hxxps://steamcomnunnitly[.]com/get/activation/feoeer82794hFvrbgea3

Analysis

max time kernel
122s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomnunnitly.com/get/activation/feoeer82794hFvrbgea3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3212 msedge.exe
3212 msedge.exe
1452 msedge.exe
1452 msedge.exe
4796 identity_helper.exe
4796 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1452 msedge.exe
1452 msedge.exe
1452 msedge.exe
1452 msedge.exe
1452 msedge.exe
1452 msedge.exe
1452 msedge.exe

pid	process
3212	msedge.exe
3212	msedge.exe
1452	msedge.exe
1452	msedge.exe
4796	identity_helper.exe
4796	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1452 wrote to memory of 1464	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1464	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 4412	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 3212	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 3212	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe
PID 1452 wrote to memory of 1304	1452	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcomnunnitly.com/get/activation/feoeer82794hFvrbgea3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffa7c1346f8,0x7ffa7c134708,0x7ffa7c134718
2⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,34201090038862323,17444704514096162624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
49adb470f409b6ffbe4fdcc36d4ed2ac

SHA1
282cc52ae083090880d119c8055abe29126d750a

SHA256
2fa017558a57e122b7c230b0d983664eb7538f209767fc86c8173986bf64d690

SHA512
2b71523912c79e27368f73eb96ff43ad58a8e20fa20f6c953f651d542bdaa014122c7828a042017e6dc0f2003c93208fb3f4a679d8c5d6e6eff7ea0003073158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
921B

MD5
2111d39ef383a3748e6af40b72c2f4dc

SHA1
87f7f95fe4214eef4cab444f12a19dc40b9461ba

SHA256
0d2c3be20d475943e1b89cec3b6e50b6e1479959128d13405c1dafa404c67816

SHA512
18f3407898c3c5c662c5d32f2e2e160220a649c3ceb503e17c5af0df72961b02def543c6547e227dcc126d739b3e696760eec6c825f9ec768d6ff0603bf084f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e226bb68de8b9fd7d7e19d2021186dbf

SHA1
a5b800b2263c276a792a6b67e69013a453f444bd

SHA256
8f7fc01808440756afd7ba76d26ba0daebbf48a3adc057d674418cc22f79805b

SHA512
0d1f982b493b58c1a2a1b8e8be5be8bdb32e2f39ce58f21fa8776be4f3b1bb9d6b1a1be8c4052a2e1a596abacbc6ee2a09bae1f98f434a7e94cedef3ada49598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7703b44e90cf64e707d136a674a39c84

SHA1
58e901b3229baab944d8dc34807b6c6668f7c552

SHA256
d18745282a03255faf58abbf9ca4c74e44a733f5d3491d6da5befb4ebe3b96e2

SHA512
81f945d7a9c0130084afdc4f673b5f92ff8fd124bfa81c6acc36c90094858fc3bb0d3282290c23e87aab9a4c36b1c767c7eede19b80fd611910c8fdb8d079bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
441e371f9c5e3c41e72361893b41b215

SHA1
a0bdd8c07b17ce54b8266621464d1a37a40032d3

SHA256
ca8fe06b9c39b3600895fc8040def7b54f8f6db7bfad24bf20be010e466c4483

SHA512
2c2c2107065222a947517ac25e3125dfc063df2e04e7e01c533dcd1b6ed74e2b4b01f1719d56f29d74d838279d3042653abf6675c82c5c58023626e615e73bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a48aaf4094f290a9482987b1dd7ae726

SHA1
209defc29b15295f3d4543f81a59e6d800ef1441

SHA256
907a317f1278db69b43204a1e230b79fac42197e70fecd5a8430cbfc32a48b69

SHA512
bb3094714028c890a7cbb6b5ff8ce74217bf9d4fd7604166f580bc3bb4884d2052ebe22c379c97d682414371fbbb41d2032c338999f305ac0429d3d462f55a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
349abda895745184e5ef1985855be091

SHA1
f0d89a4d6dc36c0adb64604c08486b1b5d56e1d4

SHA256
6398fcfa132d122d0190aacbb1115cac18816b0878a3d667fc9f923b242ff43b

SHA512
69e3fda712f141c09209a5314a648391987edaf7b316219e1602fcfd42531e28068fad46ffd7ecaacf9742ba6b182485dd1b4c83609ef776a6aa0510fc06a649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5f2a6d7eff9ea55aaea2507e74b9b0ec

SHA1
9846520e814c672b1cc6c36632f86c1abb5f8b2d

SHA256
9931184004c54302ec74f39ff8eba1b035a91f538e5ce17d8b7f43216f2869dd

SHA512
295fc398a1168a48c553d426081acdd86d9196b2abdc1741f98cdeceae275529231fd87621384c5968a992fe33fe5b12d6513b0eaf11a995c21a590bf1cf6bb7

Download Submit
\??\pipe\LOCAL\crashpad_1452_YZZZAPIGYIHEABTE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit