hxxps://bit[.]ly/3D6geUr

Analysis

max time kernel
1719s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18/12/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3D6geUr

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
4952	msedge.exe
4952	msedge.exe
2316	identity_helper.exe
2316	identity_helper.exe
2200	msedge.exe
2200	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4860	4952	msedge.exe	78
PID 4952 wrote to memory of 4860	4952	msedge.exe	78
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4804	4952	msedge.exe	79
PID 4952 wrote to memory of 4340	4952	msedge.exe	80
PID 4952 wrote to memory of 4340	4952	msedge.exe	80
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81
PID 4952 wrote to memory of 2192	4952	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bit.ly/3D6geUr
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50f93cb8,0x7ffb50f93cc8,0x7ffb50f93cd8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,1513170948882329909,6643851940298518131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\628f7bd2-6479-4a44-988b-c52e63c77136.tmp

Filesize
10KB

MD5
dd67ddfbec9e0305283a3eec9fcd2949

SHA1
3f8c3fb7e03e2fa9e7f293d5ffdf6e76ef7b31eb

SHA256
3acf42d857bb63f2480454230310c66ddd1483e95742e9236378065d673ee3d4

SHA512
0f9aafa7f57a73e9fe95e09a748272745229aeba4148e0033573f8e053a30610b89bad6491ab6cbf0543ac844c3c40d8eaff97ffdd6412241886d72c979a3b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
e2e9ee5c35079a15db249c1ddbaaad49

SHA1
f4321065554527d13a199f71739e31a206fd0246

SHA256
a945572b1a781ab3265ed17753b16d0b0fc290fcda9feaa2f7db703b450ce2d1

SHA512
3acb358755a967483458999f3f62f7f71c39603a01fff83456b513c4175dcb0d9b1f7fcd24f3ed39ea33fb3bfb5efbd06e11115c65fdb420a1ec9f078871d825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
56ff657d51dd72419727b28d9988c628

SHA1
10cda3007cd0d3640f504d97e80ae4860c9f4d2a

SHA256
d8dfbcd5087c3c28d9505d3c00247fa8a54a2d98b2ed6ca657a236ad0cad51e7

SHA512
403d9b091f5c2767c0120f4d653c9f84d0642573518e4b279f8eb50a03258de0bb4cd8be0916111ed854a938e3639a9c9a85ee954bba1ae4160893fa3591c7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
638B

MD5
16249c85bca725ef7f4428f46f487301

SHA1
43571c585eee4ad24cce53c4e885354cf479f2fd

SHA256
bd7a49f7658811bcc99c8f1b97d112a32cf467ee29eadeec62c13471282de29e

SHA512
df322478c3c1a8ca51aa58de1dc6737baec9cd402d90efe377198632623e187cf7cb7426a4bbbd1afceeaf8f53af05b0f0ae808d933515c00a6b58af8edc252a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb2144b417e6eabcd575ab0837690b5c

SHA1
7fd6cb6c7a598ec4f7707f8d834458e94dc46a82

SHA256
87ede032cdbce090697774bde995ed5c4fb98f4a1baa4ff9af7760b97391c3cf

SHA512
f8b071ff8fd9a5b5b89f9870b687ae5c5baa8ea6d49a8ff0c4c66c24fc38371fa9994097710d222f9515a144c11015e353586f49dbf29982969fc61d5e058929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d1d8857a4f33d26d35c48c41b531a74

SHA1
226ce3561079e61dfa961e78a9a7c70f1f7e266f

SHA256
e72ef8cda60689c86da5fe736f68116602051e850d965dc42b06b18e8339861c

SHA512
92bf03262b73caa68b67499c50fa91422dbeca763c4e57dcac38f6bbc2a9b3eb1ede18cfa8654abd5c4972ca97b39a520d0b0887797450d202ee811c07d78c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
844988fdc0d0fe6319c653a78236aca8

SHA1
6cd8c48a2f3f2ba50d7ce6dd30b419e890b17cfd

SHA256
f073ffa04d22f6d25aeb0e8ecb8af009acdb53f7db824838993d6579a05bb6c5

SHA512
0e4e91f5f8954b7306b4e109f80d8fe98ed533bee777c4965da9b892ffd99776ba96b0763762f3729677268cc0b0057146cb2c2a891d6f5097f048705ae5bba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
416dcde87002ea166d0815b4f8f04f5c

SHA1
e582ea4f0fa79065f7c65a487faa54f87e7ddd02

SHA256
004b7cdc627435159ed6b81d54335d7d0040a69e1107ece863e54be14ce07298

SHA512
68bce02f1512f66c08450a6da20ad5c019a1381cc26f4026be64e15c5710d79cf772fd8ef711007cb5a265c0715d76555f41cd6199e36228872cd0739e910119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
4253e693f3eef1c428dcab4bf4ce08f3

SHA1
5541e2abde6b124e451496bd214aafe8a1210e82

SHA256
8268ee53330aac51bd989cc17febe872ffa3433121adfaab87e0e5f69b63df6c

SHA512
ead558158c469f17c333c16e83abe70f26babb0fc8452e9583ef6d28ae95d3c8c0328d1edfedffe4e2965fdf0e8ed7fc21d0c07640c2851d3139522db3c10edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584428.TMP

Filesize
372B

MD5
4e94c4a8157cdb3ce90816607cd962d4

SHA1
c53e906c1eb5db43deb51b9576083ab1fe54874d

SHA256
5887c42da4a367bda36682d15b44fb246446147ce612de3294c11a2b31c9eab1

SHA512
59e4ef5b682e38e02f87f327da63d2022f7384c25fb91f36faeee73d10b4aee04598d7231abcfa62344daa73097dba8816ffa31ffb3762bc4d0568002cba9aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c6a8e58f9c9f2197cdfa9b355449acf

SHA1
0628a1f5784c5f905db75dc0d85a39f3190b2e9d

SHA256
f8664d78b46191b0a3af81ca1eb1d01856c49a15c67af0f6f908a67a1cca61e7

SHA512
9e71fd33079d26dac8110f6bc9ab4c6d539b0e689dd9e7efa90d0b6a56c2869df3f4b0a6a4bb8f3106bbde52259083a6d6c91c6adc090036c7d8167db5173a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f034fd557f00d8559eb99ce2b455865e

SHA1
1ab50f3b0c791f908bc89f2bd97f53afd5a74ac7

SHA256
4eb46b884a99e4dc39baa6c59f37361c5756f524130e064116cd84238cae0a41

SHA512
d148636347fa037c0b9a84824cca758639702d5fd9017b102acca04b6b086b0e93110b8ef13563f39f96a88bca9dd54ea233c581dba86b2abf77547ab02f7278

Download Submit