hxxps://is[.]gd/gF6AP6

Analysis

max time kernel
62s
max time network
64s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-10-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/gF6AP6

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

1112 msedge.exe
1112 msedge.exe
4108 msedge.exe
4108 msedge.exe
4800 msedge.exe
4800 msedge.exe
1904 identity_helper.exe
1904 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4108 msedge.exe
4108 msedge.exe
4108 msedge.exe
4108 msedge.exe
4108 msedge.exe
4108 msedge.exe
4108 msedge.exe
4108 msedge.exe

pid	process
1112	msedge.exe
1112	msedge.exe
4108	msedge.exe
4108	msedge.exe
4800	msedge.exe
4800	msedge.exe
1904	identity_helper.exe
1904	identity_helper.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exe

pid	process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4108 wrote to memory of 4864	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4864	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 3488	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 1112	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 1112	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe
PID 4108 wrote to memory of 4948	4108	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/gF6AP6
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1c073cb8,0x7ffb1c073cc8,0x7ffb1c073cd8
2⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
2⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
2⤵
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,8252589338067587815,14840866454210309314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
0a103efa4493ff4b9138952fc8f5a216

SHA1
8270bb8192220fe1b82bfe5d0689c9849b3d01a7

SHA256
11c941e8259a4e4f899af89482d1093cffde924e6652abfa6f3912b4ab7c35c2

SHA512
34932be713c96e6a9096994e9f8c6e3232b04db7bbbec6d239903c55f0653ac9e505aeeb5c9b5b08ec10ac564ef61eba97f798ca360c965da171ab72efd4622d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
fc1a88111593e162a9cf7d6281d3c0e0

SHA1
48c1ed99e737a5fd6ffcc369bb0524db39e27762

SHA256
cbeeaed299a327f462e9b727ff1c78d006c7a8728758b5cc7457a0148a0d8409

SHA512
1569e7239151c3c45b4c4522bdc1e382b2886865642d70b6449fe341f665b1cf97bcf93b0b31e385c00f054dbf41db83c951f0c4fda1265544cfa2c4755380f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b96560163d46c5f6906c03c455cbc72d

SHA1
c075b2a0a743e3f449f0f8421302ef0eeee9134d

SHA256
7bdbe5301520b1fdb16a189984863504c251f73b297663be1d44a738562cbd2e

SHA512
825c51ecbe269b03e19bc96f2808b3f209d4afb90c15938dd23bebc56650b12e55d3925a3bcd4ca7e9b06071776d0849783f7c08898e124e8de640c08fd41474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01dd5aa6907de5240fd6700bef6d75f9

SHA1
14715883b757756752c9a1c3bb380a047eda2715

SHA256
6ce4f5ea10c66937b10fe680375f88c9634d3d202cad494cde3b48dd62302f9f

SHA512
eefb507f23976c29f5c877f0f4b091a9bbfe94547b5b5e4609401f5be6cda95342a0d6c93770629659b78f7d098377f12855f5cefcd5f8b5912aada7cbd03690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54d3779d64d23e4d4c7d6cd67ffeb996

SHA1
d0cbd8ee70957694ea2c9c7b9ffef00a8af48cf5

SHA256
d3435372259f54afc1ee7ce2c68b9ab4ab1d30332a6f7687d4aa867ac469f4ba

SHA512
9e73bb3134e77c0395c3a9cea3b821bb34978a1839669ea82f0f38ea65ef2f101dc3fcbaaecf13cb139144f4bf5c464e774d975c5011e3591681a0e15fbf6b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
fe39a3532d457bd355a494744d538ed3

SHA1
06da407e742c5a195249f32282f1abb1b76c17f0

SHA256
9177eeb96bea63248c92fb370cce8df44d5a9b74800db35df061d2adb3f14636

SHA512
eada3f038bfdb189b3070e289264c2e6f78e54659dac68cba6e6857113524f221e469fee56b2e6b5660b8ec173c97fcc2c39de92bfee5042bb5e5b846aef7d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581ad6.TMP

Filesize
707B

MD5
7a147fc0e61a1450a04f98dc5f0b3d60

SHA1
def1389d042b07775c020815bbffbd7ec0193c68

SHA256
d6fbd09fb149e97bf1bc90b78b829a6b14377a85b521d486c3c9a2ec6c576ac9

SHA512
638b448271ca389c852dc85c68513795f595467d22333ebaedfb795f4830fab579c6567efcba3a3c977a62266e1a5e871f0706f8c54080c9f98db355f52798d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b779b9c3-1404-453d-992d-6d73e89cd90d.tmp

Filesize
874B

MD5
b95802a879f3ec23119bc27763c8432e

SHA1
e22fbb59c1be663301426349d21b79dd6a80ef7f

SHA256
b742ac7b3facfe4844c67b04b86d4cd59cba7c73b3be6b25ab51d9cab642d1b3

SHA512
ea2fbe830c74559b134e9337970bd857a4ec65e3b5903b59e73b7c355ad965cbb203660cea8bcef5a8d4672b0185b18643f54f0f978ccc5a7e037e49e07269dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e593942657f32e9770c2025150f7257

SHA1
e71ab4883c0cffa599fb7e2a1f9a706c8771b5b7

SHA256
f8d47a54b06f7df81cdb871139e2248a471d17774f7dddb974ab7c3900909943

SHA512
7c048c59265d3b0e20f7485f7c9dff062a0c9f45d8c4a2f1f3a32fabe7e9ce9a404499cd6f15a7a71ab90da021810ffa81ff588a0ee0210a8e0418315e904620

Download Submit
\??\pipe\LOCAL\crashpad_4108_ZLASIRGTFYEKQSFF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit