hxxps://gift-steameng[.]org/promo7098

Analysis

max time kernel
57s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gift-steameng.org/promo7098

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4624 msedge.exe
4624 msedge.exe
3592 msedge.exe
3592 msedge.exe
508 identity_helper.exe
508 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe
3592 msedge.exe

pid	process
4624	msedge.exe
4624	msedge.exe
3592	msedge.exe
3592	msedge.exe
508	identity_helper.exe
508	identity_helper.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

msedge.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3592 wrote to memory of 1604	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1604	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4268	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4624	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4624	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 1860	3592	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gift-steameng.org/promo7098
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa805546f8,0x7ffa80554708,0x7ffa80554718
2⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15244261657521607429,9834195462102767900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
2⤵
PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
151KB

MD5
b127dafd4e27a45cf670ecad1a7f63ca

SHA1
aaf223ffd3e4e71d66eb7198296dba85c319bf7d

SHA256
7c03e521a7e63a3f5448a2ed81ba04f8f17499e631dd53b9feacaac05e834448

SHA512
97579220a700f57d21ef7e938358317e324ce82a50de4e132e9a40b2fac9da774e6798c443dc8b63e7bb809f3a0c272c4405468051b257c156506cdef5d5de8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
115KB

MD5
7182625f91e5926f67ee82aa9c27b913

SHA1
76d855e5571beb6db20d6b9d91b4806b8fcf4f1a

SHA256
9aefe44dc5853ad583503ccf23e7af036974b4622b8a5c96cac91722b2c2d937

SHA512
3f3b80db28c23a061df4da9f5c8374e0703541a66c355fdb61e4f35586a627a7adab2627c9c2ce39c97a09c3c31fc4dcd97f2e6cc3150f45f24902c68a7aebfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
121KB

MD5
48b805d8fa321668db4ce8dfd96db5b9

SHA1
e0ded2606559c8100ef544c1f1c704e878a29b92

SHA256
9a75f8cc40bbe9c9499e7b2d3bab98a447685a361489357a111479517005c954

SHA512
95da761ca3f99f7808a0148cfa2416b8c03d90859bff65b396061ada5a4394fb50e2a4b82986caab07bc1fcd73980fe9b08e804b3ce897762a17d2e44935076d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
32KB

MD5
764b17e1da6963ebc217a49b77a91522

SHA1
0684a8b6fe9eaf83dc0712902ac5c9721f7e0a42

SHA256
a59657d4f7db10fefd0c0812bc93e00fa5bb4469b7ab55cebd41a0a9961f8e44

SHA512
c056727c4a1cef069a45e030e55784c46251d3aadbedbf058b8941ff856496a7fe0eef174750d063247fe7fbad1932732c0ae06d788489f09c81a08ca287fd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
6a00b55b67d98b779db729ef2508fb8a

SHA1
250ca434c389b1e085fa08d266bc3627c3a881ff

SHA256
67376dba5e9e23facaac150cb56b48111a6725dd48c12b3b6502cc038dace859

SHA512
1161ef5a2bb8a7c18cb3fb0ca4b30c3ba71cf9def879845b11c9739019455a89faa0c497725ad98c0f4c58178a9920b96c3a97998593a48fcf11190412eb311f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
cb31221225789fec0ae061e0d96881d7

SHA1
f170791536e1e826d9e33852a969a6b6ea61597f

SHA256
639d9c3b76d014c119b014fa710d15b7707c1f1aef9617eba9afe4e8bfe08b08

SHA512
c3068c199fbb7401c37366b652b5ac1a37d54e9b9d4cc40e5a3775cf35550a7b66560d5b3d0ffceddb4d4323e84beef78a9ba8bedbfb4c48cae8aa0b1d347034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
791B

MD5
1d112c54bb432cb714425cb67a8c8593

SHA1
f0021a4ee127afd4dc31a12353bb5fac02b6419b

SHA256
bd7d5de098309131571797405bfc3360b8530ca0536292aec6ae77a0a2b4ec05

SHA512
ac83651afa51554f97f4a7b81f4822146c2897cea1d605de1bb1e1c96bc52e085e9e5e93e0163fcd58b9bd31ada7e391f5b4d84781fd400e36d84757224e903b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1a26ac89bda5d0f4dd6e3eab8bbac5ef

SHA1
60d527b44dbc226cb2f0b7ca9f59b86f5b8322d5

SHA256
3dd658e8576fbed6aa213ea7cb7e0400f08bf268f5988a9f9bf513264c81f497

SHA512
6057baa1265b1a264796c022615d7deb0f09287d43f6aa258dd0bd51bd1692f8e5a6187f3c35a4b36b510a425ff0c0805909180971b3921ce54f55c7b4939817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cb77ba6af2283cb0d5c6dadec6f5ab8f

SHA1
0d7e9dcd2b3a4fae9915f8d73052be4c442a4113

SHA256
6ca281a65842caf98253758c4ba372eeaaf7ca2f9ab7ed32a6c6fd6e95aa830f

SHA512
9d06f94ff57b8107c371d5692510e39fa2ad3a215526828545af7e5cd16aa5d7912ce8a86e96a21e396254728d1f3494d3816e211bc4ac6938ba0733d7f6ca11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c4bb7cfb5b526c4c1b8a97a263882ee4

SHA1
f7b9581ebebef6e37a31205edda7037734c157b7

SHA256
aa7389ef9f7c28f4da2fccc931658318c393f3f7c4a718481764b1c36c9875d2

SHA512
91d38458fb019695c28a0d7f9cc8d8ef2674500fa61021f1498cf4595d3bd4f30830daeefeacbc0220a3d160107cf3438465e7ecdf132b595e02c00a2da4ab3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2363d0bb29d027db66c3dea56d5e7304

SHA1
b9e11eb74318bc42e79064a80d59590229544c7f

SHA256
d84a4776d3ae03795da0f53cca3d79c8ef83ebe6bfdcc7fa094c060d4940a7a1

SHA512
f950b182d0f8a0f446fc2a9259cdaa4369ea0fb91b1a62b23fbb4ddbd30d637cbf5d3ca57ad18dd013542374a9e53d9f250e771b74bdcd43bcd009b921a2ca39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4c95138893dc6aa70a66f1e05bdc3baa

SHA1
f22599fe98a0f391d9830a42497e1f2a283bb863

SHA256
3a90e7e6804010a8ddc1872d5c009defe3461cee8cc6a8b5c5d38249c174b638

SHA512
3075d86d91cfb64335550813d4c2513351590af9a64f58723b820a55e150a7672090ad3792784f0b52c85f5bca9d99fd276f370d60c7a5e56c18ddf9806c29b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b91958ffaf0bdf176685bcdbb10ee416

SHA1
09b8dfaafa85db9b7a671d0cc94c62c68254036a

SHA256
78bc7acf4cfb9f5eb6d56601cccba4b8dfc0e37c94be82c7ffa21cffe7e48c85

SHA512
8937a08a9082050a546a12274e3baefc81ac98085050229911be8431e85efedba79e1f4a37ea02a67134beb097e01128a129cceae59afa371a8a492164d0a8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
d2cf31d6a7a32e0d1996dc2d86c5cf93

SHA1
9206ba852593c791fcccf45091706bd6d4d58f2f

SHA256
16340be7a6ad793d390538137eb308156323c619231ee2d611f8df2820b5f337

SHA512
b27c3bd5d5070b451c674b196497e59c763de50bcd2942bc2a4db9e7b1345e6cae3f16182478f7f82b1099c4e082025371188aaf7087a97b02d5eec4da15e54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd8f.TMP
Filesize
540B

MD5
622134680cc4e1aab7bdc06e543e8d1f

SHA1
1958ae4e13da6fa8af9b9eed914c6a958d1d454c

SHA256
562cfc0b1535146c16024e3a18f7b189d26f3eccd581ceaf28c7c5fad409e0c1

SHA512
a1c8ca532cf59e00c5c96d159160ff0ab3850e23f3ac06a557dde983f840a667acb5ad07036623ef7ab5b654c8488bc306e1b329265adee9fa29f9fff8223ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
94b1e62c0cd8d4f37cd4f090c1660bcf

SHA1
15d4c815a945b6c9357d41d671c9aa71557d9f19

SHA256
15eaf7e5bbb4202ea2f25f717f6398e09883802856e8795362dea0dfc3d2f952

SHA512
2350ede950bd7b5e5a2fea288d988562a2b0c0ef8afb50f136c2dca835a28e785af69fb288dcbae2c048b465847efb99eb1cbedfa97b11213fa83686c9d1e9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9ba42675d5e203b941744b3c76243bfb

SHA1
76d35ee8b3dbd7deb1feccf720634f4f591abeee

SHA256
7027ac541539b8300b5614801f0c9a7d89b074133708162696d40eb3c9061477

SHA512
0fce3bbfb64ffee67897abbdb1ff8b5019e3f9eb85d2721898a68f189981b2b2be5a70650bed7524ad3e2fb9cd15de6e618d77dfcdd42d2d4d673ed461a97196

Download Submit
\??\pipe\LOCAL\crashpad_3592_BYLUNYBNILRGFGNM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit