hxxp://steeamcommnity[.]com/giftcard/9469548

Analysis

max time kernel
491s
max time network
491s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/12/2024, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steeamcommnity.com/giftcard/9469548

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
1868	msedge.exe
1868	msedge.exe
1900	identity_helper.exe
1900	identity_helper.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe
1868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 3332	1868	msedge.exe	83
PID 1868 wrote to memory of 3332	1868	msedge.exe	83
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 4716	1868	msedge.exe	84
PID 1868 wrote to memory of 3976	1868	msedge.exe	85
PID 1868 wrote to memory of 3976	1868	msedge.exe	85
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86
PID 1868 wrote to memory of 2920	1868	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steeamcommnity.com/giftcard/9469548
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa333046f8,0x7ffa33304708,0x7ffa33304718
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4140 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2676778895335824847,2418640798329177350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
22KB

MD5
5d2d06e403a7a43c4f093c7c408cd742

SHA1
55863e196cfdff655b155ed2c0960913445236fd

SHA256
cd736da48dba022636df45d58ba50f252b576642246e53d6f685c8bf9564111e

SHA512
71b55c6acc0284d11d7e6b33ad6993f8ca9ca2186b65bc377b235e4867dc2645c4079040aa8a24482cdd35d391dc75ef7f2b7633f7197c239d8075946108fcf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
28KB

MD5
71d8c032980d1a77fc91df75f3b8d0ad

SHA1
6bfa8b406acf9a3572697e493b762fb5a22a4736

SHA256
f60023126bcd28cf0e7afe447e9052a6b505a55c4e5ff4d2a1234039b17375c6

SHA512
cb09472205357426ea767c0759b1175e8aef801a3068e1ed70b64930d878c6debeb7ec2beff48564ae37eed6dde8b18437f0cdfde5a68cc685917447fa7e4505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
22KB

MD5
fafd090a0b63d928fbe8b3ce4e9260aa

SHA1
172120d138fb4c6afae97bfc0bae13d424fb7c16

SHA256
c0ff9308b0e13a3e743f56ae84abf5a054fb964fb3f36e52729d78f71ecbeb67

SHA512
4840a5455dbc8394a7d47f935aba64e5c23ee7157e9a00848a2a8bad1c604c280e4a56f9445c3c63bc0e778066dd3acff31b973521ca5384c487ea27f89ae71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
23KB

MD5
02ace8c9d46dc9bbb939e071c91e93af

SHA1
883a9db4b0e196f59758a2d136204ec7ea5b2322

SHA256
c31d6f02f5896ddb35f0eb3d19387ed782738cc2966246f2dbb121a033fbbade

SHA512
692d00d5f3a79a13bea3d938e564fa55303979a78565937b932765eb7afd621a8fb125528da39fd8a214dac7d7ffc3571e0932c9985d2201117d46cd09e2ef54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
42KB

MD5
863f72ddf58c2b33e7e9167f668eef33

SHA1
67ff8fe51bab5663c9471b6468da66c62853ebc0

SHA256
e86fdfeaec55483167f80ba7dc00b5b1eed1624187dc1705477d11cf55a48058

SHA512
9057012600613459bc5cbe6027373ed7c4455b43d751eb9c08ca2201bfa1e2852269c121d9237d42571d6f04b2d2e154439b14e257cdcc1ce3391bb7b26ddee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3a017995df42737b718f0324e9d04a97

SHA1
6a04ce13bc7611076ffffb7ce0c637b8194a717c

SHA256
a4ae9d8bf2574e1436e01d10707c01e33567225e3e759f048b03bbaa4b3faabc

SHA512
2c4458981a521acf94917ad2f1b9e0784759b860e648cf0e4597ffce3897508d4f7832e6fddce33be472923c969b1897e3266e91ef70d48861d05ebce136e592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
4a0659a15890a1760064d39872da3c3a

SHA1
5ea707f58bcedb2042891e7f9c9521f3cc8802ff

SHA256
378d333b71185b9898cb7484586e4cc7fede616c1c8c663710e0bc1e5caf4b91

SHA512
fddfd193470ae940cf8ba575c7cec3a2a657431d16a512f76a18cf52ad614637f66a5cdbcec96c897146cc7e0acdf4d31c4a81742d79aa55cfc7e114dbe389e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
079302e2dc7e1b54646950e4dcc6ea94

SHA1
a3aa2adefe91a64d6702489aa5c5fcc19b321c6f

SHA256
4e1b477549564b38dde41e200f0103c5a5b6cbda45fafc6b436e3134c376125d

SHA512
1feefd9169b63d6c22ce37f50273e350218b4b4563b1f9542fa6bc678bae6c50896cfab444573270ca2c8394ef844b10f9227925fa2b6c974882b16f119eba1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
25673a25824c01704ce1f43a1f42f159

SHA1
47f51f06180c4842cf091f62a6e0fc6c233c3628

SHA256
4d41db8a7bb44c70b180f8f3be92a32ef80fb9e005e8940fbe267804134b5ff3

SHA512
68bd4ea5d0104131bc98fe55ab4ac0e010fc26a682092890a0028eeb485a4dc91b41a66512f70ad0ce0419a512825efbfdf56bba54900fbdf544869b5042e5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
497B

MD5
3f2eaecbc7ccf3ab394fd03048fb3e66

SHA1
24cd1c01f8049f13f8ae9c5ea84048ab22ab53d2

SHA256
2c74b251b685487cb6574a577290c9c633e24c234a8cd0d5656b928dc7db14db

SHA512
5c413bdc8e1c4876601ab1bd1f2517f396aaa393f661927395294ea3a2196997114049754d55517dc7b4e6915231d17734d033f0c56167392b02f33ab1095feb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
567B

MD5
1c36bbe4e4b3a181801b3bf9227b783e

SHA1
4c76abb5e952ba331c25407b90cd37df602a67dc

SHA256
0c020d6cb4b50f5d4bc71f4e8dc4333e8f24826e584c431e7caf4b45693ef0d2

SHA512
e34af35a6642756538e147e56dc997fca68ca84fb0c21014602050f6a3727479ac5befbfeae8b18bec9760df35ccbce1e8333fbb6b78ac37609a55f63b6f6170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1035bdbf9cc034af3121425ec1a54874

SHA1
103e27001aeb49d6a542663c06766c3c1e58787a

SHA256
e0e583d6b03bd37177fadb18fc61ddf2aefacc93dd1810383452095ca5a019d9

SHA512
f776bb218b186a847d81737c39418055ead3b560a05f004d7e7334c66da5176139d815c436e4dd8a21403079d2f8a3ab6b3137e355468e64bf0dd066038cb76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
61691651d5e595c27f0644db81ff957a

SHA1
237ef4696c612a29aee02cee6523f1cf12448cad

SHA256
e4dc2aa559bbf45bbc816e83a6129b7952ec59c360d09ed19c6abb2af2fd556b

SHA512
2ce5546ff1b22f99d2e98fa8c1bdae09e6f14d2cfb0dd9e19bbfa9d8ed3ffc398aa103a27c749f707c815147ef71394c5b7676dc5712db561493083418c3f8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b22e41462e0472e2df5d986faf546f61

SHA1
d30c2bef03eb694c4a6fd14a9f815a2c157a634b

SHA256
23dcaed6b6bb8f9039b48b246419dee920b536ee06b0ce54b25a2cd13636cde8

SHA512
913e719e9cbd242348bf0d78f13c26b07f06b8fb05d960dc7f32a083abaee93273a85f2c6ebbf453e148b33f56d72c59fbe1012694a3e04d697be9ae8c875c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f1e30e8a38bfcf4883903c03b487aeeb

SHA1
fafc4bcb218a4b18ca301c7ab3ff430a876362d2

SHA256
f82d78efed95f2fb7c8ae4374351a8a148f2fc2c1a5dc488540edfcd72640082

SHA512
58f542fc44ca69b4ef0ac44608f5d0a3164da8e649c3eea573766a40d9f6983af2cf5483425b547d8a8b855a37ee78000544fa05b1d0a1090930aa8e4b83a748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0e2cf317e2eb93e1ec7e9cbe0de3b896

SHA1
eb54aa111bb74fea7cdae1492e24010d561779a4

SHA256
27a87e5ed656b17ce38463e138e91e0d4d24a93e87a37815072348d1d9f78d64

SHA512
36c4c022f1f9e921e8c503e97935f63c175ca900f5bcdcbbd80adb24d181582fe87f6442e1d3bc795c47e0dbca9c733fa1c8da051eeec8e039636739172cf4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1c2922f6f90e778abdc21e8fbb68a3d6

SHA1
807d30a6dc929b453263218b98dec2bfab500c94

SHA256
704713917b0901380162ca4349f0cd28bd7fade6e6fdbc4744d9ed43c6dfdf77

SHA512
b0fde6820884d54c2a7ff7ca07964c77b2fe88499d49ece63e0ee253c67eb3de3e66afa924e38a3765c557d3593474901b81da04a3a652067bec5235c534ea9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa7f580750dcc51e05925e68ea7a8e91

SHA1
cb8cf104a718e7595a39adfcd6f564b9574dba11

SHA256
b6e3d8aab9abec7821deeb92327c803be486bbc0e4988230265f86e8b74e385f

SHA512
b86b9ade5ee0712aed0ed00fefe54ae2df4366178321af25a1b858c02c6402fb3eebed37ee37daa7e387b45d618a799bef7ca816cbd01d81c4461ad1dd797b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
704b1ad96f16fb4a4af36157508a42dd

SHA1
6fc7e92c80b8c698b99b87cdaca113c2ac8e5503

SHA256
e3d9485252bd6da322fb8b78d6f9a835e7c8194a186502eec439cfe5017af06e

SHA512
a01adb78d8fd5bcf9d841734459a7c5812f8661d42ef53bc09b829c5d2bfbcc30d8b299f87609e953a417ecce4232f0ff2a9ba3905078a8c98bd2912e9042985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
eb422c4723bb16ac1b3d38e380db40bd

SHA1
fce9b919ca38ef5512ff46b9693995f289b1609c

SHA256
eae16196c51032509629933d941d7346ed2941c66d1fc8e62ebcbbcc4d029128

SHA512
7d503adc74ba5d7e8e68d3edb397cd0c8a60cfb1411f68ad0ac3145324a233a65c13233d7c47ae6e5580089a59e8d2ec9105a3cf394ed56911b8fa6712fcc193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
dac53984aab3127f1bab5d4ad941be2a

SHA1
da08a8839251616ef4296ad566e06b874e16bc0f

SHA256
cf1520f0e5c5741bf8a1ed453aac018d214dcee3d3c0108a748d79d1615a9686

SHA512
edf9918b080d5179ec608e5bba05328cd94e42bcfa7a14478470164c05ccb95166c2ba445e73d6ec23a0d6bfcf432ff111cef0d1fe8bd0f6cc445d318d6a5e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
e830a6807dad4f37d9a7bd15062663a9

SHA1
24e174656a83674ed94ed7f1104dbdf7677d2e9a

SHA256
14e31ec32283330a677326b133912a99e0be045baf343c74e486fa5f028ea561

SHA512
a926efcd2e44b0e9f9521df8119d0895bc8bf471f612430a08a3069c85864671d3656769dc92f7f3f94c8fb6f2c2a8bf8e24df84a7f92d358ac08a29cfef1020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
1094e2953f40c26f5c7251688393f7a5

SHA1
48d5ac8c28a9d48fc7bcbdc6e1a64f63056ccf17

SHA256
6ef75aeffe2f4c3f8afa6bca4897c6ce5e0e5bd8129eea0bc1503335076514d8

SHA512
063ee9791043d19c6964da279ac2eded86297658af821526b8ea57534bb5302b538eb73d1986dcb4f8c34fbe96b7a341a56b4e7b15d2684cd3ddb558acebb001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588623.TMP

Filesize
708B

MD5
3866b8471142b18366567f124d484878

SHA1
b28bfba73df7dd476e340bf57f4f98ff884ab65f

SHA256
a80609bdfb4f3e48a1b88528b5a6f71f92180970d1bd10e984f89c2741bdec49

SHA512
c3dcdf94cdc062a1d852f627688f40ebeb271b19304e63b207c1728f4aa55af070ad89a83df9a952b8b9641c0d5781b133823c4142e9d5b739d5676dca90bb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e1ea1ab98506f3d16834cd520d350b23

SHA1
a7e241e2fbdef7b80ae3cb34b6493de5e009e6b3

SHA256
75bae65a2a00320529de39b8bc93dd258962c3c3d43617af05e10bbf9f61c472

SHA512
03e65e08abd3e204bb829874c7ad4737cfca284bfc0cccb4a7f37c49cc6a2dbe9fb9aa97aed4efac7608dac500c804f8f0658fd06f299b20ba6e57e08fa98e91

Download Submit