hxxps://cutt[.]ly/2ePkg3ue

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-10-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/2ePkg3ue

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1836	msedge.exe
1836	msedge.exe
4696	msedge.exe
4696	msedge.exe
3068	identity_helper.exe
3068	identity_helper.exe
5084	msedge.exe
5084	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4696 msedge.exe
4696 msedge.exe
4696 msedge.exe
4696 msedge.exe
4696 msedge.exe
4696 msedge.exe
4696 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4696 wrote to memory of 4908	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 4908	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 332	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 1836	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 1836	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe
PID 4696 wrote to memory of 3340	4696	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cutt.ly/2ePkg3ue
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f42c3cb8,0x7ff8f42c3cc8,0x7ff8f42c3cd8
2⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,16044245676702364752,5528735815500270995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5192 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b5f6d7837568becc8bb23a432bcd315f

SHA1
9c0b217d635fe41a4dffe912ef8294c9b895afe3

SHA256
196eb63b6aba29f1c0e534b7ad6562ce7bd0a44a3277052c03c45593dd0e4578

SHA512
88360edefc2128be07ef0e979d642fe41d652789b72dff9e29c35dd12122f3caa8705dfbe5ed110618ae2719b4662a938c1f40d6a8cffd504351d482251c3c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
759B

MD5
dd54db7e65f9acd9609381d23763a343

SHA1
2cf695e66cee187e2dbda2d12852f0126c8118a7

SHA256
e5e9b9ea4b3c448e04ed1fa27730ce72d93d05cb057f372e118c83923208f936

SHA512
56c0ba90b5b48245ebfad1dc1ccdce6a59e55df7039059b62e2c80c0503f92ff04c2f88b169abaf82a2064fae71684aa6197f78c4aa8e2d02ca8753b8cef4804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17b2da66f0fab07666a7ab92d848c0af

SHA1
c7b6fb7673a8196f29ed76920351505c986efc28

SHA256
1b676df0e5e381df6e96dd4fd352f4aac1ddfb6f6ab8cf85ff102a7bfd36d246

SHA512
c7b02e5157ab1510ddfc4a4e85af05fae8d818154a39a40692657606d88c06a862ed97a4be21e3781d1bc3ff2e4c2be060b9357dc46c192e3fa9097fc4f6f7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93ef4d3494bc7b3c07e1026995744819

SHA1
748a539628da787bcf73b5a7c7322663379c187c

SHA256
e0d9da0741de2bb02a8371f7eee3daf7dcc06cbe6f08ee7cba6e30d0b2e066cf

SHA512
3d56e4920221312d0506b6b2ada8b95b5fa25cdd514312734e9ee2cef3334b28632211280adecbbf751dc082871d4a58b6c0ee2ab20b69c0c922ddc192df6315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
193ec15d6d593db159c35578179281be

SHA1
53a1aec1b0c41176635ff80ab79f21500e497d02

SHA256
158e32a6f842090bcdec70085adda9766c203374d1fb37c5a5aa8eeba1517695

SHA512
955690cfb632a88789e8d85e3aebdbde70890d373636c7b6803424cdfc9e8fc8352c2be8d5db312f618a6a10981da54bb145590d71820615e987d4bd75356bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
949e14d5b1dfa99ae9fe3552087ab0b5

SHA1
032fc9424ce6059205432b37a5e6f01570b560fb

SHA256
c2138e844a1564bd5f9c5493c5f14916c01b5a13664cba29a083f2dccd11da32

SHA512
366655faac566640d386f4b9dca74e39d5ebd9c02e11440dc86ae78347a7bfac62786ff907f91e558c3dc07316ad386ea73df0ccdc81bb0fae2116875c4a8d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f915.TMP

Filesize
707B

MD5
1523a9b073a2bb1c8dceda24454ec9d3

SHA1
e77feb6ce82d83c043175a32de1a9eeac1cc9860

SHA256
5707569e4bf5733e175fe498141978df6d0ad665a5716032bcb97458a43fc845

SHA512
ee1e4c5c8a2e605a7571d61c64896bdb1f31fa4fe39681c5eda5c88a48da7d28b11780e9c83b116900576f348157941e0505f3f2e9164020344ca528931626ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
849e447fd960a52fa3adf4f56772e02d

SHA1
ae3f9ec3d71a9329d86f630c085d53303d01c9b0

SHA256
da1810de60894ed46906a96fa5b791208995b354eb3776e57aa83d1d8adf19e1

SHA512
63f9a063d4a4e552d3ebc0092bc50ee02a0e645ef82b602af7eb780dcaf6b6231d8bce89ab0019737cefb96939e96137e7730b265a9806ff3a04aacf9dfbdeb1

Download Submit
\??\pipe\LOCAL\crashpad_4696_UYFJLDVGUUWPUYJT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit