Analysis Overview
Threat Level: Known bad
The file http://steamconnmuntiy.com/gift/id=8237689101 was found to be: Known bad.
Malicious Activity Summary
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-08 04:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-08 04:32
Reported
2024-12-08 04:38
Platform
win10v2004-20241007-en
Max time kernel
328s
Max time network
329s
Command Line
Signatures
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamconnmuntiy.com/gift/id=8237689101
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13146913115146214025,3773706505371511721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamconnmuntiy.com | udp |
| US | 104.21.49.225:80 | steamconnmuntiy.com | tcp |
| US | 104.21.49.225:80 | steamconnmuntiy.com | tcp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| GB | 88.221.134.90:443 | clan.akamai.steamstatic.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | cdn.cloudflare.steamstatic.com | tcp |
| GB | 88.221.134.107:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 90.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_848_HFHBWBCFMZPMESGN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25c9405ccc10525be1ac36f9e709fa2d |
| SHA1 | 7c5a0d8a7fb14c3cc65f5e66b051e3638f3efd54 |
| SHA256 | 97de0b1c05e3202dda1190194e8a006d2a7db144c6c4b8b2829fa25666f3c864 |
| SHA512 | d88ac448ecb18b3a42edd04b53141044270efd82b90a9295eed734f3611ee01078973d4931b658263ef7120a393e9e6d5394e415fc0120c2d0464b969e4366a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 38586987ea6105b70031ff3492ccf375 |
| SHA1 | 7b006902e0a9400801572dd43f3a646bc789b1a4 |
| SHA256 | c0add1ef8b259e40335f640296d1a626e1406b0c52272a5a819dbf6b38e9517d |
| SHA512 | 605cc4dd61b1ba956d61ebf1470c5a99080d004e9cb2126e279379b62be1e8e872231b5a3b8bd2ea8a74f3787bc552b596fef955051513412e78f1439f09fb8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ccd8874c498e89b0ac0a2cf621505a5 |
| SHA1 | 97ba3120a458d2c5925f172e30f157d19325e687 |
| SHA256 | 962cadf880d8e80cc4244de0dbc2282bbb79b32600239968bb0b1e2f007d2903 |
| SHA512 | c5fd73aa53c89be24aeb81a9fb3f53400c286e0dc2ca009108e90347f000c81cd8373a3de1ee8169066c60880a66d6bb1c164f1a02735ee332ff20c804dc924c |
C:\Users\Admin\Downloads\Unconfirmed 236768.crdownload
| MD5 | 2c0c25792aa3d462ba04a344f09df0b3 |
| SHA1 | 51027136c1ec1c7a6af99b0ab766e6e2d16dbe0e |
| SHA256 | 89c6fefdba5cba041e3c23c0e2c2cbdf62360840a07873cd753dc605f7109409 |
| SHA512 | 389f9427f3476773ca288edbf3a9d1d58a979a679595c33ee9abad86ea2cbd15129b581c77ed0600e81293bfe924fbc244e7237db1009d945cfbc3495f5fc093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7fba5b9815dc952bc2c6851a1100f1e9 |
| SHA1 | dbe3fcce4b199b25e92f5d54f0e6526b7b0a56e8 |
| SHA256 | c106ab6caa706f6cdfcc3111a7886168b880e794d03eada25a53a1d735d58d27 |
| SHA512 | 3b2303c1b6046bdf048c76c80c110e95b305cb4e64e8fc3b8aded11e8c7187acfc1ae76f11770ec3b5cf6b0401ce73c5652cd114756557af0a488a55c5309f7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 09c62152f127cfc39de555b8c6229af8 |
| SHA1 | 422d22518ff0cd6e0e246a895959cb844bab241d |
| SHA256 | 4d375f1500681d4b1047d9b129b67e7aa7fbf1db69ba63a65cc2987db526bd22 |
| SHA512 | 65eb88eeb3ea1cd13c2533351ac788965916c0fef95819d63c13cd558b64c1d98de84b3cdfcf0434b405f302cbdaf716ef273b5c251ffdfb9eaa247592d3d61a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59ac44.TMP
| MD5 | b8affa9daeff1178b16ec5a09f3fbc37 |
| SHA1 | 0baecfae6e92a9d7f1636b46a985f00bf8b38d88 |
| SHA256 | 6401851f46dd4b2996cfb77ff19e7f80bfe0fc900fb9ad325db60edc0da52144 |
| SHA512 | 0c9979960f57037164463d59539a55b8e3e415ef71b480c27ed8369712cc8f812980d46f6fcc0b1942410cd443a6b535916a3f5f2c7e93dbb7a026d1c92f2ed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7e1b7919-dc6d-4708-9402-964b6a6e5f9c.tmp
| MD5 | f64821eb5c4545aa23abc4d3f18d347c |
| SHA1 | 3e2ac68139eee05152ae421288417df46802fa8d |
| SHA256 | 222cc6cdd13ff7b7c5637199e260a49a46b64835c53074bff50bd7215ebf65e7 |
| SHA512 | 5f01e6bbce3464e865ada9b3e1e76aaceff98d8a772055d490a7a5c4d7a90df49325d8d269a9b28e040fdb601f38445207c857195774768f54a0317bd79dc197 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0adc0399c20647c56043cbc9205763c2 |
| SHA1 | 679d5ead637af8c0a458c6393c248714394aeb61 |
| SHA256 | 21b0d24711b43d97b6c662b8da9aee447df864ce44935bb4e563edad97bc2da1 |
| SHA512 | 4b1226653dc2a40097f49361470d5f9126986bb2707ea14073ad37e89e2f4b4ebce75feef9ddd0c77961eae2c338672d9db30fcbf0ad4870f0a16100835cfda9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7389d61a7174e133dec2d599763cf5d |
| SHA1 | a137dbf3ff40612766d50c45783a8948eca12e90 |
| SHA256 | 20dcfaea9e732d10698f54eb175dbfe0190c467a5ef108c3d16ead1b313c51b6 |
| SHA512 | 491b5ff9319c4b50d059fe1d324251c43c41dbeb7e7dd393a1e375777967f3711be9f14f19e01c1979a0a70f6645d5db302959d3728cf7b460078832b45df972 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 66e7ef7df1cd58f7218f154add0f8854 |
| SHA1 | 51b4176a9fdc6e7bb6ce70f246975f2e48c211bc |
| SHA256 | 87bb20e9eecbc90a1e7a107955c5bb2fc5cb02f02cd99abf084bcbe3d20cc3ef |
| SHA512 | 0df7bd76c94f74714f4fd70c4053001cba0997dbb4cb77556099a5d7bbaefb00a496d53ba6f595cb74e985b807533672101673b8bf456556a0334368f1a46534 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | e13edde4a25e96e573f37bdd11e020aa |
| SHA1 | 84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2 |
| SHA256 | 45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515 |
| SHA512 | 9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 638a4990025383a0f83ebf29bdb84a68 |
| SHA1 | 153e8818dc42f598e47fde8cf398f1447649a4d0 |
| SHA256 | 878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6 |
| SHA512 | 59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 47d88f0e30322831ac51429e321af624 |
| SHA1 | 0a3a50ae8c9d61a6d96b872f91b4694187be0bcb |
| SHA256 | ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c |
| SHA512 | 416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | ece822ddf599587ef262b1b22bfeaa47 |
| SHA1 | d9a8d480342a2a675c61452df0957fc6773f02ce |
| SHA256 | 199b281472b5e03f92a02e91d4f0dc88b91b641f05670a74e1b3507e09b0727e |
| SHA512 | 910fafc0f1915a64933d649cea2b80fef570872f792320c49217b6fe60e49e2d32a7b0f698ccc7f91bd444aa62911ac2cd1da6897cdf3c0a27a3c54c8aa9d638 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 1cd9f819fae888ce4860b7f6093347f1 |
| SHA1 | 04f78da120741f1198d595af811b2c42ca9d5406 |
| SHA256 | d90bde2cee49d26d93cc149da64ebfe3b57b6f391c1fe84c696a2d5e3f33b3ad |
| SHA512 | 2f7e22a0b36ed64c6be176f48f91663bbaca60d7a4ea862a6a81678fadc1d8df31c59a3266d1097654fb52345e0d2e292b8bf48e9497be9c3e3be89cf43bf90b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | fafd090a0b63d928fbe8b3ce4e9260aa |
| SHA1 | 172120d138fb4c6afae97bfc0bae13d424fb7c16 |
| SHA256 | c0ff9308b0e13a3e743f56ae84abf5a054fb964fb3f36e52729d78f71ecbeb67 |
| SHA512 | 4840a5455dbc8394a7d47f935aba64e5c23ee7157e9a00848a2a8bad1c604c280e4a56f9445c3c63bc0e778066dd3acff31b973521ca5384c487ea27f89ae71b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 71d8c032980d1a77fc91df75f3b8d0ad |
| SHA1 | 6bfa8b406acf9a3572697e493b762fb5a22a4736 |
| SHA256 | f60023126bcd28cf0e7afe447e9052a6b505a55c4e5ff4d2a1234039b17375c6 |
| SHA512 | cb09472205357426ea767c0759b1175e8aef801a3068e1ed70b64930d878c6debeb7ec2beff48564ae37eed6dde8b18437f0cdfde5a68cc685917447fa7e4505 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 02ace8c9d46dc9bbb939e071c91e93af |
| SHA1 | 883a9db4b0e196f59758a2d136204ec7ea5b2322 |
| SHA256 | c31d6f02f5896ddb35f0eb3d19387ed782738cc2966246f2dbb121a033fbbade |
| SHA512 | 692d00d5f3a79a13bea3d938e564fa55303979a78565937b932765eb7afd621a8fb125528da39fd8a214dac7d7ffc3571e0932c9985d2201117d46cd09e2ef54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 5d2d06e403a7a43c4f093c7c408cd742 |
| SHA1 | 55863e196cfdff655b155ed2c0960913445236fd |
| SHA256 | cd736da48dba022636df45d58ba50f252b576642246e53d6f685c8bf9564111e |
| SHA512 | 71b55c6acc0284d11d7e6b33ad6993f8ca9ca2186b65bc377b235e4867dc2645c4079040aa8a24482cdd35d391dc75ef7f2b7633f7197c239d8075946108fcf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | eaa918479400786006bc5a37e77075a2 |
| SHA1 | cb892a61d8643b235ac589d9e0fd7a4a97ce56a9 |
| SHA256 | 69a47ea33e7fa0226b9f23b5837a9075f36a0ffc2e7adc2f5b30f564e1dad09c |
| SHA512 | 52bcd20485323c7451fcfbacf51a3e5366031198177ce53815ee031a451219755421da894edeb8e26a83ec84d7e52217b26158ddf5b0449bffe8f286b2238942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 863f72ddf58c2b33e7e9167f668eef33 |
| SHA1 | 67ff8fe51bab5663c9471b6468da66c62853ebc0 |
| SHA256 | e86fdfeaec55483167f80ba7dc00b5b1eed1624187dc1705477d11cf55a48058 |
| SHA512 | 9057012600613459bc5cbe6027373ed7c4455b43d751eb9c08ca2201bfa1e2852269c121d9237d42571d6f04b2d2e154439b14e257cdcc1ce3391bb7b26ddee3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 2d64caa5ecbf5e42cbb766ca4d85e90e |
| SHA1 | 147420abceb4a7fd7e486dddcfe68cda7ebb3a18 |
| SHA256 | 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f |
| SHA512 | c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | d45f521dba72b19a4096691a165b1990 |
| SHA1 | 2a08728fbb9229acccbf907efdf4091f9b9a232f |
| SHA256 | 6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc |
| SHA512 | 9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 6168553bef8c73ba623d6fe16b25e3e9 |
| SHA1 | 4a31273b6f37f1f39b855edd0b764ec1b7b051e0 |
| SHA256 | d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66 |
| SHA512 | 0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 57613e143ff3dae10f282e84a066de28 |
| SHA1 | 88756cc8c6db645b5f20aa17b14feefb4411c25f |
| SHA256 | 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14 |
| SHA512 | 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | ce6bda6643b662a41b9fb570bdf72f83 |
| SHA1 | 87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8 |
| SHA256 | 0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6 |
| SHA512 | 8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 0fca09837401a3a8e05aa46cd1a653eb |
| SHA1 | b021350e90fc433e720eb57fc10a13b434fbcc15 |
| SHA256 | 12ce433c3bec3e6e3029c52dc3a20a1d486ac623aafc8960421d223d00468523 |
| SHA512 | 62e005b4c657e7a3cb785d426ecf05ddfc2f605b5cc54d440975e7255013a9ad8ae78aa50c26981260134650b6e6feebc3ec6703601d277dc2c82da1fd69f6e0 |