cacc3c09d432702d237265c156358a0430dd08938afbceaf4a444d26340b25e8

Analysis

max time kernel
95s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
31-10-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nber
Size

65B
MD5

6688d59f1d0b9e116ceca1708a113d0d
SHA1

d0078c573575a40a584cc92d4ccc5e8ae62aa948
SHA256

cacc3c09d432702d237265c156358a0430dd08938afbceaf4a444d26340b25e8
SHA512

116612441c802eae5cdfa4441c5757ee48298f865e1ff4e164ae1ba9ab2a0856c7e2e5c023864eee6963eda1bb89d6edcc7951c4b566eca2aac989a66ef510a4

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

4296 msedge.exe
4296 msedge.exe
3248 msedge.exe
3248 msedge.exe
4888 msedge.exe
4888 msedge.exe
1164 identity_helper.exe
1164 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3248 msedge.exe
3248 msedge.exe
3248 msedge.exe
3248 msedge.exe
3248 msedge.exe
3248 msedge.exe
3248 msedge.exe
3248 msedge.exe
3248 msedge.exe

pid	process
4296	msedge.exe
4296	msedge.exe
3248	msedge.exe
3248	msedge.exe
4888	msedge.exe
4888	msedge.exe
1164	identity_helper.exe
1164	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3248 wrote to memory of 4896	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 4896	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 1124	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 4296	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 4296	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3168	3248	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\nber
1⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ff9f22e3cb8,0x7ff9f22e3cc8,0x7ff9f22e3cd8
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
2⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
2⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
2⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,512546147456046692,14998927574295510844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
c5d74878d99ebcef6512733c9b482169

SHA1
79d602de348230f2fa38a7c6b9158263d90b8cdf

SHA256
b024506e08e1347f028835fc5d91a5a758631de79fe8435f9f8aab3a8594e827

SHA512
d5339caf655514ef396c89be8bb7988cd50fee221226bd6f6241205803fc08bfdd6c22694472fd267a2832035bd893cfb87ac1d2af6af765089ffa2dad460d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\479b4bab-7d15-4917-9be3-95c9540f596d.tmp

Filesize
11KB

MD5
a1d94acb32726e885149b9833e5b99ba

SHA1
e91fdc631cafcc6fd08192984b1698e240f01f77

SHA256
e05ffa6341fc701f20df93811b429210f15c62bd033e3f9aa0a96dc198a43199

SHA512
af3493b8fa3bb6476e754889063539f84bc120583bfd3b71481ca04ad9d090628592e8ff6f04c300ba1c5b730de0cff5e6da2dde4495aab96820d59e599f6ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
35852214b8d6e08d934137396eaaa384

SHA1
78f99bd12fa1be6e9f7949405f57d9e0e946155c

SHA256
b83699b4509396bd4a7b3ff67d3cf7fd2e33504ca6d5c964d825ee437c15ae5a

SHA512
339e57a59bae178fc6a4c706e01fa25791a99f5ad2eeed2ac86d8bed56060e7586377c12431c0e69d1e4dc76ac2beafd7e9df7653167badc26c0be9a21b17587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cb2b0f640efe8e6da565058d73a7667a

SHA1
274e468625c772832d31e551dfb08d7957404cc7

SHA256
dc6a9c64f1c83c06f23c17d2862af7b47d0593940145fd7c540829987a995531

SHA512
6ce3c4fce6dd0d5190bd35d1bfbb557a4b504fb061c682c33100aaae1d0cdc0c0f6cf4af63199f11a1d722bf5d4b6c11d69b83878162ad29e2c6b711b9c6b9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30112479c31d7c14ce987feff6653dbe

SHA1
55f9bd0c5a9e1e6449d20355386978af74c5ff41

SHA256
311dbe3abda8a4c8e8ffe5fbf775d7acece60c1605fca1ca252e573c8699e8d6

SHA512
2272cc3d175190c48dd4abd24f663c3688fe2ebe4372c2abd4efc72ef8546bb8c877d5f21cd4668656d980feef1c6bd0389e2c4bd82d602f06d1d35dc11dd993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da256723988e03c06ba8301977525f94

SHA1
013a63a89216bbd12bd6bc44ff5b32ab8a0bc0a2

SHA256
89f1e55741fc936902cb0c886af0e3df61db97a24e89c758cc221cf732a3f83e

SHA512
d73aea51869d40388c75c9e2f49e45132b14e7edebc2150bf699887b3d3dd426fdfd3a8c1aa676f5c3c95ca3f93337012a340b5bcac63908c54016ebf70b01f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e998a2869b81ee589b4433bb81b7bbff

SHA1
a6518925c9f4644194660206141f99d6dcb12ffe

SHA256
ff0a6f128d05d35c7bc21b5b7aeff18fabba7449bca33edaae7f075768855785

SHA512
5c256e6feaefb3fc166aee066aec22fce4a86b6623a42a84fe935490e693f4846a0f55221be0819bc29c57ff6c3445bc7c4f2b050a01781f128811a724ce81f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
bf10c328f8eae0950cbff7792fdc492f

SHA1
91d89286448e7346bad8752e24d84b55b81f8fad

SHA256
ff8fc78e474d20b40f43277bb32fb0cb4d557a1b3d288e5063091f00a9b6215b

SHA512
5d2511720884f4ea02dcfb200f0b2e66870f9ca8b0bacfa840c07cf3288357522a856c7a0340d4bec3adaba7da7c8a316f1ddccf3a0d07253995ec42537c9c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6608c9a7dfb59294216d3ef7aba359de

SHA1
e920eff2ab075bdd8243713dfe1e2833c65dab23

SHA256
037d417aa88630ad68ec5c9eb82ce4da036986330dd649f3a6ff355389351402

SHA512
74311b071cfa6c7d2038427a61cbe60defae6e3ebf47c51f46fffd04754998081a9dbc852950b95803998a65092fb0158f6a59b7cba9d58be5ee1958fcc90b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5890a2.TMP

Filesize
707B

MD5
4bd9589aec15860fa875c1f1cc0579aa

SHA1
0d89d4d9dcb8eec2e0a13beb5d6de79fedce0b28

SHA256
0bbf961b2e582406873911db8767b43f2b9e0d3c1bcc3793de2578864c0d3fa5

SHA512
d4e9bbc1f732e7eb95d34440f549dab5bf885ff344f368425c44cf653aa1c5654a2af40661cd878b873f667c5af3afb5d7b89155fb38f5da05e3eaea4da238d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
\??\pipe\LOCAL\crashpad_3248_XTYDWERVUVGHVATJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit