hxxps://steamproxy[.]cc/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamproxy.cc/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4816	msedge.exe
4816	msedge.exe
1896	msedge.exe
1896	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1896 wrote to memory of 2844	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2844	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3296	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 4816	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 4816	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 228	1896	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d0f46f8,0x7fff0d0f4708,0x7fff0d0f4718
1⤵
PID:2844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamproxy.cc/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:820

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12581826840485565867,14226337350081276519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2936

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
7162d5393376b9fb8dffb225155312a9

SHA1
6b94c1d3d7d34277b907e1c7eda4d8dd4daf6124

SHA256
e0728cb1b3a51b0ad5e135eaf01205a3b945518cd191b16e420ef640fdd4d558

SHA512
803538bccebfbcc5ee514fc00eccdec1feae7da4b8d7778aa5166e78071370f522658e32d62ebb2cff52843c042481593244240799d81e58f60644992f570bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
571B

MD5
79a7cf03da375e31dca327d7cc7f172f

SHA1
048635c78d8e096ac832812874991776607a6cb9

SHA256
3fa9f5b0ee758d4c17d03736955a1811560eecd334632edc6d615eb6d4b3e6fb

SHA512
916918ae2269e745ebcdb42a947236669790aab9d8db3c7071b0b27b4eaff1f60dba8162c3c7a640680465fe63aaf33caf8853fc4c96eee1b554cd6a5d69011b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a664a728296fd13332609b6f95c4b422

SHA1
9fd5e33d81adee15423fb379e0d501955cbb0672

SHA256
2d50388d6266c61721f860a7e52e6b436a66544dacf6243bf0d78b3de82f2f25

SHA512
075b150a5707332035d95036977f508d6de04c6a1ef11024150a63763ce73cdf3b4c236d1b0c1ca1cd4cabb7d961b79eef4de853e1235830f7dfaf9f5df33aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9ca13a6d4b302eb7c04f6723eca46307

SHA1
e2135f15c64635c20c7816607759ab2a4939538e

SHA256
96b477851e67d1d83f790a3480d6187c28385fec2b8f732895bb66edb2b3120e

SHA512
99ca96c7738381e260c66617c30d438b26fafab740270b3bcf12a3ba22b3bfbda53eb258625f034f9928d3d0fa319210f4d81db2571e0af5ffe37fc82563f28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
eb16ba6b1a9dffdb5af7408382999353

SHA1
c1a588322fba07f75998c89ecb7a483b6d14ca96

SHA256
9e5a6dbe5cc81d5efb85b7484022485041ee9703d60f7b1b8a087016605bb52f

SHA512
a72ffb216821265e1c596753f021f64f60e69492540a017dae2f3f9277c93b2e08b543800f61e2ab103638836b75c5e2c04af5906493001f288ec31d93aaa4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
edfefa0bf4f72c3f15fd17045c29e23b

SHA1
4f1128084a88ea2619b48897a1021b88ecae3618

SHA256
5b01683b1a9f6fa78b344e49e04e2277ac504552e7aa1238ec07768f58dd4b39

SHA512
cabb452472e37c07cd00f4e8d0c1eb5b6ff73d4d5e2d0401a37d054002b1703e68dbbb01c33e5161bb0c0dd413acc89c5e721042e64754f705dcd52a227aa1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5787ed.TMP
Filesize
203B

MD5
e1a15cebc3ff9a59de1fe6395157fbf9

SHA1
acb065aeff8bb74a9440a9c166a32ea92371464a

SHA256
c8f367b777c6ef2d2e769bbe55f216bafdc9d4431fe51ceca0006e586306ee74

SHA512
feab36a564d5372d9be00d6e93e5281b99b1633e38bf24d5e0efda8b43fb60ba2d6a47650cc3c8898927e932830434bdfc5463f85a01a9ab9202065605fb8e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
82c36864c1144342524614df8e3e45d5

SHA1
535b30db3f383db3972334d53e4a271610362124

SHA256
5592b75d56cd85a8fcb84e9ac22447c682a8648d37316ab10344b40f53bd3838

SHA512
ab1076ad343fdd394f9382837265d8e61ababcbff911f63917ab48e85eac229a6f867a23483bf495c2e367ef5135af12d730a41368867e35ba2edf50ad54c6c3

Download Submit
\??\pipe\LOCAL\crashpad_1896_IFACGTFDVFNRUQBB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit