hxxps://steamcommuniqy[.]com/gift/28914887855

Analysis

max time kernel
109s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommuniqy.com/gift/28914887855

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1844 msedge.exe
1844 msedge.exe
1004 msedge.exe
1004 msedge.exe
3148 identity_helper.exe
3148 identity_helper.exe

pid	process
1844	msedge.exe
1844	msedge.exe
1004	msedge.exe
1004	msedge.exe
3148	identity_helper.exe
3148	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1004 wrote to memory of 2720	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 2720	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1864	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1844	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 1844	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe
PID 1004 wrote to memory of 5040	1004	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommuniqy.com/gift/28914887855
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd205a46f8,0x7ffd205a4708,0x7ffd205a4718
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
2⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
2⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
2⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
be1e1d3530d639cadcf440c5a1b05cc0

SHA1
8a2684be54c4d3da3a3bb69f1c8fa0534402c70a

SHA256
ba9c3be6aab5b3c3b89170ebb3cc6435ddcda35cd9ff35a6124d3d41b48de080

SHA512
a4be1bc1ab754617fe6e6dabf94f31398c0fb5d795617b5056212d80ad86ac192cfa7a0417eee35b2d650cb83ae6b9d137e871d64fb6a544994c11fd7a347a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ec9ad6157cc04885ae001e406299acf8

SHA1
1852790f475ff609b78af4b8e0873235ccf1ee78

SHA256
be19a9bf6641aa737ec4b41a244eca97e16cb74d598d70011a0294a905e8874e

SHA512
403fc2fe9a0812c5da9e6cfa914e2c14fd0bcb927601aed01032a1004490776e7057a9fd09683948c92e40d8d716d8e418b557cec71c57aa0d2d9447fa7e73d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
787B

MD5
8380e0561fd217ff4b9909d4c78b9b5c

SHA1
42775483349a2d2d6a5556653e99f358908b37c1

SHA256
bcf689243b3f0b6d3b43f6cda157acf3f848d7389d4bf5ece3532021e3d17d0c

SHA512
0e2241792914f66b12a35eb34246641c3a73f40aacfc846ffacb7616dbd332da9c6982679bd340ed05fdd1e99b6db67dd6f32597a47ca0e3256d343ca9f91284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
34ba251088a7b41aaf33fa189a8537eb

SHA1
b5d4877e30df0fe551b8a5d5a60253f5b9e153bf

SHA256
00f3922d44746d68ff3d59c51def70e83a28f29068efed65997ea29d9e4367fd

SHA512
8cc64f63da7d40d6d292e5c057914f2ad304cfb6ee0de055c514847a16218ff0598c25054ac3820cfe81af142253b3cc49c2037ae1c21457035221636c0e9600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
91a4999ef34da514d2f5cb230e0a32cf

SHA1
3cb19b593194c431e5d42654044a82263ef3f9b6

SHA256
4b328f1d8f49deab3e32562683e204612f401c651fd9855e8ee28cc8dc7122c0

SHA512
d9c401cfb6a4057cdc94eac68d5c7b8437856f8eea71edaf54f2f01750c5d15e287a5ddf551aa0c18aaa83a38fd849c65f7e5bd3e6c2a0e18accc6b6a6cef63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5f0686958730b9295fc7cdde4387fd1c

SHA1
8f0c8c5749c702ccc7bc18396fb8489efa7ff801

SHA256
dbdf0718e6a825f5ddaf421b7be686d8d7e24fe9657b035c3390e4328e6d8ebe

SHA512
c6c5d1f065aac487ccfac0b0e1bf3f614ff0b0c0ab2b83da245eeae50689e831fdc21eaf735d45d354426335952e6613a6e28934cab7c890a491902e5c6a7c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3ee2b81a3c7aa50874be323026ba1207

SHA1
a34aabf809b3032cc9ccabecd09b08b26e69e1ea

SHA256
9d34e5985972b18c37885b35f427727789adfcda01c49a471b943921cc71402a

SHA512
b0af47d7daf4b53b797c587e3505cb7028dffeffd472bceb8f3a8f6002e46e2e72ae8606fedf7d729ad5b179b17fb77bc72ad30ec54dcb147bebf5ca8dea2f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591255.TMP
Filesize
540B

MD5
b1e95c49463157a508f5be8f2d391662

SHA1
d2ca0e71cdd318e2c23f0c589a2994458de2bf03

SHA256
2aecea4e4e1249b5678d9e2942b999bde5834ff42089f2aeb41ecb2f26a97387

SHA512
6ff1911f037a87ac1bd58b0c34d90699f91dd9de00421b6d1b9e0e200869348bbe8f43cd84214c0a7f95ba1ae3f190fe7929544b48a6587cb4bd86fa6e0f4382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a30630b3-fde8-4a0f-aae8-95b5191f4639.tmp
Filesize
1KB

MD5
4974a88caa29056e57f8854abc8e328b

SHA1
a379a8d85538dce26d4b5f311990c3dcb68675b3

SHA256
08bf624667e27a1d289d3197e6a9460187b71d263cab18f064b1a7d101f9c1ee

SHA512
fba187b5cb855010cca71440b989874e0596e3643f959712144e77b130f8ce8ed4325f916b7babf0ede3d2c70ed86a365008664bdef227507dec03125d5232ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f384913c11b494fc4d3572830225a463

SHA1
ad5f0b23544d279f623cf26b1fecaf921c3f4525

SHA256
032bf211e0dfbb3bfe3c78082c73e67c5cdf1f9b9b6b512e20aaa21beec36682

SHA512
e78e5f4b29a3a01cf11f814efe85e7c49b417d878bfe6c6b2f20fda491503e850bedc0771263bb3e1ca18d8d44b132b57f0c9338147623bb8d4e21e7524cda7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
dbadab523af53d7fe83b43b4e352f074

SHA1
b745b0a23bacb1bda3ea10e7fede5e1fb989db38

SHA256
d886aea6827be24aa1855b6d95d08fd8bfce72814a8682976c63011808990408

SHA512
32827938f86f82cf1a4078d1b6ef5efb22429818c0078c665a71958957546630da73e01e8b91cc1852729c16b1dfadf5fc305b6b185248e2df607b3ae40901bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1004_IUPGWEVSDEGQSSWJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit