hxxp://htpps[://]playthehiddenones[.]com/

Analysis

max time kernel
112s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://htpps://playthehiddenones.com/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3396	msedge.exe
3396	msedge.exe
3292	msedge.exe
3292	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe
3292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 4268	3292	msedge.exe	83
PID 3292 wrote to memory of 4268	3292	msedge.exe	83
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 4928	3292	msedge.exe	84
PID 3292 wrote to memory of 3396	3292	msedge.exe	85
PID 3292 wrote to memory of 3396	3292	msedge.exe	85
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86
PID 3292 wrote to memory of 3992	3292	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://htpps://playthehiddenones.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8568146f8,0x7ff856814708,0x7ff856814718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14639407786625448247,11410592178690735223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4f8
1⤵
PID:3832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4d7976a0471db87f30fff15232226409

SHA1
8a00a4be63b038388cb1607920d3938dd3c8720d

SHA256
5927612e193b8bc4b2008d128530f0772299847965a979f821c97211223a37d8

SHA512
43f6a49d28bcf8ad16fc5b2a5adf678c35ff6ba9bd40014575d9dca407cc9089a4b97c3ccf3b0e166b6a8eb6d3b81c19dd9ba926880785a37512ad2f9291a156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6bfe21e2578372c7c21d4fe7375ef395

SHA1
6df072c773d07500477bbf151345e80e21bf971c

SHA256
41fb42e3aacafebb35d8e33da572c0fc05bf71c55565ad205bd40e546639dd70

SHA512
70af228c8fbef057d566a9bbcd3d54e4730cdf4654f046bfe91820e455ad17282ba21b1f2aef71f86ac1bc56f2baf240e382555cf657a9a02e7df012b19c82b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
74695b1e95e2a85d1de293e92ab15ec7

SHA1
7a6d15b0a892785b3ab44159f91526ae384e5be9

SHA256
5305324ad2ac996fd57b624e63136355df5e27499613d2352b452e0d521b287a

SHA512
c88d54aef754c343a9b5dc263be925a86738c6722fb372fd716f9b685503c8829729baa83dac733d8789321315ddc1a7d444648ec33d75b6f5adb602d8580677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f8d1e110631ad6855685cec3342766b

SHA1
8e898b16145cdd767c34d890d61cfde5200aa66b

SHA256
1a5d2c619cc90d176ec493f3b832f003f5b6a5bf97e5264e8d621d9784b0e65a

SHA512
b82e4d6c3bc2d0f8192bdfb99f8802df0dba8c7e4cbcf02b6b1e1b515f0896f331e569f9617f21181e4d15a499d290354e9fda1a1f2549260e27f10e2592c1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
012a8617a087ba5dc71f85d849eb2dcc

SHA1
72a1eefa84763ae9dc8d713264d20a1578b044f5

SHA256
8628b169a319f01f58e413cdb5e24cdb5638ecc2e9d936fa1011b850e0ff5078

SHA512
111c011a0ed37218303748b8d4759059256701bc62b91d9c253f50d6f5609e4cb45b1ddc1cbc41860e17c98f853efc5a09fb0e25c85b432764709b651dc74c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66e274b682507492afadf5d8f279bdc4

SHA1
0e788662fb49b42d52ebb1d8e2571e21bd366da4

SHA256
b58e120193400d610e7ac34cb009cf44fedba7e50d6ff58e46a77a50443eec2c

SHA512
42dc203ed6a09e7899614bad5ffc83232a23b84ea2514c31b0ad98a45daf2f8f8abbfd361eabecd50db6f35ada7b36ba91e4b675dfd842988a78d6ef7ece0d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6c713cdd325c5180c86a542e4853348d

SHA1
7c8f4abdd448e3359b5c682e3d5458b5f0a41c20

SHA256
324e9119eaebf40db851ed5a07321b4f840083aa2d5f6ee34f28dcd062a7f829

SHA512
05187441e72ba0c1e792477977c5b5db382a4cadbd0c04585144252c9dd167a64eedfacec77454136a3ba3acb1ec1e580aa382596dfda6e103f78f1f956fe297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe7d1f131685ae1774b367460ee6a635

SHA1
e66628c1fad5d534d836533988865ea579dfce9d

SHA256
73c71cc8de033a67da26c82cbb0c810683329a4afbb25285828a98c7a5654bb3

SHA512
a5b58da7ae58ebfa088cf9a4ec52004805a6d9fde5d298199c3ed0a6f9556a3c4bd192329f2bb8d39206096a3477b9e7a7caa9ea1ee7546ecbe5d828d00b34bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
564688fddc9acb052a82d69be0b87a43

SHA1
aed53a97b3537519d154d25c5212dcd92c104292

SHA256
0e81373b7b8f264ec7a2b48e21be4320e7c5c1d09a33bc98488782cb471a9f94

SHA512
e64c71ffcf0413959842f2eeeb6d47082887cf32fd0ced3e8f1e4cb7ff1687d75b7bec35cc268219ee50b79d23f305e4ac51d6b5f1e6db66900c4b8a4542db90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2973841afb8f733d606de1a13f2501f9

SHA1
73c978f95275cc99e073940021a9b3d3ea5cc34a

SHA256
985f3509af37f910038150ad8c4b1ec70829bc3b45ecd4e303af86e02e730fc5

SHA512
09f22bbc85f888903b4e966480b216068fe6f7007bc281e5d1a6e3aed7532d8cbe7b3bc26ffd133fca08011ae47704c802845fb39d1ec4ce909baa7106baa8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
36b1ed87f3bd3c159a6595e2170aff3c

SHA1
c2f950f9b122c140406c4db50d469fa78771cf97

SHA256
ce0744b0e3defaa5be922c7561fdc45c080ac6c2fac0064ecbb614ac0dbf6749

SHA512
2f71b5ef09e2ea58ee01dd69efafd4bd9f2bf73122d80c3826a9ae0b8fe48dc71c57165ffa5283166d744808ced18654a722f60952b7db1332c08250c00f256f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f4ed657eb18c22ac58c871650d3bbc21

SHA1
c8188e3568943fd5fda470ffec2cb96ba132baf5

SHA256
fd50e851aa7f7561503337a9d408ea61831d1a3fe9e3fbdedc12a832102e0180

SHA512
73937dd82992832f62212c3329f429e7969cd0bb67aac5c888ad9743554086975c98e578f31e93d6fea4ac94e552331e210b22e5825713abffe4fe7df56011fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d69ec1d0b97e4282f5fd3378d36a7daa

SHA1
d0b1349691a000db5e9fe4100fffe0f1b5b5f77a

SHA256
a91ca57c4275c27e79be5dc606538f46b77f3e8778a1ac43b2083c4ec2d31ad5

SHA512
bd3d0ee87ac85679c25582e9282146b16f73f3a26e55611866aee4c0c642d647ccf579702d5a4742c62be6975598111d66a1cf7fee25900a956f0c3f8f85a8b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0dcc07b91dc7042a998009bdeec9b3d1

SHA1
92c64891acb857bcd60ebb91fb400089e0d5625a

SHA256
4e173863f6e62f294c76f4d25c1a206f388083c34b35c099cd7680dcd09df6ea

SHA512
c6949a678843a228a07ccab496c75e1c86955c0112586b4cccd35bdfbd988abdb25ee1396e779f27b1d7054e101520b76e827c53aeae8bc02cc60a099512ec07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879fd.TMP

Filesize
536B

MD5
749ac3ef8a0c29c25a405105b72f795f

SHA1
4a2436e944f95d3c01d48c4f756185a759d7a1ee

SHA256
31db62ad6f5655d3cb2cd4fd7d0411523b96196ac78102f60739b9bd369b35df

SHA512
96094f7d031d9a4b41d7e69807616ff21a5b6a70d3c3e752997b82cffa6970028cb25992a20f8594fbb5fbe5dd006a923c379020904604b21be5963d25c8b4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a76a52ddae02b34c656be8992e115377

SHA1
0da226c99e4a24d6f3ea25bcb59c479c745e043e

SHA256
5f399f5ed015bbd02b986a50a2a88f40a164482e0cff2e3fe0920934b831a527

SHA512
544a163647146c47ea2e3b9fc5a20993c472b327b990b67216eab2836bd4b28e4b497f7315b768cd978e8658f4002d927c37df2e61499d151b62336f59a25485

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
ec3e584a1b44b3755f0a776fadff97d5

SHA1
4c22d69ffd2fd18cf87ea3237f89eca4179c175d

SHA256
ca4f130c1931ee52e51737d3020b499ded8e20fa09d0a13e2705901df0f22a36

SHA512
76f74e5d8b9db4e33ddd388fcae02dc4c5b999783c733dde94c3ef5fa9ff68c37412054da161cb9d711106d0efc32ebe7588b008cb9cba1ea3046fa8630edcac

Download Submit