hxxp://bing[.]com

Analysis

max time kernel
89s
max time network
87s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-10-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bing.com

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

3948 msedge.exe
3948 msedge.exe
4160 msedge.exe
4160 msedge.exe
1116 identity_helper.exe
1116 identity_helper.exe
1064 msedge.exe
1064 msedge.exe

pid	process
3948	msedge.exe
3948	msedge.exe
4160	msedge.exe
4160	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe
1064	msedge.exe
1064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	process
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4160 wrote to memory of 2808	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 2808	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3928	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3948	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 3948	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe
PID 4160 wrote to memory of 4412	4160	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff977b3cb8,0x7fff977b3cc8,0x7fff977b3cd8
2⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1796 /prefetch:2
2⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
2⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
2⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
2⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,12080512273570788279,10122730502169838524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f57e1cbbfee4c12e9748c79ed04c9dd3

SHA1
7106a8520332eedf4f1e9597a2fb28b816bf6b2f

SHA256
b4e4090c85f24ac51238b3c92cd372bb5aa22f53a36e33fe927d3d3a03db4631

SHA512
228432cea9afb939a158f6637ed5fd99201bc3711212687690a39792fc19d86d654908e0faa1dd3c2fe8ea5a7347089ce34696118eb00f67c46faa89412ea042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
47c08d703ceb317a41d75f0e4f5790f2

SHA1
0863b352b4b1be0597a1716ab6278bba76b98c6a

SHA256
72671cebad48c440570c9fef9709e5a5a2c65022069a328c39958313225b5836

SHA512
61095d0ca2574607aa49955a50eda44d1daef93471fbd1615b32e54783a6c9b28274aae96eb05a0a73149764580304e01178f70f6c85d3891868e2f90062d662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
921B

MD5
b9ec98d8727a285821e358525d7381e2

SHA1
16dd39e000a4023b7cb4509c4de214b369b2b411

SHA256
b511a3a35c5c562668ca956f336f356233644105732d516c0d21bc7095943b3e

SHA512
5bd40199ba818237dba232cade76da46e288f7a7b7745011c9e9661dc04f8a1fa9d74a7cccd06084e3de226208e960ea88ef0ccabb3e694bf11077ccce7345bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b684945c47a5d9ea5683a3e24aeb3143

SHA1
16e39d2eb831323ecdd2ec581eebf7215c40ca7a

SHA256
47547c9d2494d9d2100c5235db1556a9f23963cf41bdad73f0150dce779f9fef

SHA512
d13b72a149b89ed6d0fa438bbd16b6a95e54e5fd4104a4be44f3075993ecc7f465dc18b37f7b6ecbb4e77e5cda10194d15ea2e25ef747a5419e28227dcc41c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e549cfc26eeeb7566aeb5bc5ab60d0a1

SHA1
476a859b7217a6c7f5f2dab2e033f84e8caee19d

SHA256
c9f30698fe50fd037c11f4c596f969f4b46ad40c1e478c53acb1f8fdccadaabc

SHA512
68c73012731d010ab14d645aebb73c3800de6c720ae1a1caee253dda3e4113bad3320ba31a3adfc957e5a2710f23f449db7121735865da453a1118676ca81f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30b2e4e5bedc4daadd9b6c0f92e24967

SHA1
fc0b2896b229752b9907f003749dd82f5e976c51

SHA256
a46d52ccc2b0b346fbb676f36cc53dd29e700a29a13d7989620920d772e47177

SHA512
69c267cdd580b4f070ebce57a06afda83a71cfbd5807638ea6672b10dc8628fb4273b91f72dfb372ac686555a278be63f943e4a94aacff45e52cbf028d3ee6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fabdd7614f791afa9d9b72929bc604f4

SHA1
48c395dd8340d521758256278a0ee3f79602361a

SHA256
f871090c0c1cb19ddcaad67ce332ff68230d86a872b8893b3740f500043dfade

SHA512
9442780da7ab48e6fd3ff9cbc6f48d5d73a10bbfe9df74e16c4f4a52e23482e2372884d3993048b9ea23744faad30fcce3b7024eb6ea8e262e51e7e10e88a618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a59ef4117b1ea8d3852ab0404eee0e3d

SHA1
54e81212f65de0e13c652a6e555658020ee3d223

SHA256
a8734ab8dd9862a1aa9a8ccc4f8ef0f53515310a3e7f1a9829a87d22cfe1ae56

SHA512
e43666c819cab329e394257faf1db8c936e652fdc1e6c849a44efa28c1f50d8c6d5effbc6c4b2d6b09d2a624ef4884cffd3d169ed65cd8ee1a77ee5cde411ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b2e9e24baf34f841a0fdde463aa7832

SHA1
ce5173b766cfcf8a0402a804d0596728c99a394f

SHA256
baed3507186c4e04ed0e61300bf7abc1ac43d68b5e133b7f2b749c2f2458bcfe

SHA512
57d7bde4ab0562efa72ddfe6d18b4b305c028954d7fa2133a84e96a3f3e835fc92b4887f050e1239541b12c87561034a1ab0bf7b017afb500826ba5986d48a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8478f45fb264c901113d0503008b5985

SHA1
205602199845f069717e6e55d0558b39b8b3623e

SHA256
6bd95138f1a9fd5b288bda433a3dcd898e557b28a26bcefb10f44dca2788e85c

SHA512
734e7364acf577605bcf3525b24c591eed43f23418fd7732b73cf683edf229612beb0358876951833c266b37597fe2c55b2d59fe6d85c2357b6b12cfcb878e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca1c03200a1fc01b6a911d6fd502022e

SHA1
2b402f06b829d9c851bafc404bd9fe96795a3f38

SHA256
1481a7c3b069ffba42a7caf87ce745c69d65d7ebb032ddf7fc76ee7b4e3e8741

SHA512
afb233278ad0345cb95a18db70373c48ee3c00aff4a37b9a89077a932a9dfcbb5fa14bc5b7c63270a44fb901f715a46ec9402c35dbee710c8e6b0c6693ca1cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
2284ad8df1bfed14049fd525b882b146

SHA1
6cbd75877b52973cbc06aa65dcee9f701070a7c7

SHA256
6e30b47525cf39570b402360f683604e9f7a902a05c4eb7247fda26d5c2a753a

SHA512
1dbea1ad871ed356a6274cf763206b455414f0d4bbae891e6aeaba4fc32b20c5a1204b863e0d7acf2280aa51e9a64bea8d09141ca8ec140ac29c462215b8e1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d95.TMP

Filesize
871B

MD5
818edf940c8e4ca7bcaa44c4074f3e05

SHA1
a7e7395ef937341966944f4ebba1cac583d94661

SHA256
ace82281049b33af4878ec291ba1fbd2fe4bb29f3ba31e9af4588904823e3508

SHA512
f992819d4b7a62a75ae0254733f97b60d451e0a43eaa806ff0c75ee3d8b6a60bdc5f268adeec7a790f0ca0dba1d4ca4869fe2963d6e73317e51fa7a2ae45eaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b0279c6253763ea097061a863426916c

SHA1
fc813711348193c82d3b8cd3e073f9b173e979f0

SHA256
fa84c4bfb50b24610dfc359bfe99a8aea1b866cce869006fecf03d93e82cb286

SHA512
e43792c3855fb339fd9be26e2c9123328230a808bfe5436251650c0e88fdebae3d95d72548d2facd2e8484fc86e54037c44d1e2ea1d0490b505b25e167bdc14c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
46d7cc57dbdfa6a2c84a57d01da16166

SHA1
fec55a8a9fdab3486cb58f8d0b4229c91d98b06a

SHA256
d59f995dabedf6a29fb26f03148f3b5101a0d075a4621f0e10f5ba41b8d7a0fd

SHA512
60027b1812c1c9c43a0ba2c12c501acd9e17df34d51687a1d84bcdd6e4f983670ce3e2a51d5f6b31589039bdeb86d25dcae0e356692fc10b27a769cd8fca4208

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
323971b6d6072ce431a3d4900aa24352

SHA1
79d10abc1f4bd69d288e639cdb005038e012b1ed

SHA256
f5110fb3865ccb17494efb83e67ac126dc25283296e510c21620994bdeee18f6

SHA512
1fbc61b6bbdf10e0131d526acdb901945f0bb9f0324a6e29059d899e47aa2e62bf8b15b3d74508918d98f9fa8a9301883136cf339015977b18adc29fce9bb393

Download Submit
\??\pipe\LOCAL\crashpad_4160_ZDIAAZDWLRLOULER

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit