hxxps://steamcommuniqy[.]com/10950328640521882

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommuniqy.com/10950328640521882

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4760	msedge.exe
4760	msedge.exe
1920	msedge.exe
1920	msedge.exe
4852	identity_helper.exe
4852	identity_helper.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1920 msedge.exe
1920 msedge.exe
1920 msedge.exe
1920 msedge.exe
1920 msedge.exe
1920 msedge.exe
1920 msedge.exe
1920 msedge.exe
1920 msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

msedge.exe

pid	process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

Processes:

msedge.exe

pid	process
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1920 wrote to memory of 4920	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4920	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 5088	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4760	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4760	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe
PID 1920 wrote to memory of 4880	1920	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommuniqy.com/10950328640521882
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff836ea46f8,0x7ff836ea4708,0x7ff836ea4718
2⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
2⤵
PID:5252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11867180698684141090,4613819644418330510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
d11aef3b602afb154f33221d5fb09828

SHA1
5856b0637c11476ba1d353766e37b85d619582a0

SHA256
435924c0d29247bbdfaf69f48d972b33c2f7f7d4837c2df56fd5b2f896136961

SHA512
ad9ab5ad9167f68817c9f79021bac588a8154d4abd9b92ad2b3084bb90c29609dd7a1c9094372faafbb62bb2ae7f7c1a188055f91b396813bc75bc7b5a2b49cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
51f7deaf2c38f19e7c30479c827b75a3

SHA1
7160b55baa67f8cb2f8907154104b1beda3da6be

SHA256
1518a35efe0dddfa44ba4c667e4978a11b1f40f628392b3f8234bfac33f84910

SHA512
e68b9498cf4228e35d0854c6c4da884f3e65a6f10e38011a09bbd2864487e08477f175fd5c3eb560d74a57b53c4f1f27765a132e533827f984012c90f36ab4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
96c44df7b97b9f7341f963612f007fde

SHA1
e1921f61f26b8bcc3ed8c4d798f362ec74f4efce

SHA256
37a3595354eb1daf5292d5e736f9e5ee03b832357373f6236cd66658c40dbf80

SHA512
bc5956e4a444735705c83544b9dcf4574ee12d81e0fa415d0e71f8ac2aec8828b9bc3dd7ddc38955a2090d3798883977d88bb60a53016eb7c71681716e80d52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
788B

MD5
d3cfb71abbd6b19e54503d28b618d3ae

SHA1
2768d45eaafea83a05beba0161f86021d071e7c7

SHA256
b4ef519b825589704b5630c1bb22dd86e50d47070a476d7901f8e51f7db0a384

SHA512
0425f5c0ad35df3ab7353e1b584be99728346db7126521e2f4313c98e1ab7e46304e1b2a7ee89da6b6ea4cd181b1afee927124d875344546ce162fef25ec47a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5cdab5ec09409ff6a8a41f656b49b445

SHA1
6e0aaacf6f355d5c9b30f7c0dc23b92d4a604b5c

SHA256
e6e834974f9ef9b70a8e3bdfbab983ba251e362ec27d80de17a7c2323d859c4b

SHA512
e0bce0ea96cea551e4575492d68dccf143da925cedaf9bead2ceb486eac4610169e22eb835381e32b85b9d5377c0134c505d5a0ad2061ddbdb90b5e8eddbfae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f2a4055ede826dd9223909dec640f85d

SHA1
a801b377f551121fc6abad91447bfec758eb7d62

SHA256
6601a99d0eae96d7d4bd27406f823cf0882d80cdf3dc7c02678694342d5f5744

SHA512
344ec9b958a71948fdc534ff2a30a22cde20e61cf177008b29a9f96e779620290b8e535637fa7f38aac43041d44b5f396adce8b12462221375edd6e65a36f4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0de54d27c712579d98e6bee3caa1a9c6

SHA1
7b969e4e610a924174a616ec78e5a9d70bd53f1e

SHA256
1ddf92b60ff4d6bed8fbb660055fc1d3f5cf92505b08c02b9beedc52e4b6e929

SHA512
d1de75297aae6e76c96401c8386fc9678da033d66cda857bd4e7a703c745b3a27ffedf91f7c3f1c570eec2f6c2dfd197fe3a4a6673097144b9125c0fd6f5266f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f4134c6da8293b274cae7d9363061458

SHA1
bb91cb4a18480dbef6b069b36ea9c779a4b10805

SHA256
f1d0617844b4ff8773c70833d3ac113ddc6eae097ee266a1cdebdb4e870c0c69

SHA512
166a882847684272627b11ecb879687ab370cbf11d1fc0f00c8bede9a9b8fbca13b2e1f2f17b3b0ffd335843074a0411d51318952902c4769f0f5c08db78a63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
6789c27fbd73aefce432dfa2d64b5668

SHA1
8822f826973a418b66fe61a2d805b37b28e7dd9f

SHA256
60e4d896cdd3b39620ac7add54bececc13903d6400c5a5cf13525b8097fed49b

SHA512
253140f8c196aec8f62a164451188594a479a9e5e022b177894d0762c40ba0af6d1cc78f833da130787d4da67224e38956b8f94c7da236b7fc287e0f5bc14c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dcd26e4d49bde4f1eb07aa97034a452a

SHA1
2b176d5802094e7a2ad12a393eefc989c433c851

SHA256
ae6930931e543db3811222837435c4517f4cbdea4bbd922c22722ff013865f05

SHA512
ba5e3c4cc43d2f1bbd769c2a4a4af4b912c620a7f3b5908d2879ce64a319ebcece73da39ffc75dc97be6c65cbcd5399d38bfef3ab88375b1e32804e7b3266d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
f8601b60bb76273d1775f082593f46f6

SHA1
0236a24b3cd14121f992e5cd7245de93faf6c502

SHA256
d9d49aef4a2c6619b219a1315b5f9b5524c0302bd52fba928086462d9abef3be

SHA512
510a6fd9bc3c6b37ca5fe6d46c30b78fbaa716b5a715361df147f4cba5db022502a39433b924bd5aafbc8a057158e4cd16007cdc22849a51e85096d1e5b306b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a812.TMP
Filesize
540B

MD5
aad3c29fec37e14f16871798f79e7677

SHA1
211472ca19da345685f2869c626161a02a2adc48

SHA256
73daceb6a3a408fcf325f3d0f1c9c399672dc79ce5c0607b752aa2ba2ddc3587

SHA512
3fd0b5913e1ecb59c012262a92232fcbc184194c64432bf90bb300bd139fdb5b81aa9ae9ef013d474a6864e14e21f4ed65a00d2b81e28cb212a248b7c1efb15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b1a31d48ec18f2cd6df85ab5a3ca78a3

SHA1
416e55b008bd51cbdcd827ba5be6d97da475a6c8

SHA256
e8e730ac1af8b6f5db861a8353a2397d009d7487f9fd91257990439ebf17bb8c

SHA512
101bd885ed7ffd4ff7bd490980a1cc3282bc39501c31d3d7bbc6638db1ddadb4e77b33e50bdb8676677446a6cdd53b27bb2578c2e1c0bee0b43b10e513e29dca

Download Submit
\??\pipe\LOCAL\crashpad_1920_EKDCSZORFBKZOJOJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit