hxxps://bitly[.]cx/E64NC

Analysis

max time kernel
480s
max time network
510s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bitly.cx/E64NC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4188	msedge.exe
4188	msedge.exe
2216	msedge.exe
2216	msedge.exe
2152	identity_helper.exe
2152	identity_helper.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2216 msedge.exe
2216 msedge.exe
2216 msedge.exe
2216 msedge.exe
2216 msedge.exe
2216 msedge.exe
2216 msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2216 wrote to memory of 1060	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1060	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 848	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 4188	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 4188	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe
PID 2216 wrote to memory of 1960	2216	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bitly.cx/E64NC
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d7846f8,0x7ff84d784708,0x7ff84d784718
2⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16459786595336190345,1691685589106459844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
bfa144f85533d7b3e635658da3c454f2

SHA1
63f40648aac8a285df58484b5f46d8ea5e676ecd

SHA256
0e0f3e79145f602ed9b3eea6c8e31500bb797401fe09277abdfa4725921a5808

SHA512
3e966741865d66eadbf25ec8e809d6bf1f65d52b840098665dcbb2b980c8dc3d8eea17a660eb65b35cbe15a4d341d3e9890b0a28c50fbc26c1ae7f781054e9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
89bfefa82a4023c898b5f409181542ff

SHA1
c69d6d0a0aab6c506efd5240f83cb2e124096c12

SHA256
8a11e645500148ded92625621213ca67f2c0e8bac5bb919b3b253ee186c838da

SHA512
0f24ad9bd813da16aa57b1ca498df99ccdb8d0af6379d8767ceb112907894ba62910c4aa610a959e9e4bc4ed5d6d706dacd9a0b707e62248859914e4279f537f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
55b1da0c6827c40456d25df78654c1a0

SHA1
b0224073b2f481e769763ffb431e335d8f2258ba

SHA256
335b1937e082f0c637808d897d51686f6f3143cdabf5e915487584c7fbf847a9

SHA512
1ea4febb05e8d1ff2b2a485412d73ab1cf073062bc2bd49a1a4c195b91679d50b973fcfa64da6db69bd968f6b3f74c2e6a21eadd2e74ee0ddba276d732914bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b31a9e14e0aeb6ed102d64f7b4ea2b20

SHA1
4566bd6fc31176b534207b58bb00d59c6a647fe8

SHA256
70bd1308a48fc03f8c6c596d9cd1e8eca7e0c759f049e415c334563e6d31f1d0

SHA512
5b60c24ae7920be2964b5cb1d26f505056bd7d0e529c93cf7bf29a2270fa93f329dd7433eb450f32f1bb12d1613aed74384e551c062f0615c81e9ff7a6489e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7b4a13d900c708f054f16c2115e386ca

SHA1
fb5d30959057290c5057c11c09dc8b1bb9fc963d

SHA256
f019282d4e80c0f593a01b287d19dcd60b811d84f1360d121d96ecd195109fe3

SHA512
e6388d1c175f83e064c3c85a60d69a7d798dcbe478044fc56703e9a87ac686c4c23c483dc9bd1ed685e8ab3472e6370f883273d876d13d4d68899a82290899cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
164ed33bcbfbae5d578fb9fc789f1bbd

SHA1
201fa872ccfda87f443a5e1bd7fe54b0aa637d0e

SHA256
b4bb9efcdff23213d81aaf5e418fe552cbd7348e3f36cde7fad1b362bd92ef4d

SHA512
5694d1a521a724119ea83ccf43a5aef1b388d9aeba014d5cdc6511132084c12f06df7dc8696c60467b6c126d2081aefcefd8e48248084c886256091798753bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bc0c284959b034ae39ed6a1f02e98f0b

SHA1
058abd07833fa48790493047ae71b68fe51c03bf

SHA256
975616975d2278045cb58261f3ae2d0d7449cdbea9523fdba31420715b01fe33

SHA512
8777879f31270f484be5626ac53be452df1380276c1d5d8fc2efbe8bfc36541bf4b539e2f9ef8d5cb1faecb4ba3db8e045f37ce21f7eee6e9405604ef6986d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1e6e392d65b7a7fba85bf762764ce165

SHA1
a656c741fcd2a7d61f437da71cb3defa964d810c

SHA256
ca73b0abef9e874b563900a3975e1863c964b6d420c403068a9b353f6893bbdd

SHA512
18b46ad687716501744c8cd1debd6f232adacaac458425e176e08f039aa82d57ca2f086bf9c30294c214593e42817f92c3d9e7d749cfab74a17cdd6c9bc74c5f

Download Submit
\??\pipe\LOCAL\crashpad_2216_XHUWTBVNFXTEHAAC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit