hxxps://is[.]gd/g2SiUv

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/g2SiUv

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1068	msedge.exe
1068	msedge.exe
2740	msedge.exe
2740	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2740 msedge.exe
2740 msedge.exe
2740 msedge.exe
2740 msedge.exe
2740 msedge.exe
2740 msedge.exe
2740 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2740 wrote to memory of 3884	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 3884	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 4236	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1068	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1068	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe
PID 2740 wrote to memory of 1644	2740	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is.gd/g2SiUv
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd1246f8,0x7ff8dd124708,0x7ff8dd124718
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
2⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
2⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13912682159132611990,15809983924499045178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
e2bbd368889d3b1cc9f72ebdd2292dc1

SHA1
08275e0cb8365c2c2124b01bce41d95c34e76d89

SHA256
9200831d0fdfade6a2bc6d242154261708cc084f66e79c06f5295dfa96f291e7

SHA512
d9eaf0b28a461434944a1d46b243666cafcaa31ab3db95c7d51386d1750f69bde40356445b680b9f1c65b8f8bc61071d998b0f9c84e2e8dca1974b72dd44036b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
99cf01a1edf8b3f46ddf114fbfd31607

SHA1
3311e287fbe06b97a5cb6f41bf33f8a9f06b62ff

SHA256
251ec73c3442877e8adbf0e827a4d8fcb2c49b10141c8924a7f58562cd1098af

SHA512
f964e7b22d96ca5120bed3ff8fd6e0946f7eb3107221282138eb23316c259c5d1c666295634d9e555e4d8f93bc9d3131456bae0a728ef3bad4c442f077713df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7f467524e018b151029cec50b45cbd3

SHA1
8d44642e8f41675601269703725f8129ccdf48a1

SHA256
1c2f889c61f91615f5be8a9841f4af8150c026b7ee4cfc9965740497131ac874

SHA512
352ccd374f474d9a02882bbe0aacba996d785a5a179b623f3fddfcf558d8661711abdaefbd19082f41b192914c2353bbcb86203c8e5ee680c89fb2b56950aa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a6872bcb65641c96af707ceb15fb89f

SHA1
33f73c2c5948d7f7de14a65caea7786b96d5cca4

SHA256
0fc1d12c9bdc3bfab1d4b54b2e1725f393a4096ada369a1641186e7fd74e6675

SHA512
d3982d667ce5474e8a6c52a876fc53f4d18ac09cd8c369e5b5950c887801e55f33ca52b0d4def97b5c3ef88f5fe89fffb10ba8c3c33bf81a98770e53bef9e00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75bc2c97cae9327183b40293699f0288

SHA1
64c62fb7e3e435e2521da2664705a4666773eee7

SHA256
a2077c1624ff07c8c168b65d1f34606228ffd4b1258e6d8e15a391278de272d4

SHA512
328dbd37311e679d58a695596e827c0a0e51017bd03fdac5ab9f106b82d57b997b0f5e31042ae07e2f002c4334ada6443df03d0aa7bf0f83fbfd34e58d2d7bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
33a4e77b2eff6951cbc3b1086c47d632

SHA1
c214cf987ebcc9b896202757917227c8be9805a0

SHA256
4adbf3bb949426d4911864ec8b9621312cd33cd22e8a45b62bf38028f3731217

SHA512
7a88ef5bb9c774168748e2faea1cf8166af9a0f764c22dddf24e4144adf92bc0ca1bb3a91aed1c58cf4367f220a06550cb18ed967c9d4353f58bfbc288d13e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f09a.TMP

Filesize
707B

MD5
529ebc3f74422d99209ac6f72f52b9c6

SHA1
26ce0ce260eae214215b5b6d9c8d226379dd28e5

SHA256
066f84a6f3525b3581612ab9ca5ce9feb859ab57edde130a935b4a5653a5b7a1

SHA512
164bebfcf087f4a764839b3431784556acbe94aff8f07b82246faa3d316db8e084f47c1b20a18dd7f4a8856659b298382e33fd37c9c983d015339e9a0ffe9ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d2cbc7da93741ed8b8c6d3aaf969b513

SHA1
be4114a712cf9a12b9d2825bd86c4ecd9cbc2354

SHA256
f6e09b229767d2d76a57807dd1954d5088e7cdd36f9282590b7ceb4b9924aa42

SHA512
9c1ac1cd34c651e9062f05b2e53a192e240a6c7f7ef268220569738b22efbc00fecbbef4773190ff516da48e0a7a6497c6f5e1a7c0cbe802b48e7fb19b315c47

Download Submit
\??\pipe\LOCAL\crashpad_2740_FRBPEOKSVKHSKAHX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit