hxxps://steamcomunnutiy[.]com/get/activation/feoeeq82794hFvrbgea28

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcomunnutiy.com/get/activation/feoeeq82794hFvrbgea28

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4744	msedge.exe
4744	msedge.exe
4152	msedge.exe
4152	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4152 msedge.exe
4152 msedge.exe
4152 msedge.exe
4152 msedge.exe
4152 msedge.exe
4152 msedge.exe
4152 msedge.exe
4152 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4152 wrote to memory of 2472	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2472	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2452	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4744	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4744	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 4632	4152	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcomunnutiy.com/get/activation/feoeeq82794hFvrbgea28
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8180146f8,0x7ff818014708,0x7ff818014718
2⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
2⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
2⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
2⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1252818954859718853,2341377556644030479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6116 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
928b53f8754eec1bc99ce36b865a3271

SHA1
e53fd34b84f50ad582d7db163c921a567e7acc67

SHA256
b839a24c5fe12de9beaed238e912f34bee6f200b8f7b970f11b7ab19f46ee3c3

SHA512
dd1b78929e7237a6c3237bf3a4a7c6a99adbf714004eaae3dabd0122784a292dc96453295a0868c6e56b2d59dafd416f59b27e962ad4e996210dc95685d08093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
c5d7f3a0808250f61fe5fb181cbce367

SHA1
46547d94f7eb903906643e161201979045dcb270

SHA256
30455a4607ace7369bee88407f11e1ee7276785d50c7f653cafb75bd7550db4b

SHA512
264371b0d150d601eedf787867d27c157019f15cf10bae4b32bbe9c66e6e1b7bcf90027cfc5e6b4705c85296e13ba2f4451ae11856088a59bf14667af1d2f399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
5f630043e0f0fc2fb73f37f556697c52

SHA1
f045ed18fff29077124ad23568b4329392080e65

SHA256
a1a4ccf7088d285c3ac537e230003fcff7a866cc8cc47b345c92be40db9da45e

SHA512
7aa1a4ad73813f998866a9e2ba9b40836808fdfedeb1057aa5621784d41aa492dac4091f9590356e9fb5cb4bfde288b65516bbcce1f54c19bec5818ff682b751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
543B

MD5
a56b6d76b349934e6f7815d093c4568d

SHA1
cbb3c4de3a9065458a05e270abbdb94694e4765e

SHA256
891400eefda36479d7024757fe76f3d8b93104d40429b5cccba4864d8d9ef835

SHA512
7fa5d8faad4033334544a0213c50a534afd0035c0185cbfab1a9dca944f203120372974a3fafd8d86941c379ad46e39a736ea4b8116477b1de1f3f0a1dc3d6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
68e8300d6b3800c4a5e1de536d66ba13

SHA1
ccddbb8bb348004e015fbc814ba4f6b84eb37d4a

SHA256
daed530cf6e158fb70bb833b4923fd7de7cfae307a3d186880c3bd4ab49a7fb5

SHA512
47746b50c9f5d2bf0bb2a4569c1670332401fb1949f0f5477ea65a368ab869fc09df86359e663a535c043eec52916993bd1baac87c679d0063049c7c6c90b5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
606f93745d113287f51400604b294edc

SHA1
81edbd07d0daadd6aca97ec732e5735fd9a8b0cd

SHA256
a7a9237ed743fbe218b699f91fade45aec9e65d177b54dc6ad7a9eeb7c009838

SHA512
1ea8f33f6583c336fe9b43b5d807c351d66b0e86f1bd1a36b05cbb326a5f399bf3a46de783e0cf265cfc04155f1375abe40d2fbcdbc920eb3fd099825b3d570f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c3591dfc178dde4a4abd2cdf41f328e7

SHA1
0cd11cb2680331edac3c2280bbacac2d114cf7da

SHA256
07d93bb122858c9060ab585631317afdb35d6a265009587051ad6382d3eced5c

SHA512
cdace7f1ac8baaf1b32f916f35080a13ebfca03771c0d673c1bce3cfb224a1483cf835b331082c4e187e37c9b8a61cdff70d39e2695afb7a553574c3367975ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
fbce103672b3dd66f712fd0dd6e357ce

SHA1
f768c7d10b0aed7b0098709e7dbc5b7c7cccc213

SHA256
7ab0f7c8c781014850e4c06dbf611b253a6ac5037003bf0f26a4a861c989b6be

SHA512
8b54d50351994a5115263455573721546c35c32e018f9cf8dfedcce130923b7c33eabef26f4579b0e160980c94c999339f0804f1022978d03d9b7b14b928dd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590110.TMP
Filesize
539B

MD5
a5fce058c4f52e083169bb23c9724357

SHA1
536fe3fa68f6576e96b987b21dbbca327be2d6bf

SHA256
7f1132602e71f3c746751f77c7a86b2787e1579c3dfa3583425a312cebdf556a

SHA512
f8f2dd892a95644321135571092471df439261278a30e891016e1707b9b5917a1cb208b6fb9ba1c343a2ce30329ed5bdecdb744b141d97effd07218821f128fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1007dd5c34790737552daef7c14409b6

SHA1
846b3dee9bbd4246e8177cdbf86fcd3fd4d2eba4

SHA256
58ab3647a208604d57652c85e63cccfbe0bb3d1d72b9b9c717368a85ff882523

SHA512
15790d3c02d237b109577ec33bee15f8905a820066a421a5f4164c0df8033ba63912caab90e9b0cb67b08445968de09695dc92215491c15443c2c17947c7fce9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4152_IZECTXZOAZGHKGWR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit