hxxps://is[.]gd/SQG118

Resubmissions

19-11-2024 10:22

241119-megldathje 10

19-11-2024 10:19

241119-mch2estgpe 10

Analysis

max time kernel
71s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/SQG118

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2148 msedge.exe
2148 msedge.exe
3188 msedge.exe
3188 msedge.exe
4884 identity_helper.exe
4884 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3188 msedge.exe
3188 msedge.exe
3188 msedge.exe
3188 msedge.exe
3188 msedge.exe
3188 msedge.exe
3188 msedge.exe
3188 msedge.exe

pid	process
2148	msedge.exe
2148	msedge.exe
3188	msedge.exe
3188	msedge.exe
4884	identity_helper.exe
4884	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3188 wrote to memory of 3036	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 3036	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 1548	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 2148	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 2148	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe
PID 3188 wrote to memory of 5044	3188	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/SQG118
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd660046f8,0x7ffd66004708,0x7ffd66004718
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9446569921755569033,12296359736567722050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
8eb0f66a59ee89508be66aedf9eb75fa

SHA1
1c5aa5d4784c20831f488a00a7c7334da0593c4d

SHA256
4af4f4c9e3a7637f47c42fe37e6665f5b734a038dfcfa4d1ca2239909dcf2567

SHA512
e0bf464e581402bb81ff24b8bb77caca26107538e72f723bff2812a06d7248612ef9d107c2d2b76de890986f3687d0132d7a7ed6d4872e2c84bc53c0e7ed5e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2a305d04-197f-4671-8878-f028f31614f6.tmp

Filesize
10KB

MD5
6ed49de48e159e1a4da5b5387c95e07f

SHA1
4baa7659c1254be8c77bd67ed6b44e7639a5ae27

SHA256
f5393494378df0fec4a38c2ccf90289b29621fc2ed7af68bfbf7a9842538de40

SHA512
6df80a3da57b1a2d04a5072de8b35d44f273e6c52f8382a7063856681c133866265c69feecd611d1697f7a27c784b407ba8911d586b0badfcca2baeead0cbe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\477320cb-855b-4e80-b7b5-2d37fb4fc30a.tmp

Filesize
874B

MD5
4bdd603b4722a1c7c354cd7eafac8a52

SHA1
e35bf72ed0d33f6cf3d822e70d73112bcf927927

SHA256
f9500eb3590a5462da8ef4ba8dfb6ba5559202d94fceb75c21e6e790021cd018

SHA512
34e9a9228ec453c187d4c7d0cb295e95507812290ab9abad9372a5eaba18c3fad6c97d4f9c5125360eeba047de79969d0a51e388548dcd103a2de766bbc50fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
fded2462b697c0d5e0ed03201bff2f3a

SHA1
abc935bb99bc76435a84b0709848138a2a5c7b83

SHA256
a724e783d39e8afb6a8cc13771e2033e709c82f359a2a64d75c265aa19373f19

SHA512
6668f9c21e8df808b1a771adec155be6884a7168e0b3e84a9d2162b0383f266314d00405c1c6fc45b4ba7fe837dc0b8d9774201e67e10275e12abc16b5e6a89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
039c889eb0c2f0f37afc7873850cc879

SHA1
e0e5ed3b13c941cc8a718d9d2f3871d5227a8312

SHA256
c866fbce5196cb6ae6224b8edbf1b1de111adcc41ed958f9f3d70b703b09582c

SHA512
23fa034daa0473529f9319c09071b947e4ac89ee4e19e8fcfa485fb6e4d30ff4a4ef5d36c1678a48d66ef2200a1a0de34f40b7e3c6ce6bf7672c65ebed8caa90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19e40f100394d6b2a6876c946e2af618

SHA1
8b5d215d033cc93b5ad01fe3f0bb66e940901e87

SHA256
4ca2f6f04cf313601fe0c0a874e52210f527c768acd96ba5cb00858c3419424d

SHA512
a8e35895888705db37a2a1f690df7ca560319afeac15014acfae23b3c936eb7ff083c134facce1619b403b810d13a2f54846c44906e43775e5464623795d83e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15fbfd4947414ecf193f46dcd5426099

SHA1
8fcc652f30dec9692e3f5d8c6ae422b487371f15

SHA256
91bfaba4efb1f0125ae4dfbdff7f818e431f60708238b33de6b699e11a6dda85

SHA512
71bc5ff8c630495f8e38af6f1c07a796243a977fa23f94b0a7ca02e640f80bae98e82f6b9751d5da044636d2bebed287de8aac14e3fd0bee53043e261bc5d920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
92dae3dfe6e207375c3419a550d4797a

SHA1
83a0661855d0dd13891b0a69467f2842e03494cf

SHA256
b408106e453c841458fc840fcfc341cbd5e669d396828131cb61671c0de849c3

SHA512
f2470ecc12447a4b1666de0f15264c18af35b2273558a8e6eb577538e4618a022f02036f77363131cf335d20c72ad0d4bc25b29267cfeb1efd8da8db70d61967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580124.TMP

Filesize
707B

MD5
ed0ad3a393c4ce8b893c8816338c5548

SHA1
962e556138c66e1d7eaf7cc1fe46b0e6a06c67c5

SHA256
7429123aa97501a51a67e5b160b1ce8560fe799ba28545ad573ba22741967cc5

SHA512
4d69f8b11ee0ef3d511529f0e9cb3bd69b07f8d58d647b8999d50dc993f2e7ccd88d8dba1ef3763c55a8c414664054d503ed08ea27273a52811aa0279683ab78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
\??\pipe\LOCAL\crashpad_3188_OKGXAQFXMBTPSQIU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit