hxxps://steamcommunitn[.]com/109540994170252

Analysis

max time kernel
112s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunitn.com/109540994170252

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4676	msedge.exe
4676	msedge.exe
3332	msedge.exe
3332	msedge.exe
1924	identity_helper.exe
1924	identity_helper.exe
1732	msedge.exe
1732	msedge.exe
388	msedge.exe
388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

msedge.exe

pid	process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3332 wrote to memory of 1352	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 1352	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2964	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 4676	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 4676	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 2720	3332	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunitn.com/109540994170252
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb32c46f8,0x7fffb32c4708,0x7fffb32c4718
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
2⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1844 /prefetch:8
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
2⤵
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6092 /prefetch:8
2⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3088 /prefetch:8
2⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
2⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4901279288477898972,15463298863229550940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
2⤵
PID:4436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\15971046-2c2b-4178-a4c3-54fc407c9ed6.tmp
Filesize
11KB

MD5
0b805c10d9378ff97f6d156ec34faf42

SHA1
fa9f66872f251902bbd557fb9ce07efde2223337

SHA256
b7cffd1110abb7718889ff1cc31936e8a2e64af9e9e0f47cbf09ad311638ec53

SHA512
825d941166cc39ea95d010ae3e22ccb57413a305c332aebc6c43c439247e777de39717a08e469f6d0867e99ebb016be9a83f46002887d46d41babafb363f662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\391dd15b-f179-4faa-9be4-289207ab7d26.tmp
Filesize
12KB

MD5
a61f3681c07bea04b20ce0193dbd41c1

SHA1
672fcd641acb4752dc36978b9d9e3df55f283355

SHA256
96a41b43497b6af4a9a8ea861e19e0ba716be8176d5fa2d8b676e2b9219cc9c4

SHA512
f0736c0145cd39a84f7c4826271a12691b328463498bec6f2110107ea1cac1df82addcd9a8d0c8abdd1b620050743af5bb6049e4da4ffb4db06a928fd36edc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7cc180ff-d543-4d68-a66c-53dde8d9c191.tmp
Filesize
6KB

MD5
b91ec4189f6036da74f9b1228b95196a

SHA1
5a30d2f260d656ba4fb54642691302f4190143ef

SHA256
18da5f932cc1d9630c132cd88e26dcc938081b686472c3e2761561c5e09995ee

SHA512
da253017c16e3a651d4021d39c9dc0f8fe39410a79f24b6d1e67cf1a49697cabf500d5d059defdfe46e7f87a85113511ad7941376e9d8d8beba0fa67e524ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
833e8b36c46c51139481e07dee49b59b

SHA1
97fc64a757da8bc2e3ca8afebde0940fdb4a4b4e

SHA256
8e8c781b2119baf471c8682f2bea82d2a17a1e76c5c545dbb17b7b32679d0ffe

SHA512
4fa5bd9a22e6ef1b04e6f1bbd6955f0255a3a6a691c21be33e2028ae995f94bad721330eaf0cf2686d21e32f6185fbddc0197cf96cb3e724e9c4022e79f56047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
e5d2625264dc5f13d6cfc564300fbd28

SHA1
b646f0e068915709df0b27122784a02e70d297ec

SHA256
bb4f70f8862667fdf16d0b9d5b02d654b96d8051e99094a1cdb127d05515ee59

SHA512
4f79c2219170ee961ba9f4c69ca2684eb6d0ed321bdf2724e0a41a7ba0cd38ccb97de8e3c21c09aebb07e14dbb9abb728b3aa3363627859616c7935237dd511f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
0ad96e7a0fded5f46db13d2a5ca8f131

SHA1
b2a14d042482eb121a623a19c6dd3734938bd55f

SHA256
ecf79a318504126512061fb293809cb35677e0fb2ca2de59c4d375a04e2ad1d4

SHA512
25e042ef6b3a8ddcb1169cb20b91ece6771fa3370e3ca11e6ebfe7c9ce6f0f671f9a74483583a8acb2c34ec9c1078521873acca5e1f0f9e8b64cc101f1c8e4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
787B

MD5
0012ae703d8670127d5f52e1f36862cd

SHA1
445b44a36b119c6c355bcea0a1430c297efd5ef5

SHA256
38df064c3ba54d1bf36af9297df67c0464a77f283e8f57765cf59aa3578cc827

SHA512
03e7e0aa4db374726b9230c324e8c81b72dd57954129518312be4ab284fc362c7cb4d6ffd5a57a43bb317d3b4bcf014b70cafeba5beef67a6afcb91da735f032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c715afaf5146e43a3942d01dcdd8d8cf

SHA1
add24d0d4572ac4b48219998d492eaab12a35241

SHA256
dc2655d4fe6b25711c303b30ddae7db1af6f6733a81360a01407c3ccf4be5eb2

SHA512
dd18d6bc1c1f73d3a5bc9cfd8216b87db36bc0eb062e32c2eaac3d01eb507d6d812cbc9c30a088221b2f410b5afd95873479f79007aaae5297d7782df4379b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4417c81a93a9581ada2e578ee21c0fb5

SHA1
52ed9cb564302c0b3019a292acdd95e2e04e9ef2

SHA256
ecd8beb699a90ee07a9f9b26a7619985498300e0a73654a7b6f57fad298a5198

SHA512
715295f5d57f1190bd20647a139a2d1d8ce1e1367086b64ed4cc55a441d992bc7e5b010f23f9514d481a737519330d7e97bd714a7fd1bba57e51a8c2c1ce7124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
98ce5106a3017d518a210c3bb9f4f54d

SHA1
609b5bf9c7169a00b442cfdcb4633ba37d46fc47

SHA256
ad63286965fb14193e31bde6d025a7188948c4a175995b077c748665750624be

SHA512
e0ae926afab5bb49071e3daa2f2ab9f62283de5408882ce3e1af5e6d8ebf10985d56265d549fe9d35db583ec345522a0d7c0d5e99a5d107a06f6e9f0caecc779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
cc5c0b1585d324e57d059f1c7981b0a3

SHA1
16f7f34f8f4feb67f3be11361f0a064249f5cd1f

SHA256
6c3d9c94a4c6e0ac347cb01cfbd38fdbbfb41ea17e3172186f35df54f899212a

SHA512
aab40b058b4003e6ea5bcc29480dce42029503728000893f338f1cfb0da6842bbf2b27cd56c5462380ce6a2648d0ffe0db2e1226b0c4110e4fd419938d8bcbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f20c.TMP
Filesize
540B

MD5
1984cb80e8f5361e346469d9e9d8c068

SHA1
6d3c647282e23150d0fc42c3b706653cbce09355

SHA256
917a04ff1395d75da7e7b3e520ecc864959273f1d7064fef1a4a2bcb66a8a7b2

SHA512
194ca0a0bc57e2adf23e51c64199c04353ba3029ab14b431c525770850dc600fa080fb03e43d3744f354512d50ccc1d161a37f1bd79bb4746f75d6e4db3c7be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 570273.crdownload
Filesize
28KB

MD5
0405a3d46576786b5d6994ab6478cb62

SHA1
6c97eaab92b82527606f265c5c22bd55963bb61f

SHA256
14b9e03dfcbf946d91253b6b14d7ef07fd1bc1ffce37a96a119533dcf9fb43c7

SHA512
cf673246f9f64a1b95e9775bd5cf0bf5cd17972c663a43855ab93c56d6ecdb7dcf655f15e115ad049c1fc3e48b69dc559999592df647edf60ff1270d3125addf

Download Submit
\??\pipe\LOCAL\crashpad_3332_THDBJIJGDATIMEPE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit