hxxps://steamcomunnutiy[.]com/gift/activation/feor37569hFvrb1ga

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomunnutiy.com/gift/activation/feor37569hFvrb1ga

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1212	msedge.exe
1212	msedge.exe
3100	msedge.exe
3100	msedge.exe
3008	identity_helper.exe
3008	identity_helper.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3100 wrote to memory of 4776	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 4776	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3256	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 1212	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 1212	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe
PID 3100 wrote to memory of 3644	3100	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcomunnutiy.com/gift/activation/feor37569hFvrb1ga
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7ff8f14846f8,0x7ff8f1484708,0x7ff8f1484718
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
2⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
2⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6124 /prefetch:8
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7096468647935833670,13151757252042303194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6668 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
e13cf1d2f2e9544b0852e808a404c86f

SHA1
1b08cadbf67cb50d17ef3915e30c906f1929cbce

SHA256
a2792dc13616cedd000b0540368711b05efa3f887581947075366bea231c4acf

SHA512
8a7923e5c98061b0501035af91f13127c0785bc8c1494973d9b086d5689ebe0f90c776b4ea6402c7ea457aa1ff2eb610de638cf97d7557dba8cd2600154c6030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
984B

MD5
86ef5e8094e7c98f30e3b929bbd36c13

SHA1
da45527094dd83c7d5b8cf7ee749d4956e9624e2

SHA256
f353d98d993f96b13cd07391d0a0d829b3173a6a53d9229ebd65fa6f421c176a

SHA512
92362b4cc4ac9473483d19bacb192165e0bbd51d4b3ff6023ce45daa073872c01bbc7536f01aaffefc0a254582b7c50454e9e56cd23dc45822167f31a62c7e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
22376063f158f67231373e80b066dc77

SHA1
7fc6106bcab68c84e384b6a7c5e1daf024586c3d

SHA256
17fef68e989033ae5755ae28e37f804bcd3cc3c754a472601eb953d6d30805a0

SHA512
94016e24d91ef7c5b9735878dfb29dbdccb69ee93eba255a1a393f3cb4621cf10257cdeeb444400ba149d4b5c06e5048a75dfad51afb6eb356bfb5d06825c828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
de61086ce75d15b9887bed942ff3ae37

SHA1
84a79cbd05cfc069338241b79c62decda9924678

SHA256
7977fac413f01652ca86f2a314cf32dcb9f46f874bd63657843f62d619f14398

SHA512
d8dc1aaa13bbf9c83295ef11cfd06bb9936c51466eb4a0e3670c62bdab92c2f50c3f7c0ccc93782a5e6a36f11cef929d46ea97a0d06337422a95cad0e80c2e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e1af02c45c900d4e3a6905244db17c33

SHA1
9eefe9d7ad4cb76e644d9ea3525e1d0842495f7e

SHA256
7541fd1777efe382b5f43c74b5d049ffe64364f50b771969891f1f8f3b4e9e5e

SHA512
fccb55d6b8daf42f93ebcac84432d775633fbd0959591b2c3e6eeefcc5468301a631be53aef9d3d9add0d35fb0a12fee6abbac58572f6bfbc63024706a7e7020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2875115fb13024fbddf70d13b4ebe25d

SHA1
edd36d4296df8b2e984b018387ad60b641d9d3dc

SHA256
79428b4d9b01f5078b717572c4b51e35b80a036175a859cb91eb9607292155ab

SHA512
3a8c9e0bf2fadc25d52ac780de2f64ae5245b43be73e12b96c4e2ef3c1629e403f8d1892b624dfb703d1063e9e579fc3a48c604f267aeebfd87e4ff8d6de7b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b458ff3d757566024968c03337f038c5

SHA1
53369b5f7085f553f278941f9e1c139b9c5bab82

SHA256
04377e7c1b448af42d9c7789a4746ae64791474cc27a8987e1b1d4a4c3825242

SHA512
8e4160b63e52241d1d8399066d387d1a578b6e932ce0b6ac972ad49496a846bf8620e0295b303a75632dc43288a22b82508a40ba01aadb1c54f9aef4c7a4536a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
12c109230aafa53ef04c0995204c0f84

SHA1
c6454816d55b3f47f169bf53a5ba9632406d01ac

SHA256
0062beba576931c8ef829b30af3a3e6a74c3a4ee1a0476e1908bae61cda2e7e2

SHA512
a77669e77129aaca0b7fc6f76de60229a8cef448f68ac5310672c1212a161f15dbd9fe6e993ab5e3880412e45189ef7d9ff72fde77ea2485998683176e939e1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
73ac700101243aeed9b62e6f86aff5c1

SHA1
93f2146ad5485622c11f5612f80baa59bf37a1cc

SHA256
bcddf971122db287e9853efa20e16d0b4cf815d260ea338054652fa6649b15a0

SHA512
dd77f8aefdd5eefdb4d67bf7747626fea3ac77e05ec9b0a11b968852a15478a1ea342b7e8e71bcf9e037f4923f72d2b160ebba8058dac8ce0b2e20a52f1c7ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8b508404d19418302b0c45f48954459f

SHA1
520247164381c934f0ba46d582cd35c8e309ac77

SHA256
94b379ec0bdce3af783852e94432ffc203d1842c78a0ec53e19326cea9bfdafc

SHA512
0d79c7177753fef0c6e906c6607ff436140eb55e45e3c8abd5742bbea00d377b61de7af4a06a1c65579cf2f0aa0a2843612618bc7937d1dee2e8a457d5c27a48

Download Submit
\??\pipe\LOCAL\crashpad_3100_SXWTHKPLVFSJISQY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit