hxxps://steanmcomnmnunnity[.]com/104287514036926

Analysis

max time kernel
72s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
17-06-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steanmcomnmnunnity.com/104287514036926

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

4860 msedge.exe
4860 msedge.exe
2432 msedge.exe
2432 msedge.exe
1856 msedge.exe
1856 msedge.exe
5112 identity_helper.exe
5112 identity_helper.exe

pid	process
4860	msedge.exe
4860	msedge.exe
2432	msedge.exe
2432	msedge.exe
1856	msedge.exe
1856	msedge.exe
5112	identity_helper.exe
5112	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2432 wrote to memory of 3948	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3948	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 3584	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4860	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 4860	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe
PID 2432 wrote to memory of 1516	2432	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steanmcomnmnunnity.com/104287514036926
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda4843cb8,0x7ffda4843cc8,0x7ffda4843cd8
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
2⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7401298854244044613,260285945947938060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e55267c0fbda9d8df06b42d3b78760c

SHA1
160676e944f686f75f960c30b0f3ff603467d5fe

SHA256
d03b831f28544786739b84a32aa015a3f760b4e0b26cb5777fe55f4678d6aa8e

SHA512
1a280b569189d3ce02b7fd9a53c0085f8f5a8a1f13c0f00c8aee23dfbd042bac5b2c0d3e64cc5a420dcca9a20bd1bc4c1be262343effda8f109de874cdd63ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
418d6ae7018df9202508b29666d4993f

SHA1
2fd78bb51a43911f6f27be12f93c8ece7a432736

SHA256
4a317030c5028d1506a634eda4cdc84ae69621e596278c935899aadb89be824f

SHA512
e47f9aebf117c0a96776ef48e2f7edce14ff08a63920ed899da695a1b1ec1b5e73f23674e3ac387e396561194d67e505f3417056214318f8c83af879754de0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91b914a7-b912-49a9-870c-13a85b203224.tmp
Filesize
5KB

MD5
5f57ec0bc5ba446b7e3e74677ffe2585

SHA1
9f130fd62380fdfb7fdda8d5c97072925ba36e25

SHA256
7551618e8e64323eb255aff4059e9e6fbf827f3ee8802654cda906447a260c80

SHA512
5c8da2d9263e59d88b6e31fd69a89c83cfd3956659078be9af7da8db228c7f0937bce60c2f00d32974f6ec4db899bb94db6a1c480e5d6b91457168260b07f21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
39b701ca215f207f27e9b80f747bb14a

SHA1
c8fd3a9cc20b16a28830b1e9ba755f33848e65e2

SHA256
ce1c8b737fcfe963ee9abac1602567f8fc62bd3e79aebafe67a223d94871eced

SHA512
f16e54c55282508d9af3c73b991d10273bd899c717940e991bbcbf9cd73ea674e2283b76299b73a4a5400119858695ec96470c7288dc0f58e7d0ce130715544b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
472B

MD5
be83a3b76918b14b0ae59f075c7274b6

SHA1
b17b2a1b425026fa85a30110d0f82020e71c5cfe

SHA256
8ea3d00fca94df0dc56ceda9df76f1945eec8d76466f876a0cf8b0dae9e65136

SHA512
cb80ad1f170c140a11a17983ba532d075f46cc6664df8b5684bce15780dbe5087f32e0056d89fd24dd43ae31f8cfca8facd2e68b02d4b9ff814c5a0fea3cb8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f6dab3fa0252affad56035b127b0382d

SHA1
17b9d872eadf4a12a69c830e5a28db4b9cafb987

SHA256
acfeb7c5c28202d4681724f93067daef748a5109eccb344450204968455ed2cc

SHA512
fa608a03f76356796f254956159702f866d9a91598ac0409d57a180a1b4b2bc41ae487203a9d3486e03f618e99453ed5b035f0767c9e4eb70f15e2f924301af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9c77efdb8911a054a04ae7b662694094

SHA1
fb379bc84019cc02537f1be098caee0232dae308

SHA256
a710a5dfeea1d2fae762e776f6e68776ea1cc687b781080c4707f26066ccd670

SHA512
7004fe63c7101234d8c68abe547030b3651cbcb75a38b03be9735bbdc7878a07c8c27aa62b60a63c76ec1fb76346f90e1a2249c0d904e1522d13971e683a093c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7e51f86c511dcf126a1689c7cfacad89

SHA1
f3f576cf87f5db51c55ac27a06c2e2f9eea6cfa4

SHA256
c1a08abc80fff5fd48dcd73731f12295677803d1f3cfef8609c509cd5946cd9f

SHA512
85e149f72b3a44e7eda0df62099fe4a2f1c8271ff89d8195dc36af571eeb72402cec84a4e909093c71a8454f0767f9e55adc20fb50a72deb7ba771656d3ff8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
a6b7032b73481036ea61cd30e523c833

SHA1
775b0d5ce950434d0fb4bf65747691376db91510

SHA256
97c419f8cde56ee053ae721766d13f0d997f30a16e969ec838c7e0a243f3d8be

SHA512
23f87e252a4182e166f43189a8079cdee6dfa2f06608ffa0e40129d575343021adecb2f7512c074a946a79f4dd0826581582f4630f436c37022be384c5edfa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
4e7ca71b75f6b3d0a5c1be9909369375

SHA1
ded982c2157cadfaf0f4b7902933514c65c5ac5d

SHA256
c4d0075fbae292be3af835e7725f817be52526f6b4a6e0e8f40c1ddadfc1c2e9

SHA512
c97885db359eb33089bd0293dabc8710d609c9a901487b4e42d410d665f3af5e6118e199912bac90bdce621d47b7fd49628ce22b04647cdb32acd52bd92815c6

Download Submit
\??\pipe\LOCAL\crashpad_2432_RSVIVPJHOQTGCPIK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit