hxxps://is[.]gd/DjGj07

Analysis

max time kernel
81s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/DjGj07

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4948 msedge.exe
4948 msedge.exe
1212 msedge.exe
1212 msedge.exe
1440 identity_helper.exe
1440 identity_helper.exe

pid	process
4948	msedge.exe
4948	msedge.exe
1212	msedge.exe
1212	msedge.exe
1440	identity_helper.exe
1440	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1212 wrote to memory of 2640	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 2640	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 1228	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 4948	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 4948	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe
PID 1212 wrote to memory of 3200	1212	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/DjGj07
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd875a46f8,0x7ffd875a4708,0x7ffd875a4718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,872417974297347712,15008152920545620770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\89fb57fa-8db2-41fa-9c3d-0b9e6cad6bbf.tmp

Filesize
6KB

MD5
40494ed4c03b9e1e1219f33f70c2550d

SHA1
dd91882250cbb70e5d952a0b9132ae7442b70d4f

SHA256
5cb0bf2a62bd511402fc9d0e74b3cceaa93d70c84ea9d9b7320089bf6f10dcd9

SHA512
d92382900fbb35db20625317a8983190d95c6e39839e9142ac458e271890a0658205346b25e1d896f3eacbd30096fb267187154c56abfa0b71633eece255cfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
bdca99ed2493ca2dfc8186c229522875

SHA1
49df41fbf0480a3858f280aa832509b3b4f5783e

SHA256
97424ca7f7eebc6c667b5f6ef6660a6e8641af77392be5c1f3bd79ab7a5278db

SHA512
c2cf1b1d7766e8bbad28058fbc7de5e35f74c57b27462e8c0643f7f0365253369c844a811a981a503bdb0a8b2ffaf613787321f062b6eb28a33717a7cfb85af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
9f38ed373080b1a07d671b61f2ef1a8f

SHA1
91b900329c72fefdf866f7ec4cb7ba823dd447a1

SHA256
637723fb3a3c6bd72f83aa9161ee0da8ab5560ce62daf7fa57108ccc726745a4

SHA512
147dfdf131662197e7aec23527d97723e73a3fd770abe214b9fb9cfd8afe0523d802608ce9b2ea104fa89e781306e804fa824473f18e1ef684dbe481df08098d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
ca6c3f7141b71499b7b7591db5b261cf

SHA1
e7c3211163caaf4fc51b5d6be9ccb3073276ead4

SHA256
05778e01e690f81f1683cdb0d3fc8c2ef6920586ed80499844fc3aa3214f8987

SHA512
6963d92788504193516a2d0f4cbed11893ce750ccfe18a1ab66ce55f94000e5e3462d539b681ee58339f2280c34320d50427d0fc6356b7158b870f0bab440e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df4cd8075192f71b7849c663f0c0bfed

SHA1
d320e71d9d25cb5434ff636d42f07dec3e56534c

SHA256
79b3861ff639202b146457fad45eecb5a07c225a4b4fea0154b4173989f3af27

SHA512
ee8391656cab1a5dfe50756894541b0b9bf3ae10ea6a9d4a75c7f2e348812d53471c10ce838d68547acc714a169661d9f96bf2f563fd5fd4627f321cb6bcb8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d989976afaa4ac493b1334110752977f

SHA1
d20cd64200a11cd95869a5ae057928d134eca717

SHA256
080c287b20e211ad7a0356ef514a435dc898ca96e6db55f8ab5720d9ad7dc323

SHA512
059087238d610ba45ba07d8a6c5a0f40a7ecc1e3e46136b26156c7abbdfd7afadbe4f127acb87018fa775b8843f98202bae00698caee51a0cb665b9afd4b3de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
205fa82e63ce94b10253b6d66be1f2d1

SHA1
760a52f644b9f45ab0a289205d3c8daf6fa563dc

SHA256
b1edbaacb837a718e28a46a2b44a1c1392574a4854f367297581585663247640

SHA512
ea61aaa639c9e861b3fce19c02698487ae8a486087a08a29f53b324df10eb4f5ea731d4bbcaa452bdc5e97569b5848a917dbe579650bd8c8415ce8e57267e8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3620858528aaf4104ebf5e938fc931ba

SHA1
4f740e0459050b92279133f88f534cdb534d10cb

SHA256
ff2eb7fb641f9e5f3ad4b1958d84dbea4554eeba4ac52afa259fd74df8113f4c

SHA512
8fb4b6ce299112897e7bdc5e93a2ca936b26a49d8dbf8f8e665bfc23b8e9e7b465e8e390f767e97b2dbc836a414f99145e099438e83fea131e4ce09460c3d2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
85b6e76baf43dc36acb64af1fd5dc67c

SHA1
f4d4ad2ea50b0ab4072c5daba2607267a35ee776

SHA256
97b1f3944ed5903dbc06cb00974520116054a493138dbbc87bcb2198374b3a1c

SHA512
514ae2a362e09ddd612935b4f1bb910aec6997a855d08082cfb946149d8f6ac024104b5c72bf3bd6fad4c921debe0e144d3eb5341c10a57c72557fedb34e75c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583524.TMP

Filesize
705B

MD5
a02e18e120913c156fde1d9bde39d458

SHA1
c1ac359530d952f19a026307269bcf3f12afe1bb

SHA256
1d9c0859cdf9a15259dab1eba053b2d1e8145bb52f734b15e829aa8c6eddb996

SHA512
b9ebbc39bf0c696a967aac1a1fd1e289a986b6e9d6081d7324c18d59318ed79ebf620e8bd0ea6fadc00cacc1e5956a3a4b0a9aebfda439fe7c6b6e2f01c2ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b87bc58a206d40a8d06fe7c030db3f1d

SHA1
3fc1e474f055532e284be607aefbeef577f388ff

SHA256
3fd65d6ef3347fffdecd0f5e4b7bb6b03f2cb66d3ea5d9b806719d49fdc6026d

SHA512
b8c28e5a1201eedcd1edac0992d686b0ec6d18028cc371b536b7d45cfd9e70749832ac3b43d5f5bbe6e469ad40c1ad2eb33869adb7492499a6aef1a4aaf62755

Download Submit
\??\pipe\LOCAL\crashpad_1212_ACUJLIOGBEPNXYYC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit