hxxps://steeamcommnity[.]com/lol/ret/wep

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steeamcommnity.com/lol/ret/wep

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
3472	msedge.exe
3472	msedge.exe
1612	identity_helper.exe
1612	identity_helper.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 412	3472	msedge.exe	83
PID 3472 wrote to memory of 412	3472	msedge.exe	83
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 336	3472	msedge.exe	85
PID 3472 wrote to memory of 1872	3472	msedge.exe	86
PID 3472 wrote to memory of 1872	3472	msedge.exe	86
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87
PID 3472 wrote to memory of 4536	3472	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steeamcommnity.com/lol/ret/wep
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9190705045836157547,12307654981643988203,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
43KB

MD5
7f2c172ca810d85c0596390b4ab21df3

SHA1
d4acb412e626e744609aa326247bd7eeec469bec

SHA256
4ccac6b00b8d6b7bec9886d8a23d84131bed955d995a37b5017196b03d1edab6

SHA512
961fd847cdc7b7c54dcb5ec19e3446701de454e9d06e1e2025360a1d0b426d204fb8aec90b854c7b2dbe3153aa66b5d90ba56f8ac6a8bc996177642d6f55c263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
484f922388e0a104bd7e7c4c26bb631e

SHA1
4f637f6fe08dc353cabe80876ff936c402761a62

SHA256
a62656d7395db5700ca43ee50a61169662062cdd9ab74cac47284523b8ca3861

SHA512
f643a936d0e5021eaf1dc756d9be44e22152d9baf73c0d351ecae736338facbfdc5119b3046f92b7ff1042456b825ed8dbdf6f8fc1c8dddcfd8df3c80762de41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e69b9fc32d1f3bf9f811b57f3b255ff3

SHA1
6ec9e579fb55a86de88b3fa0880b445933f6fb69

SHA256
acf3e5b974aad5919af7afe3f0191ce6bea7c99d191a180c006b6355b3984951

SHA512
b11d27ae4840d145abd9d213c45be82d34a579666b2a7fcf2db0335778f41f6df616a9fe3d6b3523eb50fdbf757a9cd8d65a1d99b7a5cadc45fe4b4d4e3f8a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
1dd7e9a5faf517301160c01ec88d455b

SHA1
b0d0c3372bcab9f9c9bd016385be2fa45e22eb07

SHA256
869127daf29137e47014e896445105e79088d3571a8dbd3aff4c54ff746557be

SHA512
86895014db658a8bcf02ecca72b406d6ac40e866852011792d5189a49e9e1d425b90c7fa74f1f87fdbdc1112152a902f70253762505a0541560b6f7a931afbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
29bbacd4090537d42390c6020e8d718b

SHA1
2889d31de4ae70d2c41f18d8a4f37787e2f32803

SHA256
2fff8e7ab2805061f3aec0892220ddf5699604c7a27183bac264b6a94dc41ba8

SHA512
295bddc3497a4794522c294e8466806728f92f90f2c0e21e0a07e39d9586178acb94513516c9caf692d19632dd8d70398299945c5c1e3a9a94655c1885c69874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
765B

MD5
0be559460a1c4cbeb4b0863cd81c9307

SHA1
1583021e26bea857535e00e625b5c6a9f4f2bf0a

SHA256
4f7021acbfd41c03f24da9d4f9d986ea4064e04ebada7da421f5aaf5648ad925

SHA512
b0b1f6eaf7824894b53603f38169560cd650c41d2d1869e881b30b37aae186a63b4d3c3f5bc3632c6f55cc8cc04fa84898f9732a9660ab3d5600bf56b23cbf82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6846eb2a41c8e086dd76effe23f9d0df

SHA1
fe10cd1e246dd64cb09053a86e8603dfb2f0a174

SHA256
c5166b20ece963fc01ce4609e8bf893cfd77915a7a118de9d2635deecfd80275

SHA512
34664420c8f21c8d5ce3d9f5b6cc6488e78554e2c79d19984996e57ea425fb2fa8216bc78eef4dc0b97215e442017c1e2b5324e7643e34a848c8e97d32a6dcf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3acc743d03d3945bcfb30f8af2e358d9

SHA1
64f7e19b00117996cc4c06eae3b8f9c9eb448d65

SHA256
c9c076541f99605973d6a63ca794ddb5d0c71b868091206a767a136420f64fa2

SHA512
2949d8069bbaf271835f870b52da8c06522ca1c4c16e23cbec487cfac8d2b319284e4fb99556e883be3453761cd3cfbb0181463767c924f6d0d59c9bd15cfd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1b6bab2111a2459b5eaeaeaa97713e6

SHA1
bcdb835820739e495d82d91caedcf3de37a38b60

SHA256
7270a91652acee0b32faefc7f3f79d870662c6746854a24749fdc8b732d42592

SHA512
9d60674f8e707a8762b4148ad41c35c36cbc120b20dfac4972877e3a3abba5fd523649575679f490f77fcde17b3473d79f3a21d164598a691aaa407f5371041b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
825cb132cd3d653dd9f8ee1110dcc643

SHA1
80d93874aac69f9694812eabd80fe7d0f5601195

SHA256
b2472d60e38e3a8c209345b20b51f17bc71ada0fe7b88609f51fe4547a5988be

SHA512
9a6b776e31e8cd00acd4e0424ac1f2efcbe7727ac57354ca405ce4fe9b3bca9d05aa2fd3dfc6b3c6d3bb05260483591fbfc99ec81b52cdf5971df082bf41d751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0080d2363ad5744c4f1a71d600fb18d

SHA1
3a9a787109314d27fce5ad78f7096dacf335ecfe

SHA256
4dd81b6aca6c251bc510103b8f80ad34e6b7d8d9b42bbc8c155396c9db44b69c

SHA512
9619631d04ef15dbab57e8c21ab10cced3aa35152301246f152714ac0c1297749b8d8295e96a9989e1db6f3bff02af27172b51b41c18c8a9b851be4898331de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0ca9e44c74070338c75cdde6e59e734

SHA1
d48c4b989f6593c4177f7738ba309ac6b9543271

SHA256
c11c4db125f25e58081f74671767406f6f190ea2861678a1365c444ee31f3d4b

SHA512
ae82822fbb75bd5c712de82df905e3a33950e2590e00bd39e95aabaa46575ab752e83a343800fb93a005d0cafbbaa072c76bf88fa4434e9f5978ec797a42648a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4fc31f1fb5ae2355b1f1e679fbd54c79

SHA1
65d77285b85353e5711f84b66e30272efe89b217

SHA256
6266152bddd7d58a284b888fec2592bb20057a897d184ff669a106a830e9ccee

SHA512
1a3cbf3d102fd619ab089848601344a847fd91497dc1c25b1b79b33a30445dcd4ff63c98e858e551733b30c9531d116958a0d68028540c061b96fb99b68d3e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2229af0397c28b6354decc0d0a83175b

SHA1
d86130dc4dd2a650f8f60cffb588765e16b35c69

SHA256
e2ff16bdeb5ba3e57222fcce69489b03bdc44f2b317fcb32d46fc08aa13609db

SHA512
26b306ab68a23e196c030afc3849a4e2eb00f71370ef32bd547419b66a41821c2d263846289a6734e2dff2bcb6433a18f1336521ac6f8018ab9b0b1e8bdc7bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12cbd5365b5297b64c91dcef03b890b6

SHA1
6dc3aa3913e6c3c2dce1b4c40be8fc07f55298e2

SHA256
cf497033772f7743340afc759b7aef44211f63efcb5c91b8d78a06b0b998a5e5

SHA512
ddf932521077ea23ddcb4ee317387cde2f8d17b244f8e3d88521b04ca30260af9efc8eb7d113666e37ef89d41d752f323e6e2c983edb6c7559d33b5d9ef3062b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea50.TMP

Filesize
1KB

MD5
00bd7326df4c9eccfd630ff007c77273

SHA1
410f2920943f049e8eb13b58a523c9b0099339a9

SHA256
08844fee0584a85dcf67466b1cfd1b4cca6ee1d0cacbf6dd1b97048f922684d7

SHA512
753858149f18be623bb8a79760398a8ac38c910bc73813e674e1ccb4fe2d0fdfd7ec17cbb63376813c59d58d95d6e3e07c4ca892a6166eb3bf5d5734525f641d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b137872701f3aed535aeb69dfaa57cfa

SHA1
32370bded412b97676d067e74deadd5f23281ddf

SHA256
8d4050d34367a24cfeaaa629916a1c3e5987d72aa1b258f5296aaa7b7d17049c

SHA512
3c9229113fdbbc927096f3a7167adb03888ae5326844aea0f55397c073a9ece3418730e8e2f608155834adcdfb840bc4830916c817dd1eecfffbccb056e2ad76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
910ba984b93f30144e398970edd4fd2e

SHA1
f4643f3ce488341ee08d89f5fd830e27bf40fb5f

SHA256
03323c5294b0ae6600ddb5b22e3ee8a6b5c0e52689655d3a49d20bfbf7e34dde

SHA512
47d76bbaf53133b617384cde272ca90b5f8deffaa934fee2db329403e43c817dd812192962432c4b89005dc3bbf397c025ecd5b7fa45476b70dc49055eecfb59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit