hxxps://u[.]to/Cnb8IA

Analysis

max time kernel
80s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-11-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/Cnb8IA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2556 msedge.exe
2556 msedge.exe
1728 msedge.exe
1728 msedge.exe
4676 identity_helper.exe
4676 identity_helper.exe
4196 msedge.exe
4196 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1728 msedge.exe
1728 msedge.exe
1728 msedge.exe
1728 msedge.exe
1728 msedge.exe
1728 msedge.exe
1728 msedge.exe
1728 msedge.exe

pid	process
2556	msedge.exe
2556	msedge.exe
1728	msedge.exe
1728	msedge.exe
4676	identity_helper.exe
4676	identity_helper.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1728 wrote to memory of 2676	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2676	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 4740	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2556	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2556	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe
PID 1728 wrote to memory of 2188	1728	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/Cnb8IA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff924a13cb8,0x7ff924a13cc8,0x7ff924a13cd8
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b882d65b941605bdcdadabc2c413d165

SHA1
baed105487e71880839aeb632751e34c277fb127

SHA256
060296b76029efaea3af2ac5ffed2679cfaa10dd1957baa8b024da4ab94bc1fc

SHA512
1988c8bdf777528e3f231ee55b865e9d2e2ab6ff6c38800ce86d338bf972f82e1dc1671308ab166775822a2f27e18f6a417eb1355fd559dd3e2114895cc55777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
691B

MD5
6f3ef3a300d6ade69ea0bb45b3ff1677

SHA1
f63bc76b63a48e1d4205f408130ff312103abb7b

SHA256
6ee5b9855d188d23c31e42ccdad90054361c7bca14acf2be8a6a66efd2160b1e

SHA512
9904cbf0ae6a532703f4d7e1eb24e370512214b24864eb395fa647f0edbd85737d42f586144682d9fc0d9ff07838a854dab1ef1042e0cb39a14a125cea1451b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0748b527da4ba1c46d044b3e8661b074

SHA1
ba46e68912fa8121408b43575e9f65db9e152dce

SHA256
9104a7e8575e75ae6219997978be9f966a41e17858c2c37fff8f02e8aac067df

SHA512
64ffd92eb84baa2d0f2515c0f8ca9136077a95ac68792218f8601e629b85deaeb08b78f519804ff854e07dbed1a193c1a81854d4b83f9559e6a8f330aa2c7daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47b1b2dec97141f36ada68b998e34d47

SHA1
14b4e07ad96780042dc04833715fc39e6d25d208

SHA256
136064b7fedbb57640ba29b99e28e349946f8e25b681f15ca499c40a433135dd

SHA512
985bdc9c4ee3039af3ebd4d5a272d785a7a3fa5f4a0594fa9dd1d4fc8f8e36a4dd999c4fc05b54db842115729bb77867e63159d74e457eaa09aeb5615c1b5e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a4e7a57e0d5624681a290f7cdb8ea4e

SHA1
5fb71435f33fe95063c8d343c9e1ac96694c017c

SHA256
6712be54b774dc638dc4a21d3beb5087d81f25df07272e811e6390d903f352f7

SHA512
85d39eb3831c79270d4dae11f6d5bc6e1d610ea053677d0d70317dfa8810b7d68c81f56b9f7827a7729c246152c3bd3dbe9f84b01119f296c6ef5f0e5100ab82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dcfc407f3d92dadd09865083c43efe96

SHA1
7b891a4a760b215cd40b1a9f93920372920bd535

SHA256
a78239219e84d98fd9fe8f424f52fe265ecf5a930a51255266e1a161edbb2c9a

SHA512
d4d461defaec817bf3d787bc1c5337e023e726116255938bfae72e284eae5dfe8528c043c07839bc4e7034f42b7845ead489b6d91d85f6803d5e8f5743b6e1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f194.TMP

Filesize
875B

MD5
2450b87470475d992fbb764e32ce424b

SHA1
5337713e36435560cff8fafe8b3b5a3e13a39541

SHA256
4adc0038332c4c573079fd13911582318be6e6ca02b2cef37f8c1fca875dfc97

SHA512
79d1e11b15e1963abddcbaa92510de808eac65636d7b876c07a88ead738bc2dea6f2966446ea027b240a9e30f5046e6ce24ed117d969c9d6f4e6cd03d34c3b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06dbec29962624338871ebb4b2aedf87

SHA1
640a8394ed65f3f55e5e2e110c5fd6135b8009d8

SHA256
0f45f583fa2640cad07278b7edeb1e4a6b95bb0235653f99682d9ce431b48a04

SHA512
083e696e5a096cfa012f5cfb8f9fab346549b9c9569085794a97f0fce92caf5b775157e23b5a4533816dca586238bae00e4e24752fc730c85787e352f663071c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d31202f8efd27c5e804abc16970fcd0

SHA1
787b118f58a69773f46838f4fb86e81091f81b57

SHA256
b4fc34775473de6d8d32e8108d30d45494e1896b042799dfa8cac66b476aca68

SHA512
0a51a633420744adc4a8a0dc737d19f9e0043ed05cb9730b5922ae4dc1d5858e90645c1e0dbee29dce2df1d8aee44f7a3f0d8c2d629d5cfa4997a3cd11c90c27

Download Submit
\??\pipe\LOCAL\crashpad_1728_UYITVTGPQQQZAWNM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit