hxxp://apostaequus[.]com

Analysis

max time kernel
90s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
26-06-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://apostaequus.com

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

764 msedge.exe
764 msedge.exe
4948 msedge.exe
4948 msedge.exe
4880 msedge.exe
4880 msedge.exe
852 identity_helper.exe
852 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe

pid	process
764	msedge.exe
764	msedge.exe
4948	msedge.exe
4948	msedge.exe
4880	msedge.exe
4880	msedge.exe
852	identity_helper.exe
852	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid process

4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe
4948 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4948 wrote to memory of 2624	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2624	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2492	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 764	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 764	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe
PID 4948 wrote to memory of 2560	4948	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://apostaequus.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb2c33cb8,0x7ffeb2c33cc8,0x7ffeb2c33cd8
2⤵
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
2⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14951945822303171079,13173337335039079655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
2⤵
PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3016

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
0d20072986aef139cb9e18389821a488

SHA1
ee3615fd4a7d01f91cba962c6238498d24ea77c1

SHA256
a18fa7b9d044d6d31820bdafec549c121730b479cd785001b0fe145994be3bdb

SHA512
4f80c91de858bd320ad101ffe5ebca9932d50ceaecda7bc7bb7d35317ad26373ca04293558520b5c85051a1f3508a5f794786e7ab49604b42e841c309ad18a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
ff15278bebcaf72b62d03ef802356f55

SHA1
f58fb8c51d0f41ca83caf229384fbf1e2de511b2

SHA256
ab4b00dc4166f6bebb74f4ca9281842d0a82887226a64bc6185fd4f5e9af7620

SHA512
924dd85cd412ab396ad81f0178c2b945d28bb300f395e861a27e2dde240f9ccbb2dc487d4c1cb324b62af4a4a48212f4f1d1082e9185e9038bba81f5dc01cb84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
26003af9e3edda021de61e98fd26b96d

SHA1
0a3fb53cf1ae8c26ea8cba060acfee73bcbd5b3b

SHA256
d070b1a42c0d85bd07a3140730701231ce3062a57723ee027c1d2b3067840a86

SHA512
f9b9f9499a6ea9093fa39ed92f0ec7121696725a338444d5b6a6127cf84c18e468b0e7869933971b1ea52b0d7ef9a06004bb13739405a54154dd727d49fb17f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cd66229fe268fe9a1b13b648c35ca16f

SHA1
9a0ba16cdfde2f80974a3616a8d26232d5a3be5d

SHA256
3a544fdca5464ce7a454888c22689bceafc81af7345fee98412377e2bf321e27

SHA512
b73ebc9102dbfc114544550b9ed4a065ffc073df4618d22c7af95ef97aacfebe9fa06bd15d1e5e0d0a2d2cdb130074e5d8614130551306b9cfde9ba2ba119a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c7abd3cde38e95a7bade7d0de0f67293

SHA1
6a00c58945be464e82b6259163c8cf6e54780105

SHA256
0117ae4a5acc0353885a50ed151be1c8b649dc7c752ab03907003be830f352c5

SHA512
d7bcf92eefde02652cfa661344cbf87b71f05b14ae73d15603adfcc6bcdf9a55f1e7a5c5fca9bc74a4409800a90482d122d09b9ac819f3e1cd3d134d7a7cf253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b106a941540a576cc9c112e1d09bbe2d

SHA1
dd45cb3bf47d255491921bb566c186001f9ee727

SHA256
51e014b13cb7efaa15ff8ea2cf67fa534429192a6aa11b4ea63da501edecf62e

SHA512
50fb1672a498ea6ed76536bc4df46339ab245882a23b69c0fe700daafa84ec16a5fa1f65885567f52e1045c8e3f29a824b31d091a04cdd5f820e5b28c2c18c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
c8f6e37d563989fbe45ba761b8ce17d4

SHA1
672178f40b52b0aa47ab3185478b67ef1bda1068

SHA256
f655f1cf5cf13633b2484f29e12e17c927d05d9dba06c019edf6f05a3f31cd4b

SHA512
f905db17b5052a6c10da138f31bd394bd5904d9d9140ed0ab8b604a225b420357a3006eeab33ea122502c0011133293f57473f30b7e6a37a871463c0fe36aa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cd5.TMP
Filesize
204B

MD5
f709acd040af40580a62624a59f3c5ab

SHA1
2d9840f55fbc7ef73c22d68612e54304bba14c3a

SHA256
bd47ceb727f5702c9859d17679ee004b351e79cb509d2a45621e114e2ed39cec

SHA512
7165695c31b27ffcf12447e8cea0d099abcd5d84ef70b415a2e4dae03d3222f434c32e04a51101b951208fc8082778d6a5ea0b4a98492c870897fc59d62128be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5c2a43ba72a8a2336b181e74576878d8

SHA1
f5a2d7163f9e0629aa48af96af6f411acf401ac8

SHA256
6eb899f1a026b699499508e33e0feaaff45b21b0f3deec6038b035b67462b8fe

SHA512
1e6539a6c9751916572215c758f55d3384a5baa2718da0cf872ba848fb1d0b76dc129392cf2e62ffc2f5f460d9538e95432f64ff7c0d4bb9157e69c1ff1488e7

Download Submit
\??\pipe\LOCAL\crashpad_4948_QWNMEDCYIMSHYDNT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit