hxxps://steam-cards[.]pro/50dollars

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-cards.pro/50dollars

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4908	msedge.exe
4908	msedge.exe
2944	msedge.exe
2944	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2944 msedge.exe
2944 msedge.exe
2944 msedge.exe
2944 msedge.exe
2944 msedge.exe
2944 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2944 wrote to memory of 3872	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3872	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 884	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 4908	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 4908	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe
PID 2944 wrote to memory of 3976	2944	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-cards.pro/50dollars
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb0fb46f8,0x7ffeb0fb4708,0x7ffeb0fb4718
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
2⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:3836

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10330298959095197335,10487932300337475397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
4652085e5c8f4d95b6067d530450a0a7

SHA1
de3170480a76eb63755e5ffe34d0790379f47223

SHA256
a38347f792963fbe730ead8068ae202891f1c62f36aadb0843c0b18327dd69e5

SHA512
9f0cb13bdfb49896f40c41c669605dca8f68e29e5048c33afe146cddca8e824941d179eae9105b2719096fc1a68c606b4fc85a93c7bcf51bc0b141c233edf9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
c120a80a5d98b75eb2ed78b79d2363fa

SHA1
641e3dc6c0d0254afdd9e9b1d8b8993bfacd5a76

SHA256
d9af226ed133b66cc744fd9b881f362c346766f3f6d5e756f047f7b477abbccc

SHA512
1a6214118ff82e46ec9ea2627436560fd6f96f3d77cdf42594faf757d6e70bd818942eb9aaa880b93356aefd71cf948a0d6d8db9cbfa71d828d00a0cfd3eb95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
986B

MD5
ba60b32963f8b07e2771b227e99c3550

SHA1
c81951d4ca535f7de15d0ac473fbe616ab385f3b

SHA256
6cfc68c0bfa582d352ca29e286fa1c8aa1c2548762d47905497a15e230a0c415

SHA512
fdd066a7cdc719774f1ae21ea7f9da992850a6982f1a09b0608c75f73368c240b0c7f822b3dec5a3bc632bc3e5d95997ae5ec9bb482f9be78c64a5db4d3ba6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db75ef5c724785be2dfa4f9545aac174

SHA1
2fbf2d64bb652c985d70ccd764b7e5f9ae26b210

SHA256
12051f979524a955352eaca4934c8723695f699463c5c382887d1bee5547c93d

SHA512
55cd93070c1321e3af667ccb0fde4ea9d107ceefe5c08ea087d151a5758b8a0969cf163946b81baf673de7d533831996e8ea2070e78ad88072257a5fec3db8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a732c3a7be844f3d9ecb545d25a5a53e

SHA1
823670d8c714d8d90005f45839b5ea3df1dc39d9

SHA256
6c97a53e19691d60e4ebe10ff3a96de653843ade59d7b922b6089512ab1bfe17

SHA512
7c1ee55f76c2d68d7a9f100a0e60825a29479281242c691bb2e59cefd2eed6d6ee44f584288439a8554159fa37b5621918dc279e143cec1e1bddebb63ed414b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f78336fe94ba54bfe7c6bf319805a77c

SHA1
5542fe16dff5e2dbbd61ac0e783b3d6e9bf3240c

SHA256
0f8ed9c386aa20ac1e13d661a2b727a75f40c4cf1955d0800adbc77b25f65e8a

SHA512
85618938e8cc9a946584ce60f2b7494a38021bd2ba3280df624a913bb1d3ba4ef0bf450d170ae4f0e85269c8f499c549e8804d53fcd49b45099c2f9e32d3ba70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec9398721765335477f76298a6b9bc97

SHA1
490e1192b129210869b5e8ddb91b851ea185c406

SHA256
0dc1b95268cb4d677261da0dfa03f3ffd7900ed9913ea5cd5c6ab7c9293ab78f

SHA512
4168c89ec24c20ce8ebd02359ba96560ad489480a96acf318242602672e8b37a4b38222faff52327b4fd4ce4fdf000335e69c430e530316cccc10053b4163d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39a91584e35ec88768d3e976ae9dec87

SHA1
99c6396c5531d66e9b181427a9f6c3dd3b8bdd79

SHA256
87cdc6b702f411ad93eef1f4d9422318735f3decc4e507b5bd109eadaee00d81

SHA512
3f66edb74e0d675937d6cf61127aef5c8d43b851d0ebd1aca24876e0c6da3313d450d34e09ce0e2eead575405ebc0e5caf70b19b402b01cdf0cd6e3b189a996e

Download Submit
\??\pipe\LOCAL\crashpad_2944_KFGDMQDUFBECWIKS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit