hxxp://steamcommumnuttlly[.]com/gift/actlvation=Mor85Fhn6w5

Analysis

max time kernel
42s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommumnuttlly.com/gift/actlvation=Mor85Fhn6w5

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4284 msedge.exe
4284 msedge.exe
1328 msedge.exe
1328 msedge.exe
3900 identity_helper.exe
3900 identity_helper.exe

pid	process
4284	msedge.exe
4284	msedge.exe
1328	msedge.exe
1328	msedge.exe
3900	identity_helper.exe
3900	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe
1328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1328 wrote to memory of 2700	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2700	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 432	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 4284	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 4284	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe
PID 1328 wrote to memory of 2412	1328	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steamcommumnuttlly.com/gift/actlvation=Mor85Fhn6w5
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c2a946f8,0x7ff8c2a94708,0x7ff8c2a94718
2⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14724920218821701744,6076004016527170507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
36KB

MD5
c5e39337f681f1c40f0efa29366109b6

SHA1
3df6cdfb2a6ef5d2e0b0b2832154986629dc3e70

SHA256
70707407660a3f4361c5b197db2be83f96fe74e2f1f95f0753e985ee30b7b84e

SHA512
f73d25aa88d2ff3bdfc4d569d20c327883b16600f76410c883e07eba51715cc65d8983cebfb681f2a0c6f888394749f9975ecbf5c9af428ec5f3e433874d6534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
36KB

MD5
47d88f0e30322831ac51429e321af624

SHA1
0a3a50ae8c9d61a6d96b872f91b4694187be0bcb

SHA256
ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c

SHA512
416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf9631caed05a4bb0a7bb4092cb60d4a

SHA1
d21d9464440ec5cadfebd7a8f46f68679fa19b78

SHA256
4e5e4c1e24c68072d85119162edce39814d0d13c01e4950a982c34b9fc9b0eca

SHA512
7afda605bc0ae433be343ed32d4f94c1958f3d1b617fec8fa4e1b4325ce4da931c0bcdf56a15c97805da1267a4eab6101b9763902d62fea802d1affd9fabbd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc4e4713d0919f935456ebee4c8e0135

SHA1
36837a1c5eb16c18033c2cc77d450f31bb1c9ebf

SHA256
c61a4f33cbca13e7e02465a885ca50141e7d4340916dc777193b79a2cec898a0

SHA512
0ade21edd6251e6657e9441b478b51cbd1de7744dde31391d3431c38ad737cd8c0763dcfcac776e0c050bbd81bb48e4307ad3c0725751ec5a736fded0b91316b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48cb0ed8ebbd068687dcb15ad911623f

SHA1
9a3e29ec2b226df9903f36dec7901432d5d7de63

SHA256
9a1f82cefa19e500fa8e6b20649eb6a6d59dc34b299e247edbf797b61fbe587b

SHA512
5e02b05adb604e2fa8d30f7e2bfc45e92d992ef5af7b5353969ef8077075436b1e6f39b32ecf07abcef3a81ad2521d9fceb4cb186360d2c17a1db1b1644ef13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef73a90a41b9608ea81ca1d9cdbe99ac

SHA1
7017329f5dac87586877f8da311d3d9e650f352d

SHA256
a0f61fea520683637328c3ad7a2ec2175861aee014404ef691de2cae22861a83

SHA512
01789c35ef002aaec497968389d3eb6d00f843b667b3ebb11e55c16588ac186fb1d8db131718eb8ff5cc159c9bd2c1c53674b53b59009ecd7895dbc85f6c3acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
d431ba9cad771bb0146260b4eb17892e

SHA1
f986db4695db9077147f2245abf81296ca4190b3

SHA256
b9552e798e767ed839a5e64063986a3cf9453f90527d475a3fc8088bbb6cb599

SHA512
c0f6eeb2ae73d68f3d1705e5a3904c6e4420151ab854d0f6fa2bd92d2d69ca83673fa2e79fc23c36d04f836b454ec5c9afecb5349744c34192887b49cb5521b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
7948132ffa62dc686f6fdfe5450bbdbc

SHA1
bc88a6a2a44bbdc0d2cf846590c38e207c176dce

SHA256
e535df37c16867d3c8743bca939611cb78c03f91631361ebfe528f7d11f3c61b

SHA512
fdbb1576fe1b3fc10b0b4aea4077542910538bce822ddf8399464f459093de97e2b325cfff32919c4f7a74b7703af11c5926e3305fc9c2bdc177c96c7c28e5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f702.TMP

Filesize
540B

MD5
08fffe03a62ad34ea78466c181cb77a0

SHA1
994d3b2a6e82e7e0b2e33d95b7ccc7f441665b11

SHA256
9cdc32eb6ed16c53a3d88bc120e4c0f4859d4291983d5fee2b9c901b14c9102b

SHA512
92e71580618d0755e99609dfa4eb0db926341d1b6ed15a0e09ebd3bc7f9449bd25664227326c2a305c2d47c351ec90d03de14fd239c01ad6514dd5bf22453ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a55160f64c8a3bc2ad269575bc113715

SHA1
ab97de74424b24de7a942730854fbfe71b3cb535

SHA256
39d04ed5e6d9955a99e452027070091112ce92c47888eb0c3a02f6e7e7855d4a

SHA512
72173d0e22dc585046e6c9fb5ceaba3e9b1975d5a3f52ad08631a7e1d64bacf0137a2ecff4adff73e51444773d757570476f93f5d4faf62880a3243ce00cc130

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
aa6cf4344e6c24f1f9dc86c475988a2e

SHA1
22eee9803505755b8eaf07e1a0c1d70c2c3965db

SHA256
a9ea7ca351c5bd5978dd2e1238bb1afbd378f83981d0bcc17100ea7e69eacf74

SHA512
ee3fff0019742509ae270dee1466847404d60ae5ee893c90a3ee6eadc24c6bc6174ab874f8168fbf558ee055ab7c921b8e1455fa1c59df1a87d9fa9d68c25157

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4229296bd72992e4757a71bbc1333149

SHA1
56780246186beda65e7c180da039c9622ff66f94

SHA256
5a223195aee43e35c457533a8d1c77b81c3434af9f12e8e58eaf312cd04e8691

SHA512
4ca27e76d0b84e52342dc4ce4d54f426923b28c10a6dc32b610c26e0bbc30623a8af97b7342747715336b810bb0e51303ff46215f42b2eaa4ed6771bd86e11e8

Download Submit
\??\pipe\LOCAL\crashpad_1328_CNQAQFTANBIJYBMB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit