hxxps://steamunlocked[.]net/96507-changed-free-download/

Analysis

max time kernel
410s
max time network
414s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamunlocked.net/96507-changed-free-download/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
2916	msedge.exe
2916	msedge.exe
4976	identity_helper.exe
4976	identity_helper.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5240	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3368	game.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1092	2916	msedge.exe	82
PID 2916 wrote to memory of 1092	2916	msedge.exe	82
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 4244	2916	msedge.exe	83
PID 2916 wrote to memory of 744	2916	msedge.exe	84
PID 2916 wrote to memory of 744	2916	msedge.exe	84
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85
PID 2916 wrote to memory of 2708	2916	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/96507-changed-free-download/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c4718
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,6024178224152126140,169787617339627680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5264

C:\Users\Admin\Downloads\Changed.v01.02.2021 (1)\Changed.v01.02.2021\Changed\steamclient_loader.exe
"C:\Users\Admin\Downloads\Changed.v01.02.2021 (1)\Changed.v01.02.2021\Changed\steamclient_loader.exe"
1⤵
PID:3444
- C:\Users\Admin\Downloads\Changed.v01.02.2021 (1)\Changed.v01.02.2021\Changed\steamapps\common\changed\game.exe
  "steamapps\common\changed\game.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x4a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
83KB

MD5
95ad70b0720495f26f4b7dc7aa152c13

SHA1
d325d177460b579980d6b36a4da2defbc709d6ce

SHA256
7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc

SHA512
ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
7.0MB

MD5
677ece28077f1e493947a4458f3b90bc

SHA1
9e0f7606064f1a01f6ef55d3244fb2b9d25ff75b

SHA256
75f246392d863972371080e1d9313f72a05032b5c7cd1b357624746f508cb71c

SHA512
1f5d88f023f331671e0fdb941cc57d78a1d350add269a6c53af08dea8fd8a1f7486cffe88071f0c42a403d018da8083f3063c99b10f39b459bb5c0224a17aa44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
624B

MD5
a550902e5eacb96684f0a2dc3721434e

SHA1
1ab3c15d1feb10abfd752147d4bed1ee8215754c

SHA256
eb2222bdd5685df790c866bfde1036eb4f848dfea6a8310cb761c781c80be9b4

SHA512
b18e972fc4976e866b2c1ec929b337b7b780e55419f34635f4dde8cac43dfb5c1ab0390724c0e3d3f96540a609613b13d20d14acf7f5874828cc29fc5b06896f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9b0d7cebb79364f3ba0cdecfd4f8f46a

SHA1
06f0dfcdc665fddd21afb71d5de1503259036ad7

SHA256
bf29038c2f3dfd900ba849ca4065aaaa7fade8417ac37649f20efcac5bbabd10

SHA512
7a3319790d133dd88f7f622b4a7846a2fb47e462cea4df2addf8ab087a2852da274e9ea824f363171bad69f8a2b55e780fd2a27fb1784d1255e270f50437ae0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
c02276ecbf869881c91d3b9d258a8b6f

SHA1
15d8700422ae0e43026e4c84d48c5c750edd883f

SHA256
ebb0ec3d35867eec212fb09628e558700b42dc23e29c89c2ce5c32cbdd144195

SHA512
bcc0c80d497b3bce79d5e5e31307205ec085e05ce324b240c7f5d6c65a62fc0559777762595e1eb900038e8ff77de2dae64f2cb88a20107f4add089bb16c95bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b71776fcb875127f14b2752ffd33e317

SHA1
40165894de13e342398a38fc5e8194666142c543

SHA256
7b24f834d9163a412f12ac474f30fa0b13312b8397453ea9fdee0e93b70837e2

SHA512
6cea3306700e304f840e5c0aced3aec3f8dbccf1d7e03b94ecde55d9069658ef5b220376a7a4856416f98b75ede9492b3c55ab1684aae49804948cef86c3ebc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
79df66cc13cb59f5ae2f6303999e0d8f

SHA1
4f94dab756173506993627b74c810d4a0a2c0b2c

SHA256
1018e499236a4c824139369ae0fc74bdec3f05ea1b14f56cf0acd33fc9d9156e

SHA512
cbeef03d9a9df01a2c71bd24cb204f40dea94e026c2caf810b8f02fd37bd6c1d96cb4e0a1dac4d6b955058cb6ae9771a44d2d3c42c7c96a2180c38c8b604218e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33fca5e146d906c684395ba72a0cb861

SHA1
5e51d511fddcc74e7dedbed4e4c15867412bde52

SHA256
6e7d444339fb502d7ce5eb8084351ac011c293cf409f3f7dda22d56252222e46

SHA512
201db3f30cf38f3915feffcccb900332b0fe961289542c50ca796baa99da32f509ce49190daf248489e02e13960cee11e0985de63364b871a4175e73759c39d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e672d3027e03e09bf54fd4bbfcd59858

SHA1
22f71d547c893d6257aa0e9dfd673e617f8f9c16

SHA256
a7025e44923bee7d3bf80b5b4d4efa3eb54e0b3163e391ab83862b3b5b020d01

SHA512
6582457268e8c40d4286670f97dfe19e1bfd9797bda39dfcbd76785732846e5ece72c9975678fadc603885bce8425e89cc0f3e64f4bcfc8c7b5345c4a005b066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0592a02451eb5b80a63b24d42070cf39

SHA1
ddf2ab295fb322f4caa522818326b7f348ed9d81

SHA256
cbdc64e44fc9cd9d675b1d91755e86135be17126a3d30ef8c66b808a2c7ede73

SHA512
bad9e00c7770dd7a47eafc6df99c894f86b6fb449e9cf0120616c37bd33e0a2757dac41c958d594727f3e97b900018d7eb714ea6f46f831bd9da2636203c535b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b21aaed4a463a31a9e6393d0eae6c1a9

SHA1
4444dfc9364b0ddf939fed82203acfbbfa32cf00

SHA256
84076eced65b5292677249c1120c1160b6a6d322beb1ee72d81e505f23dd7187

SHA512
a0190410c0086195fc603b37c2ef18e1a91ba25afc9702aed743bccf1e1e52c84d7894bcf42aef20c6c04e1b315b9cb876be4f146f794d25436e0fac98981aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8eae63a46d404fb3cd406795f0dcd8de

SHA1
e6fc2e4552561867564f37a5eb0ee278bc267830

SHA256
b6ff0dca36e56b5a6a44de753b1aa21714d099e3b9f07aca87dc6b32c8f5a3e4

SHA512
90638d6a373648db6619ff291c45702b90c723309180c876f323aa7dc4bd2a08f89aaf20bf354d6603ecc8bfe586b8884934f972404bfd60e85a46f42255effc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586c61.TMP

Filesize
48B

MD5
ccaad4ec4a6f29f4a076f19c191beb19

SHA1
94499f056084ed84cb39e6bfc641f6ede48eb25b

SHA256
5846cb4bd60ad16c1b37dc5b9cf08b603f2ae1c855a9b4f6edb319f96dd334af

SHA512
1ad7e370cf147bc4e3da584d2f2a135d7c22369a5a02715756d579e5b8f065a04fcbf120e4f6ccb9f45ef026ac2ea59482e65371272cfbdfa8fb981b9246ef25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bbcd72277ec060bea325ca1eeb506b28

SHA1
01571bd0424307e2299f9112a4a4fc37b56b8172

SHA256
45172856cd2bc2762f4be8673f7eca4e658ba9aa65be35ae41dbcbce1872d578

SHA512
ae13c5e87d2c1b37edfb2a22a83cf74671d8b82b614b2588374dd8e6cb5c2ce108ec5686d032a28c4dba25fd731e710954ced2af9055b4f6708fe2e07f65af34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f9fcc862147ebfe25c48f8e35c6ca74f

SHA1
e2fbff642b32882406ef1060c83fd573bc9d5a07

SHA256
7bfdc49a6edc2874f81c989feba36802b830fec16f7fca9ee0a61d34fbb638b1

SHA512
abc12fffff8a61d22be7e9c7d387defebadf5dabdfaf107a69de9feba0cb75b262acdcee2b6bff2a21f95349205f490e220ee184a1910f54084019c19f3dd2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d43.TMP

Filesize
872B

MD5
5cb4999b447730ed0e2fb8e8d1573cb0

SHA1
24f7cb0f84cea1e4219a3948aff4cf370084180b

SHA256
7fcc4dbe5cb8854d932ac3b1ca53791f82736991bbd127109d37c0121e421c81

SHA512
b775053f52e4d0b804174aceb015a311ad2cea8d93f7d20a7b3826d8fff447c402befd9481673b1918ddb2c520e6a34d90ccd8e7cabbf0bc7d7c553c45e9c053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ccee13841647d24748fbb090b786319

SHA1
6debd50624f985ad3b37cfe65e5daca7cb5c3b57

SHA256
6ca7a4a1953dc35228347d0e344a8373e483ec030d7a7d7a8271d2e06e2dd495

SHA512
ce5433b5062eb1efff3c1e70b5ba591eaf9dcb86639f0651f361ce3b9baa567adf657da4dcc5eef7be7f51f9f18fe734529ebe8913bb810baa363ecc3cad6e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
08268b1425788069f0b625da708e0423

SHA1
ea80596f07df4921485ba4bb5b3a054ebe0b58e6

SHA256
1c48c9fa73c2c27a3f9c8c055a265e6bd1d713649e98c657bdede539c4a97697

SHA512
b60cda0713b17fc57063cb3e70c121378462fb0f914bc7261fa4f91a75bcf79d31067683e8ab5427e5c1194462d1ef04ad28844b417012c77cd851fbae9cbb46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b26276f3158e8b38db27c2c1d1b781b9

SHA1
40ef76d741af0ddd8a04f535f56a915e4dcd19bd

SHA256
0fdf98d506a6e537c2bd6b814f42f2ef10b29d6490e79e6cfa95a39c448821f8

SHA512
4587d14bd15e24013795298170cb95ec8982b380cbb36dc80d2b65fd4093001c3cb1afe01a3a112f52091c8b2440b64c37dde12d41a2a32675e84ac456ac2126

Download Submit
memory/3368-412-0x000000006CF70000-0x000000006CF80000-memory.dmp

Filesize
64KB

Download
memory/3368-415-0x000000006CF70000-0x000000006CF80000-memory.dmp

Filesize
64KB

Download
memory/3368-416-0x000000006CF70000-0x000000006CF80000-memory.dmp

Filesize
64KB

Download