hxxps://s[.]team/p/chkk-hfvv/TDJKTJNJ

Analysis

max time kernel
535s
max time network
598s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://s.team/p/chkk-hfvv/TDJKTJNJ

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
3728	msedge.exe
3728	msedge.exe
4008	identity_helper.exe
4008	identity_helper.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 2696	3728	msedge.exe	85
PID 3728 wrote to memory of 2696	3728	msedge.exe	85
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 4084	3728	msedge.exe	86
PID 3728 wrote to memory of 2596	3728	msedge.exe	87
PID 3728 wrote to memory of 2596	3728	msedge.exe	87
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88
PID 3728 wrote to memory of 4416	3728	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://s.team/p/chkk-hfvv/TDJKTJNJ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe06a046f8,0x7ffe06a04708,0x7ffe06a04718
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3810126168803316883,4767834956036688670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
99KB

MD5
53fe43bd52d01c4526dac06426e2b666

SHA1
e9bf922a50f3832649d83f1da5c709a720d0ede9

SHA256
c67c5c0750d7974cacc5c70cd74f78497c7f791182d6a2809f4ec8da2d7510c1

SHA512
5fa4fe6bded6a6ba57b51ea88f7d54cc875dcd58c59bde9f0af9048260406d187ca86568ddb31d4d29e75c3256b79444ca67c52613659293e73e2c2094ebffde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
314KB

MD5
26cfc528bbf3f9545a35f07fd4cc4c83

SHA1
68c18ab5b58b839bca80835b6fece6081e5ecd04

SHA256
813b795e6bab991add6fcc2f9b4e8f938681ab29f21b280f1348b3d1198e8147

SHA512
226ab5af99230fef492ecbbd33c1c4ef9ffdcd8e9c48997455942196c1bf653404313890b7240b781e57e6e456ddb9b921a7031abb85b653b534d3340d4f6a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33e2ba4ffa46b96712ab8ba9c4ea43e1

SHA1
34f882150dd6963420e92984703961f7afb5c394

SHA256
2210563d73d5cabd5a090b832c4b92eebf3efc636182a8309bddf7108e6de334

SHA512
0ca3bc86eb1aefa369ab5a816ebd55917a349e787092587cee0185c64ffc1847876af70d463d13dce009ac77b321d920dc21a87ee221534139af8ccb7bec6f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
113d9e0aff35a5ee2dfe7cbb5298f46b

SHA1
fd807a3f1f0969064c1e0150500c322d8d9dafce

SHA256
2d4309046410ead156017f92229150eaf0d7060481acb56d9372fde67c2651aa

SHA512
6f9b416752b71794960b4f9b9823255faeac93e015a4cb1ba01cc406cfa95d61084c9ea213031f0d04946f58d5bc709d293c3d62b280a9118998577a99a8fa6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c708e3cc8dcf063d0ebb7740a18d272c

SHA1
df235e2c26d94e2da1a3e4d9d1d64bf59f32b3e3

SHA256
5fce23f3ea323f6dc0b1ecbc2df0cca4bb8f076e48f8d3be6dafd95420570398

SHA512
fe066d0e6743531a73f7a88fa8a20f22b51d7c290c4af78e054f645f30abcd4e81d3cfce20e84d6c711f282863cbc61d45ce5e6dc7d77bb366036543b5524684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
a1c9ff7b2d59f04c4d56d2d00bc3bea0

SHA1
e85d50ec3db39981f6649e2696d089bfe507d8fe

SHA256
0fb792fca58a8a5e907b7769a367337a2b5cd593dbec659f568608824535b3fc

SHA512
94e433a3b5c4713a74717e788bfb580a419d5fb8530dbbebb3bd875d3bc662e634c24b0ebb83a9d8b7f79d8b30067a6d056ff010d94b1ca192848b97e9f3c5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
511B

MD5
202a1a57e3c6768e5febaff191377c16

SHA1
12e699766de59eb34a590aed76b7b802f7576dc0

SHA256
3dae105b677e8e5832fc9732777bf81aa94a8597080d32a25a2889f0f6aa1ce2

SHA512
3c38f4902c167819ab2797c69f7dda713a257d2680df75cc854dd928bc2f1d0253e7de0d18bbf9b88e0c64904ffbe03ebf1b9bf3972463f747c74a320f35f85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bcdddb22eea761a84a57c79084a8cd6

SHA1
c35f5bcdf76a8e9e0d2d83806f6396a12ff118fc

SHA256
2ea191ecf3ecb8cb09a0cbe87588c79a1331b3c59d57e26468143aa738b988c9

SHA512
adb94a17c7b21ceddaef15a251235248e1ed1789069bda9261d9808f847a5a4ae1681db91e55c84317470ce5c61ffd62bfeb2a24e1444f2671092ff9ef769eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9c7e05cb548d5531a9892e75f790a01

SHA1
ecf832a8946c0be71a2d96a12a0d6c150725ad3e

SHA256
c154dafff9012561caca4fd43fdca6dc3b9464b5e52852c9e19bf85b46eea83d

SHA512
33ec08c1a0da4941e39a57f6114fa9da5242733253d5a3b7ec4af10ce8426b1ea3dbb762da46374fb0de604e16cf4f6e70055e4e7375a3b2983b5cadec4c4c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba0902ed400fc7c02d7a982fe167658d

SHA1
83df3510eff45eab219a89f9027e742502e699ea

SHA256
95c2bce85b26adebaa5a419a4af94e872014fbcbcf63cb7407243ab324452f2e

SHA512
13a5b3dd2f524ce5202c9edb50d63e31cc119569cac25210f23701ac271461a2ecb5e7f54337fe45c16a5a60d7382dbb2f5ad8e423cac4ce028a8fcc1a766ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a6b1462032af8018c918743b9160eb6

SHA1
8aaedc1bcf36cac70d6131bee5898dc4faf48aa5

SHA256
6edea732ea411c5f8aff75a44b5366f01856567e52f43a0d5610128a38e966ef

SHA512
dfa078099c7c6f06fed953d2f10cf41ba8962ba220e80ec00275223b164c7e36598bcce446322d936a01c17532fa95371ee0c906635de6192a9fef3480e97d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09383803c67764b2a86a0f93649bdfd6

SHA1
d06edf8f9ce72e6409bf607e351ab8d951ce66fa

SHA256
72195c66c42bc7dc646dfe61b8eb46f2beccbc7303b1c6f905f39bebb0fac0d8

SHA512
3b69522dca1a625c78e87d118ac4fdc075bce93c8f6d4627d2a86eeba63a1cdaa75db353e0600c4abdb8370ea047475fd1783fc7ce458199edbdaa53c4c19926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6650a183ce96aed0b14ba1234412832b

SHA1
8bb82201460b2158d075d6c57687b26a6cd7a760

SHA256
c8caa653a719cc0bcd71f047683e17b0e871d18b285e8d0f7dc07c559bac927a

SHA512
9310470c296d5a2ae4d8a8212b9d64516780d3a3355bc7a576a34e7f22558dfe91cbf80091b50eb17701fc9e6ca7e402254bb76f69f223cfbd64617732a2bc1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c7a5a7aaaf6edfa625fa620d4f5ae29

SHA1
f5f8ae40702d447e2343fe0e88c369ee032fe914

SHA256
f43a6fbe9533177c613ee488e88f61090ade6c8a42e96f6bfeb3bc5b80f763e4

SHA512
cd7424c9f4a3c4e65ce4cda51127a6d25c74aa6377d2389ae3f0a01507b76822cc9f2349cfd3d914da15b5e25050340c4b64cc57ba66a2e4e4e5ad9ebe46a2fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583832.TMP

Filesize
368B

MD5
c6286da78ec862d389c08077ba974bc7

SHA1
a1c6e58cd1ad27c6e63633f0273cdcb9a21fdc12

SHA256
1d727d56ea57771ee4318e3b7c94c800cdf05b4d1ffe396f8ee8f6307de8a70f

SHA512
0b2ac6d036424424dd45b29ccc3ce3c9f8c6109ec387a035e5630886ec743d999044e76dd12cc00a85f3d7a9e48e0a9c9003b91f6f7c83774f08ce5af6ae9433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2368afd-d91d-442b-934c-ffc3fbc395de.tmp

Filesize
6KB

MD5
4512b0782b91079f476cc2535b378b42

SHA1
d93e9030eb478989fa00464d43f5c49e45398674

SHA256
75594071a96a47f121cb396aa14046834ad55d5082407d34ec3c4d66844b5e12

SHA512
211d863b2d643758eeea276a15104b41ba2cf5a69eb37b0afbdb1d4c8116cf6d7a27f743153c4057130dc53a1a3b9a7887ccf8a7d7e0a5f85f0598e40b0a0b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5288ce42605228c5b6efdb62f928aeb9

SHA1
f5342f574ba7d869ffd785fb1e94f23e9e31089d

SHA256
f37516804ec40243f7247cd8a02c3a4791f0da1e2c4c5a7886b1d7bf0d0b1b79

SHA512
5b9da5a629809974a0d5eb119b3bd5271034d2609957efa96a1185047fedaa335136a17971a21904fc15d3cdc79534d48e6b0ed6e0ed468a180b683ff662a844

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit