hxxps://travelershot[.]com/apps

Analysis

max time kernel
240s
max time network
269s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://travelershot.com/apps

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4224	msedge.exe
4224	msedge.exe
3684	msedge.exe
3684	msedge.exe
2956	identity_helper.exe
2956	identity_helper.exe
1560	msedge.exe
1560	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3684 msedge.exe
3684 msedge.exe
3684 msedge.exe
3684 msedge.exe
3684 msedge.exe
3684 msedge.exe
3684 msedge.exe
3684 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe
3684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3684 wrote to memory of 4708	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 4708	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 856	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 4224	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 4224	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe
PID 3684 wrote to memory of 1752	3684	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://travelershot.com/apps
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa1fdb3cb8,0x7ffa1fdb3cc8,0x7ffa1fdb3cd8
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
2⤵
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
2⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
2⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8234577643120868965,15930318199596711529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0fcda4fac8ec713700f95299a89bc126

SHA1
576a818957f882dc0b892a29da15c4bb71b93455

SHA256
f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430

SHA512
ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
21986fa2280bae3957498a58adf62fc2

SHA1
d01ad69975b7dc46eba6806783450f987fa2b48d

SHA256
c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5

SHA512
ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
e62b998c4ea11caf661254aa04a4eb4a

SHA1
1cc51860c5f2179a92feb8d15e6e31db7a58eedb

SHA256
96c48f0f9a1889c1a459649fbea4b57971a185f28283736e4775e5f79dec8c31

SHA512
6fdb87eba398ab1b0cdd9727914a0f7bda59deb90865f9d89cad2f1911342b7b5a0874c5b9766b6be94957660ffededdd6a5a86dcc51d75c1e40885267a182b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
a4588615a4ba8486d5fcc3e5a72513e7

SHA1
a3a05d3016c61843d388b83e61f9c8a780728a1b

SHA256
0ae3b01216edab8056a81d1533cd6578c2b564eed0e1f7375b537139ac6b7e70

SHA512
f072215f760260e8afdd5ef107dd2c7ac87829609e7cb462d46028a61de0ce0ce2da9c947d509d318618f09b2195df78d582b6416a97e00e1be18571c67e6948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
646b26e94ffec5a12b7fb19cf33ed657

SHA1
53c6af9954d8a7ca33b5868445fbc81fb5778e8a

SHA256
72ec02c8a6a6eb9f1cc39c83ff02b6c7e2ee547acce11e8ff094e68d4841f9c0

SHA512
79047289e3132d513325a4dbc5824f4927cb2b5e170c585a8f3f97e457a85eff906ac6cf4df6b02d8b26d360188a1f577a10f90c5176dae3d05af86f65bbb433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6b83bafbc9bf56574a7e941471de9153

SHA1
76473ac18bb6a7ad33df3393af3aa1616d9e23e4

SHA256
a4f38023180670f5f2f099235701518e06cf34bf37917edccda21e18a9d6d11f

SHA512
be642bcc28d90058e74f14ca5b3ff07170ab503e1f42c817f0ea42ed22c52db8e2dcf4bafd268182e0bcc1a3d995c2cfae36efd0d53f71e0d2473f607deb8947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
890c4e2a29e5938e1356d17fa7ac6c83

SHA1
44ba2adce0bf0cc810408f461f30ad26202b6520

SHA256
2d71801df53883a9f64cd2dea4297fdcb90b5f02ff0511560718c74a9b470dcd

SHA512
fee1caee49f17f71170ae46aaf93ccebfc7a8118a7e9b5ba1446a27aa5312a9ab130a3ca98d9314d9cd893abfd6d45a1860f2c4516fda3f835a9012200939913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
575e26f6274340da8a20cfdf2293913c

SHA1
057c16e46aab652f9adad25b4d2725369eeed3f1

SHA256
8d29ae161cdd9e709a41b1884a4d9bd8ddff0cdd419ca351543b12bb65536938

SHA512
2b097aeca63adeea9988cd345dd1095771684857e4d0ea101beb1299cc15ce886474010b217bab468c5c88dbfd7973763c63cd503ca752e3f0b8c7b00ed99fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
330cbeac18085bc293ffc8c9981d5c52

SHA1
704f31fbc0d5cd2e2765b794be79d65855a1b48e

SHA256
9538f713ab38d95ed13451650db57b4f881a17af7d69e047d3441a986ed4f69e

SHA512
149bc45eb2eb0ae71e9f8c0136314863d73ce5c48175731715772f62e7b33b3ea33e21a8c2d824acee28ef5f8e1231d00c4909ddb2dca1c24c4b299ee43fd662

Download Submit
\??\pipe\LOCAL\crashpad_3684_MVTUATJFLEGVHMII
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit