hxxp://steamcommunmutly[.]com/gift/activation=Dor5Fhnm2w

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunmutly.com/gift/activation=Dor5Fhnm2w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
1980	msedge.exe
1980	msedge.exe
1896	identity_helper.exe
1896	identity_helper.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe
3804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 632	1980	msedge.exe	84
PID 1980 wrote to memory of 632	1980	msedge.exe	84
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 3980	1980	msedge.exe	85
PID 1980 wrote to memory of 4932	1980	msedge.exe	86
PID 1980 wrote to memory of 4932	1980	msedge.exe	86
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87
PID 1980 wrote to memory of 4000	1980	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunmutly.com/gift/activation=Dor5Fhnm2w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaacc346f8,0x7ffaacc34708,0x7ffaacc34718
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,14097529112137154184,57413137944267040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\46ef194a-ed51-43de-bbe7-df23fb33a782.tmp

Filesize
10KB

MD5
de0d88bf428129ea4bcb4487bb837642

SHA1
a770dac75d0ad1b16c325708a47d87b5096bc888

SHA256
9b4a11d9e53b4640bc17cd966deee06cd6cc7b191354a6e0a331da3f3393fbaf

SHA512
f2478938fdfb472c34a24146c4bd0ba419fdc8c4e466dfd3bfd3bc4401540fb31308f723a08731d6585f5b1deff4fdce0d7f87ffe22dc039d26ba2a70d0a8680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
8c5c38c996bc428af7efca8335319281

SHA1
b1e35b797c80123f300181034bf0cb394ac7c8a5

SHA256
f842189c99f93c09331c1d8fc26e55329e542ee90e688044864aa78e4f0a63d5

SHA512
c15cc3ecbf01cdd2aa93076e8def7f78caefcaf40b920c7bcac496345055048c30f4e4ce4f36c843f473acf65ed9d1e4bad12f6854544d646c1f3838d991108a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
5088f8d8b67c802f4c0a81b768a427ce

SHA1
5366e6ccde46ee671f39734eafdf2fac5578eb4b

SHA256
aa0d46e44100973e932c1a35ae1900fe5f6fb34cb9fd4c82a2e1c657466588da

SHA512
7564743411058ef4cc123e0e38eee0b5dc0208d0f6d3150af12e3f44d8797de854ff03865ea1855be0bf5341b687d6fb1dbdde687c64cdbfe58057ffb1dbe4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
ed60cd5a0f420784f291d998fa5d21e1

SHA1
6c1ce9a1f0429445af038655a8bc026a326dbc5e

SHA256
1a9eae97a3e284ff2164c577fcf89c99ce0bd7de598905fe0b2b101eac78dfa0

SHA512
d69721bf03ae4458d5e1f10605092b1d049f5cf818de3d6aff919aae26e66e1ca6dd708b61fed2776776b50e41e70e65c68a052e13cc27304bb87be3abf9c68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
759B

MD5
f98fa80764f1e78ad9337092fe6ce77d

SHA1
bb0948aa36d931edd11e40f9ec58099c1460eaf5

SHA256
94185d015e4bd2f4450fe5f31a0a0dabc80e358d559f061be84a669b8a0e149f

SHA512
a712d3d9960a8f1c5be76b05392ca4fc19722f30e9328cccdad08a8bc8ca6a1e0f910c5c4ff6913c8480e5c5a997a969b958afb8aaaf4b7ceeaf0c40ebfabd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e30bf3b22588f2c5210b1f0bc1fe27f

SHA1
69b0f752d2a4e8d2a730827739bc73bb33d56928

SHA256
d68e1ef726a4b1a46144a23f2a702a5b418fb77badabc3cbdd20f9f161113146

SHA512
c0d4ee50a6ebad7db492598583e9d7e27a78ef03142ecac5104f33a8e5a01d0dc1cd1abd166806fc6555b71e7acf35d637cca65c77f42b10b2f0809aaa2a6b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29f5506826ab6a7764ce06b6ce5d8644

SHA1
4361f965e1de5ae3221b8e741421975fb9ce72a6

SHA256
3e18d2e596e94455cae9403a439b98c252bf27866365a10427e8514b661950e3

SHA512
1a36c3e8ebda8921a2ab77bfd90a9b0bfa194353f1051e45087260333e8f4f9181228ccaf99053e49599222fd83bae7aa09ac7166aaa1fe8b40f31cb1b655184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bc6b6aac43c04fe06bee56acdecd214

SHA1
e32184fd6db4c544e3fd7422557d2a465d93e5e1

SHA256
492672ad0bfb9032eab03b06168df854f13570339c2a2a983178323e1bdd87d8

SHA512
fff084eeb92f9b5bcb10111e28e6d6091db3cd95c08cd9fe64614289acd9b67c973623fb5fa98a1cfddce2f61c6b69ccbaee42c508becb0d3d7bd09a0816e96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bbea827569880e600a4022e7840915d

SHA1
b18912ad6df2dd0c1bdbca2522cad2ba4278ef0c

SHA256
ab415d52f60df46bc5e5bf050fd0e98e67cb21c5dce9bac7ba7cbfb9a00f847d

SHA512
e66596f282f6f29c3ffbd5ad9be61a387086c6c1965c9c3efafc85ba5155f21ac8f8606e4939dd0f0704f4860781893dca92f1698ae5e51207d3c2caee15e255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92ff5b8ac995a9bbb90bbfdb7f7662a3

SHA1
ce183093aaa90bf96c22fe6637439d2b01502ac9

SHA256
99a14bc2c145e7de466cd4e7b6caee23c6ffa7c8549914305395c456616c6734

SHA512
9fce07dd449cc882bbbfcbc65d6cb9591af93b03cc439b88e8c723c919ad35b38a8d71f402834214afd598142f3ca7d4e9a1eaa326d26a0473b9986e1b94595d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
202dcc8f3cdd0c994e553156794d3b9a

SHA1
91b0bb6d8c0844975e5a5259e768a593f5da2677

SHA256
50acbe99a74a07c160893c9759347d7fc02412714a02cf437d29421845f62e26

SHA512
5d14245eabf03a845859d900c20d92aa6df017e0dad0b36d4783e79bd514dac3410838c8911a503453b0885e52b1c38168791d8e6a3c2ddab7dd13d480c7378d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7a6b3190a1855ae93929b2a8f307bf6

SHA1
e1721ff9c44f2fea979be4af2fcfd1a08443c611

SHA256
a9d85640260937999d0f521eb9ba77f774ca24bba5619f48da25365fcba08c31

SHA512
839c7efccc51e165998ebf741c42f3a36297630e79d3a2f38ad8104e80946c0535eb3724c6ce6bdc02ed7899195a57ab644987219f1a8d3625cc1ba26e62680f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5815c5.TMP

Filesize
876B

MD5
c2e24b9abc9363bf46fa126fc141782d

SHA1
f21272e52c2e750a1d567580c20d81f38978e7f0

SHA256
55c4cc405fd966e4270767bfbe76d9d091d3742c5e48bb0f7931aa303ec03689

SHA512
b2833200cabdc8d75338d09417fe08d5b37fa9443464ab6c068080adbfacf6065fa366717aa26171619156eb9169774d78fa2a26094e03139f0929cd6da63f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ffd88ab42fa495f688c9522611fc9ade

SHA1
31b2685b383124ff3ccee649a237173f673f7518

SHA256
af7c40a10499fbfc75b201858cfb488332ba3e68fd3d50229748ec799ed0f01d

SHA512
699d6dfb1d7d2f7feefe4e0647c6d18ff261bbff08cef0236bc3ce61872fa4b9bb26c3d902f7b3f1e1e8025e89125cdabe8fdaef9c77dd6cf989f4beca225060

Download Submit