hxxps://steamcommuuty[.]com/gift/activation/feor37569hF1hdr

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommuuty.com/gift/activation/feor37569hF1hdr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084619521-2220719027-1909462854-1000\{1F1AF709-D991-4026-B7C8-D13E00E24788}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2116	msedge.exe
2116	msedge.exe
3716	msedge.exe
3716	msedge.exe
644	identity_helper.exe
644	identity_helper.exe
460	msedge.exe
460	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3716 wrote to memory of 3612	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 3612	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2020	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2116	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 2116	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe
PID 3716 wrote to memory of 4000	3716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommuuty.com/gift/activation/feor37569hF1hdr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff9142646f8,0x7ff914264708,0x7ff914264718
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
2⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2984 /prefetch:8
2⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5940 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
2⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3379859991806734307,13631939621362872077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6620 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
a9e1a4ada2d5096df6d5fe10182c476b

SHA1
e0f7406e98191e1c212fa9e1f7c339f62f76483d

SHA256
1db95e2515dce3de8719a5c65bfab447afdad79eecd5379df2582af1562d3661

SHA512
88f342519138cfdc3315b4975e7f78a5c603ffc843243c582267aa77844693d2d5b35277226d8499c63bbf4aee8ee90cd5c48914a4228d420378802518f27a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
3849e2dd4914ee83db68a90b429ebc3f

SHA1
9c53f6e00e4bcd33384e3082d06f377471ccee44

SHA256
da239492b9511a1aa5ae8b56e18a40ac197a3ea88b145089f94e1e0e626f3d32

SHA512
7994f51414bb783807bc09d4de1875c8436f6c08a3c01e4d541803e763af438ec851423a2e0b11f37fc87cd45d59449d28574e31784a0da9bd8ff080d394d3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
541B

MD5
cb395b642efceea51ecb49b62d912dd7

SHA1
2407f3d32af98a85c737d4d97f20b896c749c006

SHA256
ee7d20cad5761367490b9ebb86e6a75cc2469bbaac52eb0833d36551e97e8d4a

SHA512
562bb5d2b52e5b0a5c3de510883432a8c6f74cf3749b147d74160a702950cd1100d52df37df8f1194efc5b762a36186228a5ad4a9786a46fdd626925ce281336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
16a351895fbaab3a3a4742c5aff13cee

SHA1
4532fbead21201b83e3c72640bd27ebeafc07e59

SHA256
cb76c753a3d4f56223eeef9149cb796c9d0590279f92f48641fe44f09ecc7e28

SHA512
2ddb7a9c842c24845a2a6041c3470e8cbc930bb47c4a07ffdcb646d9b039cf2dde69ee0384fca4e8ca6074fd6f6d2a4cd87fb14d5889cd7e2e27af8779873579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
46f9320d19a2fbc41e7a475666961952

SHA1
01bead0feff82014e2ec975180e2a32f23785838

SHA256
0fffe4cb1fe6266680e51d27b6149e65cd8e06b3c3172cf7eeda65c2d4ac68a9

SHA512
5819ec088daf26c0f85adc2c0fbd0b879bb2c8039d0180be7069682fd8700540c1f235bd938943d3a1a2e877996177132b5118b1d514d8ddf23506a1109fdffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9418a353875476b6c00a0902c49d7185

SHA1
43b62bd433674479f51f76b8d2096b0b0f9da899

SHA256
b1f749d0abf6e5e48bf8c108e426d42fd4b7a9d5cc8c98933a73a386d1a574a8

SHA512
1ff57831ee44088dcf3a7deb3d45224502c8febdfb5d1431de33a3add65270545acc92af345713c43b9fe1dfd98d27511582829c7585c4a2949ecadbbc5edbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4154d70594432cf62c81f269688888a1

SHA1
75dcf3d89a8be6ba4ab4fde6c7506517e98b628b

SHA256
78b2d8bc9c7e553defd49965cc2013b7051f38c0698374b014884fd9ffd85795

SHA512
cd78063ff48a0db0b9bbc2e8af63bd2a89f3d55c63da0e95de73ead29084d567e184632c91c03f77d62f52ddf3308e3351718d2adfcc497a19ffa8cf619dbfad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5c31df7adf99f6006d920793e5154321

SHA1
4f0b20ea117164bf87320b220520539ed598cce3

SHA256
17bcb8d5595582673e0f93e4fafafa762a57ed3da1abf9a4ffd788d51c8d3595

SHA512
475b36e5f0777e6ac0ef18e85c9d09ee7e470bdca7c708a6499ac31c782438d2538d0fd75d89e01e69dc37e095410a70d33f8ae01996b1ffdbf7725e6868f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1e60fcd1bd40b8e79ad0d67bbb89e277

SHA1
f2ff2d424015692eaf7fa69303691e0ddf4e62f7

SHA256
92d73278962a5d656a75446670249e9762c5668278a67a46d6838e08f4862f7b

SHA512
80cfb87de23e0a1a697d708da7f2ca6d858ba025b67efa22fc3e883718539db0de60c788f33fe975ce61ddb560a0272ddc7d7ff5034031bc3a375cb9ffeeb4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9c8b91dfcb34d749cf69261db528177c

SHA1
2514e6057d58a2f54bc54d0876218f1a2fd51856

SHA256
b7c238a92b1e18b887062777217ff386d47092aaac2523984bfbe5014356c91e

SHA512
8556e7c63f6432fb6c112433592551d81209905164c4946560bd1919c6698ac006810a1901c71dff8e67f319c07b1ba7fd602251c6e3c66e103b78d6d07ff3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
127e1b0e51e4a7627f407419341b1046

SHA1
4e93545f0aafbe4881d1ad12466f73bfea19c25f

SHA256
0e08e91b94ca431ecbc5a0a69bf6d0b827fd4b321230a7054d521cb570a7e7ea

SHA512
dc72c6ed4623021f18bcb8fe7919853bd04e2a16d7e20016c92cc37e568edee1fcbc21f97a6a699351fb92b45608934d117136e2b1a7f71ae455d269bc9c7922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ad8e0a8cf19b4dc2628102b4ffb19110

SHA1
e501e496f180020a4688184045c393e4c1086569

SHA256
1d995a56f394818c5400a1442190e21777367e11bc60e335f12875959eed783e

SHA512
2b1b8779d6ca623a70fcd61078a37d7ae12132f6af7b462648fec9ed218facaf7a35c1343a2c62bb9137ffd942a605a1deca68304c8f2c73b3061d2658ae6402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
62695a36c6120847c7376a06a7ce94e0

SHA1
3630c3d41b1bee9137ba7ef4d6b8f839554e14ed

SHA256
b1f487ca941173d4d05a04c45face0deb7c4df4715b9b52e3d9ad5db661027fc

SHA512
35b49ed27fae769366b7c99f7316ebd04d6ae8ee8ebd05071ed08546952f96b1056824f9c0e5320a03b3e5fdf767fe6955681b7c25cb9a3a72970001b75c7d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5293d5ce7a63410db767906494e33db3

SHA1
8dd07d28af33e5dad2d80eb512dd1e90e55d979a

SHA256
da796da86f6144d969d6d0792ca84804b9847596886b61d0f8564ee47dad5e6a

SHA512
10526a45a6af91a84d9ee542c0a5beb411853e3b29ae1719897e15ed5547e4a79c00fc3e245de9c07c85bc5d20e2a88256df9e576ed31dd4942ad8b756a758d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585956.TMP
Filesize
539B

MD5
b7ff9c6b32c2a7ea98bd449eff5d2e5d

SHA1
b14e4a6b224cd3037e4b815e5033e167bd97617c

SHA256
67a636130af40e9e05a8e5be7603fff7c0973a1ec3b14ec4be8c68d83e40f9ac

SHA512
05d6678a71a240a77448dd9cdd6f4c30534fd47028fba1b3fe286f74dcfac4ed26a8a58b49217e5319099891a64c3a72c5aa040fee08b4d71e150dbf085b6959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5fabb52616aa0cd2cc3b41ce6791b128

SHA1
7425f89f1ea425c6f52392f8a6980d1c06c27e37

SHA256
1accae5fe1202e72072c798da7bc98c697b3389abd3be3caf9a5a3a2002afbc8

SHA512
3bf28296deded0a50e61a3ded2e0fc80134726e125f66fa997e34afd47b7768d0a43aaae93e6e53e05512036a0b583ad6e4eee6b046473103ae4de0106d7dc78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3716_XVHATHFQMLBRGNAI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit