hxxps://steam[.]workshopskinvoted[.]com/sharedfiles/filedetails/?id=15714458981

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam.workshopskinvoted.com/sharedfiles/filedetails/?id=15714458981

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
4008	msedge.exe
4008	msedge.exe
3344	identity_helper.exe
3344	identity_helper.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 3512	4008	msedge.exe	83
PID 4008 wrote to memory of 3512	4008	msedge.exe	83
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 2100	4008	msedge.exe	84
PID 4008 wrote to memory of 3972	4008	msedge.exe	85
PID 4008 wrote to memory of 3972	4008	msedge.exe	85
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86
PID 4008 wrote to memory of 2924	4008	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steam.workshopskinvoted.com/sharedfiles/filedetails/?id=15714458981
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa569546f8,0x7ffa56954708,0x7ffa56954718
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16527821313079035074,14229480346765257018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
0de0420f661eab5c07d41a8c031b8018

SHA1
5c9b0a6862524ac086cde404a92ef962c0692fd8

SHA256
3ae7674b2908db62094efb5f947c3bfc1981219cc66c4e8241ed2366a66904ba

SHA512
64647c449ea5642a9e6e0dab00a4308c563136ccac807d363f82d9307f03c63e8c8809937f8493124ae77f27c06786934504a7dc5dd4197211260d1b80c94df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
824B

MD5
d1105d8e3d147540a3714be79a3d8f10

SHA1
602bbd8ed58a0b23a0b84992a411a5a3ad0c0d90

SHA256
419df3f7fc58350bd39e17f201d554d523f9a62c9cf02228d81d9aacd36bb34e

SHA512
b67c2bca6f55613e7a77750f2bc7710905f81871e3a4f73f20d537754b12fd98020e646f172382219cbe7067d48659640f6332f18e31864c110ce8f2ab0983fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
713B

MD5
070f7c98806129cff11978e66a3649b9

SHA1
9f46bd76f8918b21884e404ea850ced9e28f1054

SHA256
b259f2740ecd7bcc416cb87974d91b43251bbc983f2754ca727637a7fc2602fb

SHA512
862b54a9b5322d97b551cbb374a79e760af3ff87d06fd2959ac6fa5779b9e06c8c240ea666eb3b0029b1f0b7aea4574a3fa37f21dc46d5d70a1c3ed3a0ab4124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d1eabe8a526dc8ad954c0ffceb1796ca

SHA1
06db360b6cfb11a878bf2ed8ff52cbac00494da1

SHA256
a15cc52ee25ca4a86ee7d6c85b92a6f66163e324e79a6cbbfe807fa9294431bb

SHA512
81c75cd7c2335360f0322c693186c20fa89cd1c4b77044e8fa88b4ab63afdfc950269d948b6e9f904db69099f58c60d9756e74b698700294851226221c85f078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
742d594a43b9c23945fa45afb34c6d23

SHA1
48e654db467fa4aab1d09d6cb3dcbaf7660a24e3

SHA256
22ee317be9e7fc4b5bcdcfd59ba1c4007074c6670166e36cabd0aaf0de27c7db

SHA512
88a424f4190029d94ded2547450983540aee27476274e196bf0929e9e63ae9682bee5d3ff21e6d09202513a36d447ecb07c4c20e26b2f1de3476ebaa8f8e9897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9cc2efaa26c94005641085ec428a99c

SHA1
8d1cc49509eb2ca81e997bbd9a32f1da5219149d

SHA256
3a5fa0c55283ec9f760449312fa5efe6dc422e74e966f5e26002b0a7a9b1b179

SHA512
fb37e69c07d957235368ff4ee2caede21d6d479b0bc6143caf539927cf895747c128ff78a08e3b58403112d983740caeb86df7c982d16bd768a154ffe760d80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64e84b7e18e3ab60a98a632be8ec5d71

SHA1
7d6d34a4f0c2983c8696bb6fe637474e498b5311

SHA256
90cc34b73b5eb3a742798f9349e8cfb37c2f2830646181560576dac0abb2a0d7

SHA512
9c7335c31d88b257b743afc89ddd99917104fd67420b4f9632f6a217af1620cf5501600fc2a4f71a2c1481c7d393ed45cc4575df0ad3a96ade81cc118b573a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce00c65d8f7642aebddb6afb46cd0fd0

SHA1
6a00f4724db271af4a6c859396eb56ff473d7f13

SHA256
0319aa1e31756113e624eea1a2164496c7b21fa2b028fe3056f4f1e9b18c1449

SHA512
d161138c2c59ffc207ea238389497f5dd4891bcfe58fdfd3968466c8d92025b2a28b68423a0397ade5e2983457f6bb9735bad3eda9e5ba708c028191501b5301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
b0aa8190955313845c7d119e017db10f

SHA1
623899573705498b6b2582bde1f47cdeed6bd604

SHA256
bc7a5cf5e958b19ed4124240100308419eba5527b7c3be1a0bb6cb13b5309d52

SHA512
729add72889343b9014f8cdb2a80efc170382422b25df946ea22c5b861688eba8addf4e4b10b3dab20793aaf9ecb3e323c971af6e3a7891a98ee68d99cff0ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c37.TMP

Filesize
202B

MD5
630669ca46075e14b6229b96664dec36

SHA1
fb3c2d4008e098209ebabfc66de167d26392f0a7

SHA256
ecff9cbf8cfb3c14cb1b488ed6bf7c4bfa9db59394ba6024b1da59ab9615ea32

SHA512
4f966593f26d99763a3da1d46b588c27f81a7373b59b1a4d3912afa9c4824f47c529a3ae19f6afe0bf6be40364355e5f82ad0d31fafaacc22156416f9fe88547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
03fe13e8006111f40dcef6435ba66f74

SHA1
1321209ab29e6304023b7471a0c1bef0190ebed4

SHA256
f7123343c175659afa451e81fffdc0504ebe4ed07e5bfe62012a4d7294de32ab

SHA512
10065c6d113f66888a6c43e6dabc9c5e3efe9c86d9922b02c07a458297e577c47f9941d58f08a2e8808daac67bc953fb84ad95fa162cd7b1abcd6475766b6d92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit