hxxps://store[.]steampowered[.]com/app/2537590/Microsoft_Flight_Simulator_2024/

Analysis

max time kernel
745s
max time network
746s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18/12/2024, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://store.steampowered.com/app/2537590/Microsoft_Flight_Simulator_2024/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\abf5db72-89eb-4c19-a8bc-105ff6cbd1e0.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241218123755.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
4776	msedge.exe
4776	msedge.exe
1068	identity_helper.exe
1068	identity_helper.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 1444	4776	msedge.exe	81
PID 4776 wrote to memory of 1444	4776	msedge.exe	81
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 2316	4776	msedge.exe	83
PID 4776 wrote to memory of 4780	4776	msedge.exe	84
PID 4776 wrote to memory of 4780	4776	msedge.exe	84
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85
PID 4776 wrote to memory of 1748	4776	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://store.steampowered.com/app/2537590/Microsoft_Flight_Simulator_2024/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd95be46f8,0x7ffd95be4708,0x7ffd95be4718
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2648
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6fb9c5460,0x7ff6fb9c5470,0x7ff6fb9c5480
    3⤵
    PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3280517710482534399,8686488622726215023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x480 0x498
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6547c6e6bdac94ad11ab8e5311c7e265

SHA1
cc3401985b79ed678f8b94b0500766691044ee7f

SHA256
685aee2efe60adca559de33807715ef5306c5ccb8857070155eae3d7ab397e3a

SHA512
d685ddcb513af37ea57e0255d9f5387266f882015b9cfca8f100931dc1629e54d1150679e4562717180447887ef7094539df668707dfbdbd3ef9b4920de7dcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0526f2b37744871ef85ad98e2a03cd78

SHA1
7e8475de7f5614e30b67793a41d35ff492aff7cc

SHA256
68ce145d21b89f38464ed7486c74dd55a7e28e5ba25bb640cf4059b1bafdafd9

SHA512
12ae36f493802621601887cdc25e3d7191bfa94f0e784f11f18bff4bdf407efee195aceca19fe151718e9e7498a4faf0ff885e38cbc8e1e7a5d5d81f400b1ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
532154d5b1341348aa259cc967910f02

SHA1
33aa2e66fecef31f43380270c90efbf897b76327

SHA256
69d4770a3d67d7dd7e8442911d8bb658842eef26e1979eb605914e21bd3f5411

SHA512
25f748c7f8e6dfaa635be420fcdcdf29af17989c2d3699c06fe4504871229ce66c169c6b80f7cc2c33f4745972942f338576c6a1fd30e3086a450efc976cc2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
21ea3ff0e0e0f4723c4fa61dacfa541f

SHA1
69ec0a11109d44f22e10a233cae068e7df7b193e

SHA256
09cce5c177b3d3470821f9dfffaa16924d69c65e34c6716041cb1f578740d7a0

SHA512
7039135d4ab2c502708017ee1f90b20fbfb42fd954764d7ec23811a5750edd1978c612b6802f4430adff93239bef72b228b6226e1fc4fff7f93a19585ceb86c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
882ed359c9b3de5386b464e3ab4e5f23

SHA1
fe9e66059f4d9a4229d53dd227c24f2c4cf4157a

SHA256
28d3f99d49b3392faafcf247d9fb15648fb68937df5d50e66360b9e1f62b4cea

SHA512
602dfbad42a35ba1808662d8c294207c22e857eb48b04d374ac2e330fde97fa1c997d63d3acca34fe9cdcaa174b58a103e26ae1bea9b8989f736bd0e9cd9ad70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
616B

MD5
d69cb2cf421b54bf7197c8a674032256

SHA1
bf35e8587e1c640a8e5756126e76ee01ca331f13

SHA256
b6bd96c7a02c7bed55c6b4e5a840544b763459af5688ed6292b9db8836cdbfea

SHA512
8066bc78628971a3cbcf465c37fcabf9444fea913d45fdea674b83cd3bcc992a4e072082361f4aa800229d60526783dfafad829043d162ee9e708b9a515dde19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe589f87.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
872edd182c917bf6dd4065fb001fc98e

SHA1
3f129ebe41639ebb3df746686fa5e09ed1539022

SHA256
d3b629023a35c3b729f3885d1434747ae2f9b43ee51d76ab051cdb899b3c50c3

SHA512
6a1e8756694ab73cef29b0ce6e8b0571273a8386d2444140fe817cb82d8666a76e153de16fa487fb3a2ba0c26c1707a95709a251a76e13672dc8f459d9c8f9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7df7fef62ca2b500e9cea08cc267bd57

SHA1
385771d3d08fbd88f4b48446cb0e73e0d4af1291

SHA256
12f27f43e93229e4968b4bfa655319d8883f60af8fe147691e38be5ff30ec972

SHA512
ac24bbd869e4138abd1adca1f66db30236d66218a88f180c944eaf2f2581e716184910519a4680462b7e8a0447845ed584ab12293f92a4ac84d1ddc928e5a5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3debe6896519a419e680377631f7fee

SHA1
3806a23fecd0f8f96a99422479aa846974c6a5de

SHA256
fbd8f8a7dc9417e6b70d20ae2155e7e0bf2dc3426a1b5ecc216b24c8dc51193f

SHA512
aae8a9138f0b0b0b7ee27c95688dc01d523ae4241930313b1542cc55d2cfa93419c6dd5bb8662364fd275276663fc5292bbb73dd5022503f44f4918f87068ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5fcbf70ebafa7ad37b1276a118667b25

SHA1
328843b9ad0f55ca1af9f974ca9dac4201585106

SHA256
2f7624667723ec491610988b7503feaf19770c0d276f722c95f2abe8c1eb1735

SHA512
11947f1be1860ed3968f9b6c917631cd487ddadf1c6e626de1238d0d758b4df7be2f748a88d40ec2a715fcd2919f04bdfb58ce58ed542aefe315509a19593bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e617920b040914ddd61d7ab2402e544

SHA1
f90a8a4890396a3b8a5e045d361ee016d8df7781

SHA256
f92987358ccd15c40606a53a9dd3f523379f5769abcfd6c086d78470469d9afa

SHA512
8bfa501fe7d46230e4d5d8e3d194eee5656483c1ad65d4cfa9f37b5e757aac6ed1830fe1f42f60685a175852b06401ecc7b730abb93d496be55f07bb1770a77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
54d8d5d412f3513b3c0f5d4f86a4874c

SHA1
bd77a00fb917760fc161fe3a4d87d67182225c77

SHA256
ed80fc26e71dc195ccf0e92873cd3f2d559c83a0acf763829e39d0b2921028a0

SHA512
8bff2beee1faaa562c6b332a0cbbd633ac52c6d60fda2e6ea81a888d3c6a85cb7e6f8ca5a111e61a6abbe20e5673ced2eb0295166bbc222b7cc29458515dbeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
53aa92384f8dd229643647a024db8d61

SHA1
4c1434d5ad4cb0ae4b8bad2ee31f82ba67581992

SHA256
88831be300e64e2d65654f5667385f50a7c05925655a06ccb8252a161455e28f

SHA512
cf23d5eeade7ea6d240cb1b8e30adc2b4f0e1cf0359c802715caecc9855251b2a8affcc7cd0c7d57339164fd8af5dde4447f244a4be3c14d5d4f95990bf879fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1862d972016902a4e63df7e3ade4400c

SHA1
07b41f9e5f6319f41b74ac529d821a81274dc868

SHA256
c568ca7ec16bcf4d3c1a5079ce6696608aeddf503a03496aa7d81a1ac8aa1780

SHA512
5dea6f360a8dcb87d608c74435d656a8e054500335d4a05aed4b8e185f35b9120255210e260e8b5f43dad6936a9b43af6d791be0b345b02b350e087e17df0f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
b8d99daffed42299b16789267591e4f5

SHA1
3a570ee5ecb1207fec6047f6faaa3b74cfbadb5e

SHA256
e1dafea8ad5aba74c62c863ff5ba1375d8186899b6623a1fdeb2fb7deab8074f

SHA512
2168b74eeb6af5163d31ed65d8099ba225455f18c480f1d4bd94e5f15f1b5e7d6b480f637d2bd32a9f67a7c9a98b8eb57c3b0e716f7436c6c83b1f6aeb1830f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
11c34e9dcafaad632e2996d747a4feb7

SHA1
824f93eb386a5f21cbc807d26a209e8b49e92367

SHA256
a23d4f4da1b9ae9b51dd18dfbc0730459a44cf6852e98f3d0cb64abc6873e444

SHA512
d85f2fdea1f69c7a43ffe692456842f9b915dd4a288489d2b7350a1eb070bb3e56866caabe6424c0f22d0a7afe6244d6059dfd9652c7a358f20253a1a7b9c30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e09c.TMP

Filesize
368B

MD5
eeb68837db5979095ffbd74ce2046bc8

SHA1
8282fbba4a6ea16d7dbb9bf73b03045b0d83eadf

SHA256
aa0e2433db05c259c77001942b09f483eee9d2118979de606f06c0b44367e84a

SHA512
1446853789b502fd8bd1f27d121ea364a839eb95ff75f35c67e3c95d23d659c4b96c78aab27e00dc7b474cb1130a9b0d49eed59c31a77b8feb482edf8cb03387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
05586f8adad281a198b9f3b6a17b6b38

SHA1
75136d9437b819f8038684fffa0202698dbf0077

SHA256
ecf0156b598c2f83c2c379c5d0c57d4800bd5a1e87ad68d95e4e6fcb8034466d

SHA512
4812af7d23b778ec45e14992d1ea57849044e036b7aa38afc2b7c4cbdac60ba86cd70633f86abdf8abbbe28c9f8410b2fa9d262921efaa53df27b68d8d0163e6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ec7814dc1cd528e090e0fccf1fb4f889

SHA1
e4096de52998dbd00b5e07ac36a6bf7ec6d6ae3a

SHA256
90a0b5114ba773dac8c49a00433f0da04d0c93fb1277df854f966ae4e64ed4b5

SHA512
31300618d88756ee17e692e2aa0084713de53ae740ab14fc10b082d8c57dc19f71a088b01e5bf3b2ace6ccf30d9d5868ed4c58b37e90d341d6cdf5f3e5f65148

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
546ad0e9ac59ec3f3dacc993050bc26e

SHA1
fb84e42e27e1376a6f217efc5bc6454bbac19700

SHA256
bfcc1b64418945bced051279caa04847b7473d3db126c14e25bfdd4370dd2ee4

SHA512
52cef2cda8c29b73297dff4db48fc91c2c436aacaf5c59d5c7514bbad3db12932a4aacd97e8021f1904ecd3afef8d69f17007314f965ce72c28b48e370a89ce1

Download Submit