hxxps://steam-card50[.]com/50

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{977F2F1B-610B-4E3C-9F49-90C613364E87}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4552	msedge.exe
4552	msedge.exe
952	msedge.exe
952	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
5964	msedge.exe
5964	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 952 wrote to memory of 3076	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 3076	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4552	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4552	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1644	952	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam-card50.com/50
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8d2246f8,0x7ffa8d224708,0x7ffa8d224718
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7265762336399890088,1578217011575292273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
06e0b03d5b01a61ad4f36561c0e158ee

SHA1
af2c4347b0084a9f3533bff89fb98b435d6bf565

SHA256
ffbc691f21cfd447ffc8461c25051dd8d76bfbd0fc10cb6ad044d933727176d7

SHA512
a5acf8680831ebd48322e7a278ef9cccf5793bf9931420a7a0e95a31c9b8a0df4d2cab3f67b88960436dc009b70451615c3cd56324c666db8b718e8ecca84fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
31KB

MD5
bece038422ccc92d498cdb88950ed3cc

SHA1
743ef43ca2a84ec9d7a3aafd7550c3e6b0b48798

SHA256
c8f101aaa8ced4bf4d49828c264536ce42759e1dbf926c0628377b4939eabfd2

SHA512
b11014d24aec1f37ddc3160a5e15c8d17a365ee603e267405d38dd1afeb7e1df357b7ada92559ddec72df7d6e291dfce3f2b792320ae2a4f14e34dc2815933da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
1.2MB

MD5
0a3849594ffb16d685f21d9dc4444069

SHA1
0ff3dbcfe68dfdf69ef5b1c6082c4f79c43cbf73

SHA256
bce0badb8987ce9a460f090570b750408d7d04999d5a2d75ec7350623bc619cb

SHA512
8d6b552b9db633fc3ac685745f605f547e600ce5a0d98e890949892a582bc1cc0695dbf2d23817a1bbe51617322c3dace19a713f33389971e474207e396c6bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
788273f42362df761debed7421bbbcdd

SHA1
2838dbfca2324c2050bdd6fcfd1f48de8e2b6056

SHA256
b1d85bff44810a0148807af6d22256b85c83e60215eaefd7f1b800485a9e753e

SHA512
1d78c71045ece5c40356be79ac8423fb98d9ed87c674af4731aa5d43ded877e35f59fe990f75ef471844f61480860f5518e7db5b6efbfc13e5292bfbf92b1fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
3020541eeaf1a28d06e426f2587e8c3f

SHA1
fd73ceff08718b80a9a5920ad5f01bcb731840f2

SHA256
cb4e1344ffd850892beca88ceb26e7f1b6f9267fc7438bd675653f4b1a393fc9

SHA512
d0546dcb277fa1f87562dd0722c16ba305ead457997193caa001e309c92cfc019c3580a6378ff79692d792e20b638fcdc6b30b5dc1377a3d7b2d09dcc27b9fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
405b406801f499aced03e55b7b199365

SHA1
653eb32c2fa1b80db417b9809e6f8dfafd04207f

SHA256
39c9b5fb7e91c45591841a8992e999674a99a5e1265545c50151f4ec32981018

SHA512
9691a281becbb8323ab80a71e30d7c0870e2d90a1e507519411d11bf4af6d5b74db8101cd89d062d1eba56da4404004353a54ff377898510fe20ff0304f240cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
207a67c99b85d55e4fbb48eb06dc2f97

SHA1
f37ca57802b1d10502aff40d99cdd8a4a51e0b59

SHA256
ae5a807dd7ba41414216722b8a987dbbb3e4d75573bb6c34df470b3616ffa17d

SHA512
0fe8453adfd35c8192be086c57aa78f2504b04ce8e059b06e486bc7500fc6056ed91bbcb9dfdd4ff45ad97b81e44fa3a1d858430c2f1e176036130b5d24ee65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
37a763032e08999fd93ea9d8a2678548

SHA1
e8412c00925d43b5a18a8d01ee7c40e726807bc4

SHA256
bb0ad1a53a5f46cb0359d8911361da8df0c445798d0160cc5d6d8457c3a42997

SHA512
8234796bbd6ce1cdc140502c4508d2bc96e721ad7e4740eb29859650ee0956700aa474007c95d8b02c33c6404493ca44e25d96f423c3358b248e2b9577ecdef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ebb0367c4666d59b8ecc3fbf0a66261

SHA1
50f48417c78694cf86afb64cc49187a09858c647

SHA256
2472b712c2fefcb1bda269732340d6fcd10090f0cc0bacadfc7efc26d9b4c4a5

SHA512
9408fa4a9270298056a2c9755d6c35673cf70611b65c907ed79ec49e8cbf8ec9a531737327c2dc09641ec23583e7bdcf111a977b2490efaa94f4db43f8b9efd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f4d89a7a6fc1de60167b0a73a7fc553

SHA1
c3ca261e3fc7fdc51b1a6e730bfe47c89e93307c

SHA256
8bf1b9a8571bc6b00b8212af2a8b60ac68e9c2823c1c8619a5fb6adf62668068

SHA512
f71da711c875c2f08bd52503edf41ba7e4955e41900eaa7d225e289158bdcc4c75984a0ccbb200ea9488fe3f729f8f0e51d1d4bf98b1cd16d2cf0181739b5d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bda45abacb085724c92176bb39542279

SHA1
f90e15e64989bd48992bf59e6cc4cb1737661451

SHA256
23a1c606592930e0868e7ff5991e16521bd414fa896476d0e64db679f1283134

SHA512
886d1ed87d4d46ad901d72d3bb976f18895371dbc9ae07f7f7df6a1d68c1f8f1e639ec9fb0bcbf075c58fd65148bbabeeb882d449da213323aa04d4654fd85e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3bcd04234c40b6ea7ab69b5d1c8deadd

SHA1
11598728babf1dd8584e110eeb35636cee894745

SHA256
ae47d045988c8e45c113ec38e7f21a178d2e43e1c3cbdef5836d227f7fe1956c

SHA512
4c7316f0479d058e66ed6e59b3d97f44e08a3465186cca4f880f48a1c159b90f2954e2ef58197274648f50eff97df27f85078cc3b23059852ecf0b9e47518239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25bce0377f879af2e79e96c8be918bb4

SHA1
960b735de5979f914c91e4a32f840111dc41c4bd

SHA256
4bf3f4f999bb4890d17699ea1c0fcb6d43b0f510a3b76b46fbb16abe52d82657

SHA512
31d741c5c16098c6c1868dd7ae978aaf5b83129a5bdbfcc485df67063665311bc7c8d9fd418c094ac6cbe2e0342831a3315198d9587db1197173bdcb438f0a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
536eefc552db8ff09564f29f634600f6

SHA1
1fa45a49e236d56bf8a513c24c7d9a35ac314c28

SHA256
65eee36cc64af430ecdeec143f8ea47fdb4532be71f0f235a91150bd1c8ce056

SHA512
2a9ffa660be1184b403b26d29db1bad5c274c92b765a75784e5f9e3d92ae3e52b4a433dee7d59148bc5dd3c532b803afaef1c298a0486c3fd5c66c7bfa16ccf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
868ec4d09aa330ef336d6a8530774251

SHA1
75129898fcae39719c2945bd270b8bdf35c2ed59

SHA256
b19dae11fc4130180b510e94f6eaa7abd895b9bc9b22e158a1b79e2246d57259

SHA512
36e59973adb12cfe6c1035b8c015f8db717672cc1d1f51f833ab9e33e826a36228732f46748ffc95a75ad802bac31533e3f69920a8a72c780df7d3907ee465ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc58.TMP

Filesize
539B

MD5
6a6903f083beafee2b5f77b86437c4e2

SHA1
f96b18589a4a0327116a9d71ef326b82fffbe62f

SHA256
129f77097c5b67de1a81925f8aab20b875f537a65003c2f151f69b67770280c9

SHA512
f67b82852ec42ef4a89c7c12b71caa60e15d636fc7c4f5f069d5af0acc958838464dee521e3ba4448b2981da1e8bb2786af3df429f9f1e1d7f59364f9eae906b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
236aad724cd5fb4938fb4021146a85fe

SHA1
5903c34c8fcfb03fcca808564b5165c8681292f7

SHA256
cd7561c0a3aba79e22560c4fed24bfe411b20c47cdf9939590a226f18b098543

SHA512
726b7056876ce771b8b3ec36c17a20f564eefa50b5dfdfa3abe84663873f88c6ed285ee2f7b9834a6d97917d1f3c274e58aa328a94cde05383fd9d6a37014eeb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_952_QXJYUENUEUCOBZZQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit