860463510518429,96961824642920204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae7fbf62fc07f0bdb15169d2de3dc768

SHA1
9155eb973df31a7d6fb95f03058dd523171b4f0f

SHA256
ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624

SHA512
1539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a5e869975d65ad786022d6fc8b47b747

SHA1
14b030f53bc86bdbec766b2f3942804ca742043a

SHA256
d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f

SHA512
fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
0e2ae78105accec312a4ed4a6f54845a

SHA1
b2462e23200669b010aa34d3885042d8b1b9095b

SHA256
4e6ee75c4c7a9ff518809830a6a671925a6395e30523e99d0e81cbaf9a527b7d

SHA512
6cc76d533aec356263f0df16b879f44a10e89cc2b2c00cc5f276efda260f30e8a8613cbaa8d960807c55ee3598875ef22bdc0f3e641101bfa36edda6604e231c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
4f126f6752232b230055540fabbd404b

SHA1
1090e81b51a60a97dd3d07cf3a67d464ede8a951

SHA256
b33092c9ee7803c04c2125072f01b5eced9d93a5b2eec143d0973bbc499a0387

SHA512
330ba1c63fa78eaad12753426f7e3f4b83133350f0c78c4e8467f183d235e3cd0e9e740b0223f17a8cd9fcb3f6936c753e2a84e1e25452969a96da01e0d3af95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
60b2e509a2d07fac6fa25577fe0760b5

SHA1
3920a76bff0a2631f6814ad43b9ce10367422aff

SHA256
fe8dad0f8df0c7b5f6ae8bb986dbdf22ed5dcb771ff068b3acd29481e23ec033

SHA512
b705bd242d9133a7d0437493aaea32208bb1e04f419c9ba1facfbf4c6efa13b01c7b9011acfa732e2a79405aa29d6eafd6730d057b3cbe62a1b5364de64f54a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e0b71f803bdb39fcc7c72ccd03fb841e

SHA1
612b47e5649a77f5988363dace84ba856b00b4f8

SHA256
6ac8bbb5ea340763535fbbbb99d89eb7eb82b22d9aeca3751f9ec406a221d750

SHA512
ac76362c079a44140ad667026209e59799d6c9543be2bb444616e33745e32fee801e1aeb77696bd63af04fcbd01bae52dc0c68d90ae7e5688511cf72300f4fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c5af3cc5b3606d14dd30265aa85f38aa

SHA1
da9ebe85dbae12b18d4d486093ab7b00350f7d74

SHA256
d16f282c52b531409fd4d1e1f081b4215e65007da58aeb81d0f711de239ec40d

SHA512
3560bf0523f33bd50a8589e6c4cdccda1eb82b435cf9d377ee8517b6818365e47bac02f720a7a7ed39d1b07fc69b227097b0930af210d27a223f2bce7fa11e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c5c8b7f74318525a194b7f88d9e4501f

SHA1
ded21136320101098002e74ef3f453cd3bd81d45

SHA256
968acfb6dd71e6f7dea784aee6ae430a59a9aacb22076e699d8f74de19c31024

SHA512
4f21661ca8ac1bb14aabfadc40bf6a3248bfb2c4a0375e2f9efdb6273e7795a7f08d85d2f9310225dd85dfb9d18a6cafffe6599264042de77a7fbe1d89ae4903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4e20944ba6cfcfb01b0d98a67ddb48b9

SHA1
c0ee25676cea3901462817668ff0472a1ef7373a

SHA256
ef39e54d5d5cdf5492fd49252865b446b2ba99bafb5107db147ae1570b658a64

SHA512
91b479401d8a04e2e039098ef1fdd47ddb228fb4d862cc0b2652840a818d0163d6e905c327f0d4e09f4134f9cfbcf22aedd3a5c0948102f25d4a336031701fb2

Download Submit
\??\pipe\LOCAL\crashpad_2780_QFKEHIOJFEVGMKCF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit