hxxps://steam50gift[.]pro/50

Analysis

max time kernel
381s
max time network
385s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam50gift.pro/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3332	msedge.exe
3332	msedge.exe
4360	msedge.exe
4360	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4360 msedge.exe
4360 msedge.exe
4360 msedge.exe
4360 msedge.exe
4360 msedge.exe
4360 msedge.exe
4360 msedge.exe
4360 msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exe

pid	process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4360 wrote to memory of 4256	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4256	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 4988	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3332	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3332	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe
PID 4360 wrote to memory of 3184	4360	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steam50gift.pro/50
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f2146f8,0x7ffa3f214708,0x7ffa3f214718
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
2⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4596 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
2⤵
PID:3020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2301019620417787247,18310228736542093696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
cd8c134dea06697e1494a2a6c8bc63ac

SHA1
25ed2dad1a5ec2dac1f80388e570370538eb96ff

SHA256
6f595d88fc438c58e3a29210053ac7330ecb718ed1812e900af9cd8c16a95a78

SHA512
b3f02fd032586b3d02d26de52a093e21557a1f35245a9a068125fadec13058a7fa65a537e11b406157e9c1b10c7572be10b390033ddd6158888eca4012354738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
b317485a2270e58d573cbc3d095046dc

SHA1
d21e5d98feaa20fb494eaec099796eed4d91a58d

SHA256
87a8d665dbd2b4ab4f7e55595aac971834549071ac4cfde928a759fab4e5e2af

SHA512
47b357ff259c4ebb6799938016d3372b0e9cbfb3f0bb2f193726420c95ffdf41eac35fb6186d6f6bb73d392bf3b363508cc0fc33f97cbd8f8aa808b9cf50eaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
920B

MD5
887f11b810700ea1a4419b6fd1e99a32

SHA1
bd46955e3021502aafdae1a916e61845a2923c7e

SHA256
b7f53579ca1add45152d99a4e6c014d8d10962901d0097033f8f42d936b9bee5

SHA512
189765104f5091b42c208f12fd8077159225582d5856cad55246f65f4bd1b76055ec2f136f741515f5be72db84f8df4ba1df2ba7d2940a756998eb82daa9a3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
920B

MD5
df82464dbab4581a719fc309a84d887a

SHA1
20b664bd80df4939fde10a0b76d240f36d4e235c

SHA256
c639e2a9462fda0ac7fdf31d889bcc2242c17f0dc53865df20044d5016e955cf

SHA512
20dbce4e5b65b2067c47d180236d5db047b98de1a73a816cce3ea2051830144e86302ce83d674d035aba5455f308ed19c145e2d4771de473cb22a11d7a6ac93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f4e7f65e620be792caee3d458f774f74

SHA1
c3b877f356ac26919be60fc133d5b178815b85db

SHA256
a3d3731b307028470743e718d0789da271a9db466a0d3fd99277fa830a7fd7e0

SHA512
1bea52a8f38c820768c6b68207395db20a1448bd179e8740538094aac628dc22d12416763a32ef724766111511a4e8a98c446b61d0dbf30657b3e9fb2f42b36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9ca90de6ada060e294d133e04132f578

SHA1
3782457f298906ba0a08bd0bf4567e047947714e

SHA256
652f8194d8927265c942f57bf345779f50e508f8ff1eb30be6038e099b964b20

SHA512
f8b9af8293cb9330aac7ac6011cb7baee95234efe47017c61e63aa1a0736784c4169865fb38cd80e203246ff26ce01842597dcc74ecceb8adbd05571ab07a537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
44c435f8a6905c409cfacb86c10e18cc

SHA1
9e56025faf2621b582aa29352b3e3b9c75a06a80

SHA256
6df21e67dd5b43933859abd342cb3a27b3f459661c26db3425082dc16de3d6da

SHA512
5def9f6a59058a7a10f7da406c48fff5e6ce0a68fa3ccbbfefd8af042467995efbc121bd1e817aa0dee08c3711cdde5a4a2ba4725ee7c07b981c538704b15789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
30e5f9ffeaacc6ed254a731aad8cf96d

SHA1
496b52b411dd6d022363ff08833af5345f18916e

SHA256
cda15364ad3d504ab34b23f7708c27bb9643ad2e4987b267f23645c0eb4bc721

SHA512
f8c2e030764d52d4438ef49772a9339e313cff9b986203fb3c026a06c584f0f0f6af8ba0151cb8c5102f646b38449db00c05e8a05c9a5b14cca078d88581dd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c38ffd30ea8c5abd4fc1426153046085

SHA1
3ff1c4a16ea9fda1b70571c8798c6afac19bd18a

SHA256
3ce399e62a8a13c2aff6dbb6a9d34218786e7306a8d0fabb480a5928f8c76d48

SHA512
3215425c4d81082269cf450f0eb275f9f8683eb3f68c8a79388b7ca49425d7aa356488f3db77353fa9c07dcb30e0b7c816493d691347c78e970a7e66bdd6e3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
cb17c5d21c06fab426b0f258ae7182d9

SHA1
38e8ae597c3801c09ada57942ad7b79794880b9a

SHA256
1128f36f7cbb38de8e5b2b6248666146fb4dcbbf11c02c1e6027ca334cf2073c

SHA512
3b6934dee85b0cf16a25b5652a213f3ef9e77a6a4e16dddfb7356ad951e34d29119684e988ad3ae7c5d197b5fd640133d23008addffa821f9ac8962f54bd24a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
874B

MD5
e8bcfe0c5815792c1d879a79c083fc1c

SHA1
33b2c39bbc8836d2b4d6b5c1b505bdba37c544de

SHA256
5b93026070c781545c8faf35492558cad0b0032a46d994ed09e4403a2eb0fba3

SHA512
29ef768d0ba1b5dbf110123decca84b8de8434751819dd15a53044134361409f403c418816d56ecb18ef1bfac2b7dad7dc4934c3dfb2e264a5751a3746c83531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cdd77.TMP
Filesize
539B

MD5
13bb7e00383222b5599e869bd05df253

SHA1
c25e3e17770c4e4d5ab9316c3e6ec26b1dacbd1a

SHA256
469dac3aa38c0b859ab19586d985e4aa5db4083d987f99a6f84ca4d21bd6d9ff

SHA512
5ba57f1bfd53c1d16c62134c8c430f1598420d62dbf301c066c4473400a50bbaa81b03293258571c0cca3aebfc29fbd2fcf27bc56b58fdb16c28cb8522c17b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c3a30e0f07213d2f74459b93d869b6a5

SHA1
518aa9ed746570eabec4389025823db8056105b4

SHA256
10e7d4bb87e63a134d45e140be4ecbc04c550ac192cb322b1ec2067163346b11

SHA512
b0bf29b4c7470c9f322bba5b3c445ba71557e80ced2702735ddd51173aadda0086035c29bc845a44b9013c19a25886a520612c23864957f59ca760d0966b2115

Download Submit
\??\pipe\LOCAL\crashpad_4360_MBROQOIXJTQAYONV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit