hxxps://mega[.]nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ

max time kernel
1779s
max time network
1763s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1604	msedge.exe
1604	msedge.exe
5016	msedge.exe
5016	msedge.exe
1672	identity_helper.exe
1672	identity_helper.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

5016 msedge.exe
5016 msedge.exe
5016 msedge.exe
5016 msedge.exe
5016 msedge.exe
5016 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5016 wrote to memory of 2760	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 2760	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 5048	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1604	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1604	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 392	5016	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
2⤵
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
0acfedb153933da64a94cef4c070c533

SHA1
27e4cb1868af5c45c068256a75f354211aabc761

SHA256
bdac0377ff27332ce96966da26f9b0fb1208ce3c8fb1727f976cc5f8e987643a

SHA512
d228f3596337e37ef35f4a6a98a9c3751f62d505e2fd8022f54017600428295f58036d116f8678a01da4ea0e297aada1eb852587294aad5878cf14dc09ee8436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
71d8cb2a5c87dc781ef77d7e153b3132

SHA1
a0354c8692289da4b7c8b4b56a60fcae259e9715

SHA256
cdfa713d7136852442713a4f6a201cc326f703d4266b9480a411537dfcadd793

SHA512
590567b1e1486a0632b81bfc79be5f06e89253f646b0c90444830e47d083d39af951c5007787d644612511ef9bde54adb05f9f71622d53ca38ddfd406775f226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
00394720ffd31c27c92492e9e67c6680

SHA1
3bb9f0f013a7a5966f78cd917c696167bf30c4bd

SHA256
cf39eda679dcb8c3b8767ad14c92623429e86612bea38bbdab4f02da1c46f293

SHA512
55ba86433da83289c23943c28a56b4087026516e4c3bc01715ee4c2a98a467a4759cd90ff3abbff0213f6b59aae39deb58690760ea4203395439ff4240dd2084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
5c87370fb5c214e3fd83d1bf38af9cbd

SHA1
ff16b7d46dcf69a32a552bcad4745486bcd93bae

SHA256
bf8271411f0364745300cefc6cbc69b3530d70c1d9003b571878da75c4f8a007

SHA512
c9f84323c480b374db00a3a664ff29765ca034718ab194c92187feb382e58a4923138eec524403da8bcd4274fc2a9c0a8d1eb9f2e510dc25670a8d6d6f66273f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57abc1.TMP
Filesize
48B

MD5
c9bb614ca7129475a0e9546345bb6add

SHA1
e0baeb5c2bfa5b594b9beb148794e5572bc8b7e9

SHA256
9068a1b546e7d6c639546cba862a4f4d744f4f137adfbb67b2b90c2be643b01b

SHA512
682247d81d3d44057b842800c0d594a5964784f52bc07f963bac3cf7403ff6de078a3f4d2228e1ae0c9443dd308ef13ce853b1d182e95bbee3175847ffdc05cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4d80c6378f947d479fb678b696141b73

SHA1
2da09324c79405e74b09dff47ac0e2e456f73e2c

SHA256
2c776980c46284f5ec34d21650c9e6446a5a9c8f0815b49b8015d7cb7dcd2e75

SHA512
cc3b94321a72deed937b02736c6232d49d7af2cd3d076da1237170a30a32e9c7c6df0b10bec73a5594b86a75ac0fa0cb074dcb68d92ec0b0004748ca3b0e0cd1

Download Submit
\??\pipe\LOCAL\crashpad_5016_ERWMDFSAXNSVGBPY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit