268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c

Resubmissions

01-05-2024 16:21

240501-ttyxjaba41 10

01-05-2024 12:38

240501-pvah4seh9x 8

Analysis

max time kernel
961s
max time network
965s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.bat
Size

42B
MD5

781f882af4fc7061ede473ee5d75e17c
SHA1

41b54f6c7bbb19327bbf88880ff3a3010e7af6a6
SHA256

268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c
SHA512

9471507eb329ea7050e2da756b8af58dbe3a63d7f0a707d24a6416565cb505d2967046faaeb7d45bce98e65468b95203725b09eebe3310ba589a6c38c9806697

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3726321484-1950364574-433157660-1000\{7D4BD526-3AD7-4950-AA20-CD7B4E501BA8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1272	msedge.exe
1272	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
396	msedge.exe
396	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1488 msedge.exe
1488 msedge.exe
1488 msedge.exe
1488 msedge.exe
1488 msedge.exe
1488 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exemsedge.exe

description	pid	process	target process
PID 4548 wrote to memory of 1488	4548	cmd.exe	msedge.exe
PID 4548 wrote to memory of 1488	4548	cmd.exe	msedge.exe
PID 1488 wrote to memory of 4040	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 4040	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2004	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 1272	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 1272	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe
PID 1488 wrote to memory of 2416	1488	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ufile.io/cqkymsa9
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7c9c46f8,0x7fff7c9c4708,0x7fff7c9c4718
3⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
3⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
3⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
3⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
3⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5428 /prefetch:8
3⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5420 /prefetch:8
3⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
3⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
3⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
3⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
3⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
3⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
95660d241f22a0c958d896805097ec89

SHA1
1aeb551e01bd9292f8ecf1a45f1d653c72bb0910

SHA256
11db97d03678d8c71342fa2a835748b038d6ada7b15040975a19d065b07c40fe

SHA512
86182d58a2ceaba139004738ad54e633c838c1d79b57b86f968741de7d0567e69ff48448094219cb282fcd54722c92e52046b4e0dd282cc28c6f8a14b28e5458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0b7d0f727d644230eba4680ad74cceed

SHA1
ec03ed730d0129f7138f8576c9b0c81be7d35015

SHA256
58e41cad194597f9cb88ffaf2d009f14eadb429d9a19d99c5a635379cf88b58a

SHA512
02b8ae57125a54b372342fccff6b8dea0dd3c7f0df267a36808fea4b8ce03b696158327e4b3f749a1e80afa94011c9ce0a20f21f6730febb0687eece5800958c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fc54c8fa5f854ba3647d5e2d8cf45859

SHA1
5b6f17deeb4e7493c8746e76815165ed0b0311de

SHA256
e8f18b0f0ad7228c94f8ed7163faa3ae5f1f81bcf495967096d589981b2075c0

SHA512
4c4779bdcfb28424f47726a03f64acc79b0c39fcedc1f367eeac7ce4c7f6bd185e5ee2164d22b29d40326849a2fb07bba9a363d9d3fe13dcfee6865f3908b009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1433a793d7be8c0572f9ce4d39845de1

SHA1
85701f8ff93b7910d88b3a8f353da046a3897745

SHA256
475e1499bec8b5a934ba2c9f549733a7f51f4b7f14450aa64130797d03105e49

SHA512
a018cacc30d1cbdb2accab83242030ae8b73225b7215670470bfbedb50f93af6d6e2954133398e3c493a63a33d28fc29b8d14902b4fbf08f3bddc8f404939cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3f4b814cad5a686c76a9e670a97bdb28

SHA1
5c02543c3d992ff15baf475f738dfa267a9c7d78

SHA256
3a05559ab49f679aa5c683908ed7509aae4e1e1f51327b0a474bc540cd54ab2e

SHA512
3e2270b351ac3ee292c7271b16700e504bb6ff46ff61664a1bf5b3d827efb534e8df112d023febb64de0e5e516bda9fad41069209507eff5e01fceca1cc101dc

Download Submit
\??\pipe\LOCAL\crashpad_1488_XGFGOFENHCBZAAZE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit