hxxps://steam-card50[.]com/gift

Analysis

max time kernel
112s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/gift

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4516 msedge.exe
4516 msedge.exe
3716 msedge.exe
3716 msedge.exe
5076 identity_helper.exe
5076 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3716 msedge.exe
3716 msedge.exe
3716 msedge.exe
3716 msedge.exe
3716 msedge.exe
3716 msedge.exe
3716 msedge.exe

pid	process
4516	msedge.exe
4516	msedge.exe
3716	msedge.exe
3716	msedge.exe
5076	identity_helper.exe
5076	identity_helper.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exe

pid	process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exe

pid	process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3716 wrote to memory of 436	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 436	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 920	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4516	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4516	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2160	3716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-card50.com/gift
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab57746f8,0x7ffab5774708,0x7ffab5774718
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7621380685295429369,1093950705114934821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:1812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\85bcb4c1-db90-42af-9147-21035597aa8a.tmp
Filesize
11KB

MD5
33298010e0f5fcadeffb12822e728237

SHA1
d800051e75332f309d5b9740fa9ffc618ac0b12d

SHA256
d0fbfc7cebcdf9111c59859f51a995bfe5b9c512a589397ac794ee18823202a3

SHA512
d367b8958135289647b813c489ca91b01e853dfca08b7c0c82fff5654d4505476414cc942f139019742fc3dd658cb80216e9bd131d3e2f58030bf9eadc9bfc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9a029ea8-3043-4e64-a69b-106dc028569a.tmp
Filesize
6KB

MD5
7a7dc20771ebe21d9713d583c9e7b4d8

SHA1
aac73320d4b13e2ec9f2f790b04f9ca5317868c9

SHA256
6dad233ec28df80c5620e3b5404992ae0b70a27cf745949500c2681b5fec306a

SHA512
7f6d1f39345f50a6d980a30e0fc98a8d5a7f26d706f941059504bb4a9bd7a14d31dccef828f9504381ba020738b10c0ddc8b017dd1a0a658b284cbdb655d9104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
d184af779cba09ca17e9f16d460df714

SHA1
a3c8aa41e26d38eba8304483e70468382cdb91e6

SHA256
8ea8f6df2db84327424fc89a23590b63a7c3e16f88b7b5886668acb7ffb82a00

SHA512
6f820d5a73525f5ffc6b56f43b5322ff9180ca19fda4d877f6f219c9682516dae3a715afff2adcbd963dc86c214758b607921d7afdc4b0e20b124d2253967f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
4252dc6b78fd5222292c525e45465413

SHA1
46cb1f4485d29137644ced449b8eb0baa803bee8

SHA256
7fef7f815a39ea005a6d00dad27b3fe7d3ae4e736896d75ea029961f88d2ff5a

SHA512
d4ba0ef68b254d4a3d2c6ddfb662b69e4fdaa84de74f099dfd40849fea48714642ad337daf0120db5da2e94257c1b0f3966e0167617f385e6d75e1da586c0edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
5b195681c24c19f2da984bec8f4616ef

SHA1
881b865f7b5ef2bad2601f82f08184cb7d2adcd6

SHA256
dbfab013f8e82bef8d15700e78d96c9910a2ad813991cbed70249e9e6f8174cc

SHA512
4aebef000f653e246818a4aee55738e72dbe8f6712ca8af1558989a85c6297ba938c400126e5c9dcdb08dea00bcd6cdfd08d6d53cf54d5d0486369d3fe5523b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
988B

MD5
22065636b30b68931445853880e482e1

SHA1
bf336d4a1abccc8c8dd695acd6e4a6c725d88748

SHA256
f0facced0cb41a79d83011e1ecc0b098cddf137ea9a4954543e5ff0fc347889d

SHA512
5cf7f90599beffe25d8f796d96732276a45392c6396f0f34deb412aaa4da6d362834c1262e3fc860ea991ccb10f23842cbc6168df16da25f43c585c0a5fb271d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bd67e1c6f5e17c5cc053a6a1873c69fd

SHA1
08a5aaa4b42882e27aabffa424f4e190a7443b3b

SHA256
b67ff9cfe9c1ebdd84c74363e99ff589e31bf83b81e41c5b9e77428b294bf09b

SHA512
32d27a254ba43691a46f976bc6d836c9769a499529cee66581c8c2eb19220e820e5ac551809650b7a6685c9c60ecb42ea711af5ec6a10b40d98ee75f701c0396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a681466b710fd0173be01bab85ac22be

SHA1
3a4b15d16e8d9dcfd8a8cd5bb75fa47fe0998232

SHA256
c1f550ad82d07c43981163c6b96c2460ed5e7e0bc079cdda2568eafdcd126809

SHA512
8f7ff67d00565c01f4b1a8419946189d03db15aec2a2a3379bc31274235f81bbf6b52cf3639b8576017c758d59e7f270936c96761e3f70d439972a8b2aba42f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0789bee8282feabd0b76d4ca7843deb0

SHA1
f930555867c6f507849a5904e289aaee6904ec43

SHA256
d48a021e09592ef9cf10bd5c3c166da13db192d38a2fa8b547669d55fb8fc36c

SHA512
df7dc4874090bd9e8c95aafad70b27400b1e8adfae5b79ea10f57868c02cdadb017d94409fb60965404905d4bb900fcf5bf9ea4cc73c83e6e2413587a1d3747d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
874B

MD5
b17f6ca971cb9eae6ab13cabc3179304

SHA1
628cbdf6d4ee5373f8a21605a6fd4a0f11b00d29

SHA256
a5c7aba5bf52a0ae734fe0175519bd01445320ec261c8bc3a625f9d9d6ed65e7

SHA512
218a08f51d38a3a52fb3597a6818ebb2b554034de18268b140c9ab3d99aeaa0eb3bafe81f4bc3d7b56b8280d416bc9dac06d62b26b3b215d8d3eac545e2834f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
4fe8c44a6e1b519c29d7ddfd11996006

SHA1
68ed11d26a05e6514bf8ecf0bc209403cf5495e8

SHA256
bbfcb94000a05f7457083b5fc25c6ff83922d19943d22b43cfa02411251f8bd0

SHA512
273e3f64ae29a9721ad10d6cee9d71e517926a83b8a11ac3f58a0d458683af34ffa7021bb8160a8748f2f8cc903bcb6d83cea91e7258ea7c9c0e002a7c6e99c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583ad2.TMP
Filesize
539B

MD5
6f61a6334ec5832a603a45ce3cb23ee5

SHA1
bdabb834afc0f5261d9c4dcab5021ad4ec637dda

SHA256
8e817462dcadce2a3b2e3faf342b73194f411eeedcf4ff2853b1658c989120df

SHA512
c418c4861d59729cf39227e0d4a92842627c0b524438c8e57b898add3205e4a196f20bbd96f0639ccf4c0c3c3c120051df38cd89d52d48449578823b74b95d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
\??\pipe\LOCAL\crashpad_3716_HYDSBFXWUHQQFMEI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit