hxxp://steamcomunnutly[.]com/gift/activation=Dor5Fhnm2w

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcomunnutly.com/gift/activation=Dor5Fhnm2w

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4452	msedge.exe
4452	msedge.exe
456	msedge.exe
456	msedge.exe
1192	identity_helper.exe
1192	identity_helper.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

456 msedge.exe
456 msedge.exe
456 msedge.exe
456 msedge.exe
456 msedge.exe
456 msedge.exe
456 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 456 wrote to memory of 4880	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4880	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 2792	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4452	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4452	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe
PID 456 wrote to memory of 4968	456	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steamcomunnutly.com/gift/activation=Dor5Fhnm2w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98b4246f8,0x7ff98b424708,0x7ff98b424718
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
2⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,10975799092997645722,3709234322924996001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5172 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
a0b609d65a5bbbb4e6398c75b41fb6f3

SHA1
040fa6ceaf121193f338035f4902e81c43d7357a

SHA256
6dd89a27aff85bb482e1cae8814434e86321858e28699bdd13a2d0b9c68578ea

SHA512
f3c36d2062f00db7240d4823be871fb4c50b558b9928e3ccc4893bc34ccaf298f2be08823dad641cdcbd1d204e5ae33f283366f0da2f9f31a533592b126e9ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
461f33c60f29a7d6e74965792ba9842e

SHA1
1adb4700a670889ea2141b9e10dff542e52dd982

SHA256
92b4f61bad5a5e488a68d6f419a215331cf496685495b898985249695d069985

SHA512
3bfeff42305edd48a6d3af9dfbf4e51f819269ebb9fd464f11dfef3f2b89cfb6fecb1a2f6f01592042e58b518b035417156a66e6e0037724d02fb02b69746b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
707B

MD5
4c4f3a10165e447245c495e15760f53a

SHA1
616551e2e5ed6a276b0ff788513ef18442f2c0a1

SHA256
8c83e479a0fff3b1408fca8b6c7d7a2ae6362a7303c8a7c30c57a99a996af124

SHA512
50ddbd8686d70c0f4e02defb8471ab3a46ea5d890ce0f3dbe0c91c8beb23c02b6b8a7076d81b00de1f9b4fb7eb6ad912d8dd07aa978f9fe90e35fb68d4102330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0349af34dea1b6818edaee7bd633f57a

SHA1
29724f3e497c3a416ce0af79a9aee9db6e7221c0

SHA256
999419246433137be5a35a985d156aaea33de919a1c1e7707aebc439f0bfd6ed

SHA512
39becec946e9b6e0cce823ac5c9b3770c43914265ab04d27b01b2395c04d5525d8083b5a969475aebfd2ae3d16fda334151a9637bb1a1bb3be3583777437d24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
358c616af111eb2671c69c3a95f3cc01

SHA1
6fb68cb2edd06a3413b009b9d0692680e31ce7e0

SHA256
cf24932399c351beb3281235efac4b0d36d30170b418f768b9fefe6742e716a1

SHA512
5e896c890c035fd656095c7265892fcde72b3b22ef4aa5b008edd7f5db4d67eded12f968e322180cd280a6b607faa69f55df1058e068b233b2bfc9ef2f99dfa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5acfa35690d8d96e525a048299d526a8

SHA1
4eb04af8de02e6fa052d654e7aebe9cdbd6d1a1a

SHA256
28c4f2d12b6df326e51873b6cb69ba32e3a36d060fa900f73e93c525f2275f09

SHA512
5b62cbd1c6ef8dd0039d9a5351a465132347410b10bd1aba6f37f1102237e86f0489e75aeaf25612a06974057af2a2fb2e1b369d69688fb25bf0a5d27be5e834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8db2631f3242eaddb7d6f8f78e910f06

SHA1
08088166aa3865d466d10a29b3dd4b3007e0a116

SHA256
de3157cd800812f038863a5f2bdf8ba3283b49e7234c58db68b877f0c3141291

SHA512
a0a4761059ccce249a667907627069509126d0b385a493ce2c9d6aaf227702621da3ab1322d0e1d2e5fb8942b72c70f16ce833d279f21204c90823c8b9c24464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588e41.TMP

Filesize
540B

MD5
c7796d8a750f656d432e0ca0c56e2d05

SHA1
3ae8e65013abb2c30c966833cfd6b85fab7eeec9

SHA256
b128fc38a87b3f284dc5ed65b7cb1adf335b7335b6487a32f1f6f65116f0eac3

SHA512
f9510a7f0ee8a34ef065ece59200a1c56cac32e90aec9b2c187074814765f1c9474a865d29adcd6e71932275f87c900abd6f49f2e39e8c66594ed58de1c4c6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fc84223731f691a2e005de22e17991d

SHA1
afc675375e45519eb29fc808d3f405686ea6872c

SHA256
2f9f43def0c485d100a23d058cfe3869f91f407c5d1fffbfa8c103800b6b4346

SHA512
dc0793f9d22436bf37ece471aa928776cb154b4357213ae542458fb536ff42254689843aca83f5abb76f68fd6dfbcf724ae12a31496d59de752cd078676cdc43

Download Submit
\??\pipe\LOCAL\crashpad_456_SKIANBKFIFWECIIT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit