hxxps://is[.]gd/HsNMhe

Analysis

max time kernel
128s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/HsNMhe

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
216	msedge.exe
216	msedge.exe
2952	identity_helper.exe
2952	identity_helper.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2924	216	msedge.exe	83
PID 216 wrote to memory of 2924	216	msedge.exe	83
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 856	216	msedge.exe	84
PID 216 wrote to memory of 348	216	msedge.exe	85
PID 216 wrote to memory of 348	216	msedge.exe	85
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86
PID 216 wrote to memory of 1936	216	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/HsNMhe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd480846f8,0x7ffd48084708,0x7ffd48084718
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12325824169740671519,10428560223017086544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\25427de2-3c5c-4e56-981e-2926af009bfa.tmp

Filesize
872B

MD5
f15b47ee70767ed37402fec04b87d6b1

SHA1
981066d673bb48beb8d43691db40104c4deb6959

SHA256
1554baae1fdaf977a502b988a218cb5586a8704c1941fdbe1a7611ca6e1c0458

SHA512
a75462e2c77d4b3c150cad5ef53548fcabe7a7d831ae14b83b768d8f94118b40ec4ba5e0c5f1e19f2ce6fd195c8f46e05a82354e166e37ece090909bef9ddeae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b25a10fba1cc4176384e2a80ad11a34a

SHA1
8843b517cfb7bbc60276aa633b9998ebd2ff5a69

SHA256
79d7bf9e2f4e573404228785c9e485a1da9cad05aa566ffaeeadf48c1e5c0f5b

SHA512
54b737e10ef86c4d5bfb111df672e5160af20a1ff145e672d12b8dcbd92815063fd0e4776dc6f7799cf2a86fb5c879d5e014237d9bc250254f40db80e4137bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
bd0868a249bde20dfdf41acf35284b38

SHA1
9d45cb6dd8527c0a7fca75f0889f8fa8b54a6c13

SHA256
685c5dcf56ae46ebba34c528641322baa8dd8960f756203612ecff74df1d706a

SHA512
80348a2733df81ae4d92a4e9ceabdd3cb6dffaa116070e10275636ab37c39ed92f290969ac3e15d14fbaee8a993cedbb36c7ec44af687addebb6ada3331a38e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
efa4897adc726c1eb786ed40cdf6b36d

SHA1
03f5e5c0003564f217d750ecb983e8c28a7e817e

SHA256
1b41b32a0d4f63e3e4a606d4d4483cb2942ef49332a17e2dd4dc401d53c5ec37

SHA512
48d94b1cda178a0ecdcdda7717281a5790444638deacc05d0384bcf626cdc76baf5ee79cc1f6c51bfe91ad5d93f52b84f832c4cf29c42218dd7e1daa462eb07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bf2d9a5e95aa9324ef9050c90db49981

SHA1
39a72e2b29b8b8212ca11f135aee6d443bd0e845

SHA256
911985fda22339eec6a878013ea885a77a1fbe1d0a647f63524c1001441c2a7c

SHA512
79587eeba6054455f0fa9f151ce666c24ecc3b901383faf306701f8c7b71083b10b79ffb7a1d9c946db65b349561ef4595993945a3a243a15333aa2fe360f491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d78a4b4bb8d5623ffe6d4e373e3c8e39

SHA1
ab05474028f7a9ac191aea26398d76ba3aa26dfa

SHA256
06c123caf9a00f73c3e9da539839dab8f58e6e0bc5981bb71f548bb6d8721549

SHA512
14a475185b9f592a2a78bd14b5c72a656c4369b6287b2e62c70489a9f38959ace4e6b03bdc35f106df259a22e6a5940b43fac5a07aa8b476ba37acb3ea2a1917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93d561142f4dce7d83b0f4df2ef8780e

SHA1
2b57bb82f0894950046d1347d980206402c25593

SHA256
3502696215f410dc628672c6e04130475b3ec4aeb660b5a1254c1ce698707004

SHA512
2034d50b7446754e5dda9ffd2568d382d615e20b84223fd225c67380dc1b5fef20c6586f968b974b0fd99fc9a9aa2aa15089fbc5c7f2309d85a49d16142ce636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e9ca3c48a26699cc3a8df03647796f1

SHA1
4e50e527f9d92efdec84fad019f0ec330a061081

SHA256
8696e219e571a7d5f8b781df159a3b500f89f2046372d1f63e5e245c11b4ed22

SHA512
f65b753cbde110577a19a5e4093a742d4b87d6e387b2321a839691f96bb8b118b06960b6d6fd25ea3f49ba1732965e4dd71b7fb79ea188590ba5c493ddb19aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37a3aa5853d214ba2f1c57685525da19

SHA1
50640aab6cec5ea4ac806a7bc662a951014e836e

SHA256
efbe8dbcf3745c9ccc8d4d1a3c054efd00644ee1a61b80204615330b07096f74

SHA512
21fdd633ce7b0b9696421687f6b46b06ecd4ac197bf4bb2f9b5b9386443fc8d31f420df6bd5815b7de47c9348b7a903476b6a329c0fc030f1f18532464103397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
440d4c035332dc85ba04251e1d66de8a

SHA1
2875471e430e45da84364134fd2fd92eb88b0ca7

SHA256
29220b703c6183eea681e40774380c21dcbd8b5792312d5dd146d5241f074c93

SHA512
5ec038e7bd93731e05c13c2534a6ffdec37099ccb3d1b677c245f2ccf39d9810c61f4d73020833e590062d2a86ae0f3196ba08ee2ac8b6b041e20f3ab0dd1aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45674b38518597cf6f2b6d7f3007fcfe

SHA1
3102dd0643acecfc96abfc0f7f75b8335078e56c

SHA256
3615954e52a4f257b815fe2b2768ed0d554077391c81d3f0779a3d1e2dec07d3

SHA512
22963dfecbe81434c41459021351ac83a4af12a932ac05c617f36ae60f42dac223be8c7734fc69afafec249e6aca288e545d47653b1d9703a695451202fa54b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e00abffae5f6cbb281f3657e1ad715b

SHA1
c006ff71adfa090cd415e7eb46249491bb942236

SHA256
c88b88762dae33decb23fea395a89fa4fc4fe83c08b4f7e4f5e6eb5a70e15310

SHA512
7e7e7c314c2441ad6fb43eed32592010348e75e174229c61e1109a3e7aff675d848b26352e1f94533b48138a752584f47734ececd914ba4fc6cefa32ea4e3d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
f8be7609de4aae119ed2963381d47ee1

SHA1
0db34ce65143473b790dc51d8c0579714079e1c1

SHA256
d5211dc212fbe8147b54a0f328e7cfabbf7cd53d6c953755a1f7287a12605cdc

SHA512
615bfb33a3681ed5f17456c7e716192930bc11af0d66c00392a8756ead30c5346f843d510828aa2f28acd08f38d9aabb2f0bd9d0c25256e26be36b0a76defb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
a231317607ebc7ccfd8523a34b7729b9

SHA1
136526f196bca0d8e3190aeaa96a745abb1abc2d

SHA256
6b746ffbfc70cd81ffd41720feeb972bbe973efe5113a95b050ea11593cddc5e

SHA512
d71a26c6cc544b0601e9f16af433067327c3e9c37e00fd54183261133a318916faf514a8039cfea5f3961454866eeb0aaf8dd040d9232284a4e270dc497cb6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58344a.TMP

Filesize
705B

MD5
90201f41d651d1505c6d572820c915f7

SHA1
1a33a670ef5704131bcff537d49956c3f5bc3433

SHA256
bdf43d60f9dd50ed9b5c5c987329fe0c49725f107e668d47f9f4d76085a1154e

SHA512
ae4084b78d966a5164755439ad68765dad322f7d48a98decb2adb9c82cff0226c89bb875320db1bb5e3f0c1a73a198288e1b3c65b268f3d023b06ceb9be381b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d600f9406a0064603645be50d3ecf36d

SHA1
5f6121126127d1e1d984bc450a5247d1c88810d8

SHA256
3abb755bf754441f0d85a364340c1ee237d5a877495e8052f10674280d20c531

SHA512
1c888596eda4967bfcca7ac76fde1ecbf957b43583eb7626e29278e0961dd11f778fb6c7712b1273200aad7730ef3d21c2ef5c5589fd026b029a991dc7c4a473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
406deeef876893045fa31f6055117257

SHA1
1d5eb89236bf2678f93c566f24d7fa11693fea88

SHA256
57db30f455719da941a796f9b9e25514529ec880ae0f4dcfdbec89ff129fe06f

SHA512
6d9e1c3283fc4f883c7512f881052b4695872d139e30de5754e5490e70601058c0e060e87773bfe0b5603d7c98ba0143dc18bbf74d0c0d6befb8f11f9c97caa1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit