hxxps://stecmcommuaity[.]com/109534090642

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-02-2024 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stecmcommuaity.com/109534090642

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3880	msedge.exe
3880	msedge.exe
3016	msedge.exe
3016	msedge.exe
4532	identity_helper.exe
4532	identity_helper.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe
3016 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3016 wrote to memory of 3252	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 3252	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2200	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 3880	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 3880	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 2668	3016	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stecmcommuaity.com/109534090642
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffd0fa646f8,0x7ffd0fa64708,0x7ffd0fa64718
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
2⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
2⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
2⤵
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
2⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
2⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6469456862797211753,10293323651808024101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
e1dd32a367c6b8ad60933a58340b2261

SHA1
48ed576aa5c6c5491a28c4c5bb844f2cad495a91

SHA256
65791d84b22e0075f718bb5aa1c5be5edbe8548d6653b5da7a31d2b71708afd2

SHA512
1ea72b60a707ac07bc795aca11332e6d4a518d340a045c2f4f01a4bed1e5bdf12bec5f4a197dc39d3c174888ece6529de49961e9e112879307acea72bdcadb27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
fcf0ea46fa93746dc575eb0db100094d

SHA1
fbe2beefdaae1c266fc31cf56b361b13c3c109ca

SHA256
7d612ee764db4168d063b76c28b2b0f19fe5863e8d865784fc4b8ab8d676f7da

SHA512
4564f482820aba057c3eace72794eb18e01461ff355b90307ad81ce5c31043730c584ea1b4c88f38fab9156e274984ed8b8e7eea322828a5031de145d272c82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91dfbf57-73bd-41ec-be5d-38b130bba1f2.tmp

Filesize
5KB

MD5
812e48678c19b516cd0d14ed415f0d28

SHA1
ed90688d8058bac2b7dd2a8f7cc5ff7df077f837

SHA256
14255035791a21a21974febd46f1c3d8e1934e781c7a39b240e53518d2f595f5

SHA512
63e441f49a702cb25a2960d30be7aab534f2b56e856291fece515e580122d1e87da5254cf4ac37e45c3107c5a3c2cf2ed8962d859cc0fec6e13aaa41b6b34130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
1494a2d666554616579c2cdccb8aa6dc

SHA1
13de5680e3ddba8c9f5a6b9adde1442a12222fad

SHA256
446100c5912305a5eb97c6808be225dd63f9969c226c8ee68246f2b49f548da4

SHA512
a33c88f7d024a9bac37e28a01dd7095362f3c470de6fbf20db886e56fa15fa39879b5d9b8bf88d22ac2bc52bfab99c8ca596e2409583c8d61b85ac1cc54cdd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
aa2139ebc05a7371a12653b426be7a87

SHA1
e770516a29689ca41430c9deaa347c75b16ce8e1

SHA256
c7d9e03ef0f01fa1056213a8a6c650d9c673abac881b56f9c8b94f7144ba0115

SHA512
fb6b6e0e0b98595c218fe60e743de94a960608a52ccf9a573910cc2b44d3049ff9929aee6179e0eedca011cfba15d9b8a6ac0c20e9d51de384380fbc411af044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
aa96fd4b6ecd54d09a9269dc97229091

SHA1
4c60f3987af89b453a1cfe5fbd751a4eef5d8258

SHA256
1cdf8196c4c460bb0a820703e351cf5a6b8a648c1034c7cebcfd6978dcf7b52e

SHA512
73b210f742337b6101c6480e094866bef281201e2ec757e3f0b5f99b9fcf54e4ca862242ef3bbc9d6d34865777c9d43261593745b6b7ad236124fbb480d04471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
2e500f7c804f105d9a80938c1f8cafaf

SHA1
f7d79cce6e1d07c7819778602dfffabcaef0d577

SHA256
0bc5adcc0e89b196709202aef60ecd293f02c81b64c7f9513442544b84079a6b

SHA512
e37ef16d120e5bf1871db9b8d75e0a86ba1f1d4b4678b17156cd8298c52998958bf32ca1a63e439092a9d086e91cfcff5b98c65f3c856c73657652f550785dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
280c0ffe8df2eb4893cead06bb23fcc4

SHA1
968cfd21977658695c1143c6f0e11392978ae1df

SHA256
b1e43b0dc38ab92eebb161cbe3b839df6c8b4278d6783ff86067ae617e16abf1

SHA512
e1ad7cdc85fcc923f0115ccc856ac3ac5181897aa1dc20ffad6400a323eae342b16d135ad59161d2720e75391b8ac567459b38559b83ea19dc8043f32bf92049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
838553a09242e46f2c0b8d5d53c662a6

SHA1
93cac66b0526ff5e513af9af198457cc7c509dfb

SHA256
27d804b09d25b77890e83126b7d0e7825a41ceaf27a12a11f212fb67ef67350d

SHA512
527879673ef3c0b4ffc05959df9c0d3b4c2eb6a75a18967c51dc126e4cf88d577d2dd15fc703202239485fdf191506fcf996473b17b78e3ae53ea3642125ff0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6686c95ba089342a09751b9bbbf6f646

SHA1
39cb90fe8a4dc43216ea81a7319568609b8c0f5f

SHA256
05691ef9923fffaa15141213d3cb9cd9428ce1fee9812fd0752add9ffecd7686

SHA512
16879cc6c6e7d086447f18cdb3115536bce7ddf3d990632120e0c736b61d8168638c940ddf40a58758fc3eaaadd00d2e185f9cfc2a9da8d68f7461f588ed77f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf1ce80ea61fcac317b6fb34d329a01e

SHA1
7b6538a19e171adf38d008d0b30fece6be60b0e2

SHA256
9162110c23d21954571165a3ed8a7558f8fcd5bba7e604ddc5050c585c64d7ab

SHA512
d47a68eeaa778acccfe70775eb5c055fd2565613185a178314f353a7b15aa37f1f5bd48b2959a063eaaabadd0b0b8503a29f661d2072d7eb5cb6cf87512a0375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48b6b45fb34af696025cc9bfd951c537

SHA1
2ebfe1eaab379565f4c86de0dc39bcd056345fa5

SHA256
45e4cee358693295df81dceaa45764e349313e31cbbec6a4af276df4702fd9f7

SHA512
1b905bae9c35ba680b80e4844197cd94976f5668e0fe370cefdfa8c417ecf73462614bc19cd9087042540f98edae8eb12e1b2a20a97937716553aa95d0bd6f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74fb306797a42c527dedd29f1c1362b9

SHA1
1f0f98f662be794a8bd94b5ca303f3ebb922fa2b

SHA256
97ea9bbe22cd1ff7f3dd12fd5e2ba2c8a3d44765fe079c0779c7fedcf65feb48

SHA512
a2e2934b77f70c67cadd14300d315a8e810e9349f1183893e715878a5a171bc468925a4a50a29da840818f640ea19c156723a2a57d0192f89df9afdffea62e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
27ad5b8749ac52196184229616833975

SHA1
2565ec4957b52d4e8ea38026369d18b98994d502

SHA256
6e9a7f196af1a594906fb875c80a3204ab542c3c3d7cae1128a57ab153c50dcb

SHA512
4abe613d83ec239f7ee887efc198701c1bc32d0c42821a2aeb24b1c0a2a6cd07135d1eb3de9b771af7ca99813089f6fbe849e040c95d973a486b8c6ebf8e244d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
b459ad654e9e9cdff8bb7cc388ca0b2b

SHA1
16660d9160052da873c9edfbd8453a5c55422928

SHA256
b69e73fabc670e48ba996a03fcb84fd7f4da2d94e31c1c46a2b523c2b93089ff

SHA512
0eb06aae1777ac58c601aa83a32ab437cabfc56549d324c7861f62af61e1c4725b189d722c175406f31ced7cb1fc6e218f863883ecfd52f1449fb45dec0969f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
c726a7159812480b4eee0543a343f81c

SHA1
a0108b57a45c7e214c2d44d0fe20fee83c7576f5

SHA256
2d171658700adc2a19d39d789031d1b59151733c1e50aff7242b208c786a9d11

SHA512
b33c9aa553e08f24e643b2fece31623578ae38faebf81f78eb48dada9777986970e6a626d855b47a54c8c82a7260a3a25731d3bd500ee8cf85807bbdc35b1bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
c47acfc939896ce26dd6e16b47d20079

SHA1
e1e5fdfa08b3a70420e113a188511fb94e0d2cbb

SHA256
c31d9e10b5cf165b9725786e531210c362fc171ad621fdcf6c9c332b48f42781

SHA512
a25290d549f855c080e7a19f98af3289c8d4c65e941aa29fb741f45dab666ca9f40eb7d7affbdd3d7e6db2316cf909f57ef267221c5ae8089b33525302e4fe7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e724.TMP

Filesize
372B

MD5
b953c036e2b6276c0bae86df3b8d9ede

SHA1
cee879d0e5ef4cb98cf533ecc8be9c2c5486601b

SHA256
ad822d572a2a4fad868a67adb62eda4acf10e4675db29d8aa150b802bbaebee9

SHA512
0a508d58fa08a1eb7fc53e45c381540ab35038e482182311f6e5083666f5c9c8462c796fd018e94c939a0cee2bee0df793b60bc9338f634aa28f8db25a159f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d5cf7083f6e0bcf0f444308de7a7bb33

SHA1
b4ee6014e31ca8d193c9d7fbe125e62dafdd7442

SHA256
9b8c3ca431aaba65d3acbdbdf2caa5b0eeb4d4d4e4e8e44d4d0d53ed1ee1d8f3

SHA512
8da74747482d2e6200053a2717f80fdbcdbb9bc6048c57c67f342c24c305cead9b094fca0335ffbdb8cbb89b98f2098acc134d9aff16cb4cd13446077ff29f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4bb9db613f1fbd3d560d76ccc1863a09

SHA1
aea67024beacf48ce04ebabfab6fe4a2591998bf

SHA256
a72d82034a28552a441b899aee6311a8952d7f3accbbb1e498128252254b9b48

SHA512
5e8c703818ed5841d76d162d9bba34944deb0d4f429f702847d6f3428764b9a08816ff0116723971700d399f434a8335510dd51798bae72ff7022d91cf206d35

Download Submit
\??\pipe\LOCAL\crashpad_3016_IYPRRWCKJSXNDMGO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit