hxxp://steamcoummunilty[.]com/tradeoffer/new/?partner=149270605216&token=hK3VWGgL

Analysis

max time kernel
146s
max time network
152s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25/12/2024, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcoummunilty.com/tradeoffer/new/?partner=149270605216&token=hK3VWGgL

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3facffcd-7cc0-4869-bc7e-a26f7035ef2d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241225190318.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3464	msedge.exe
3464	msedge.exe
944	msedge.exe
944	msedge.exe
100	identity_helper.exe
100	identity_helper.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe
944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 3128	944	msedge.exe	81
PID 944 wrote to memory of 3128	944	msedge.exe	81
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 4928	944	msedge.exe	82
PID 944 wrote to memory of 3464	944	msedge.exe	83
PID 944 wrote to memory of 3464	944	msedge.exe	83
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84
PID 944 wrote to memory of 2236	944	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcoummunilty.com/tradeoffer/new/?partner=149270605216&token=hK3VWGgL
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb32e846f8,0x7ffb32e84708,0x7ffb32e84718
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x118,0x154,0x130,0x150,0x7ff7b50d5460,0x7ff7b50d5470,0x7ff7b50d5480
    3⤵
    PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14922035932533252696,7226031026270092922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aee441ff140ecb5de1df316f0a7338cd

SHA1
82f998907a111d858c67644e9f61d3b32b4cd009

SHA256
5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

SHA512
54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
821b1728a915eae981ab4a4a3e4ce0d1

SHA1
8ba13520c913e33462c653614aece1b6e3c660a2

SHA256
36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

SHA512
b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\453e7772-fbd9-4346-bf43-4b214d9515a9.tmp

Filesize
5KB

MD5
726dd66d38d424df544e36ee3705ca78

SHA1
2f124939c9ccbc4a6ae6ff08749c6ab8bf0ffb2e

SHA256
6e2a0922985d885d8ba00dfb2b77d43d52045a7cb2991b7c668450fec39ccc63

SHA512
dc32f615a88a246bdc2c093c044e2cb09024f35df74fd975becd892eab3be9ca87f789aaaf9ebd860667ae74f7866de457c3639e4b1cda7cb87b5daa80d8f8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
61b4317e8598b44504a46c12ff57bb99

SHA1
adb5069406ac062eb2398f6e737879e01cefc648

SHA256
da165a9ee73d92d69b6ae5832b6ffcdd9357a92b4636ccf4752ad1820e24aaeb

SHA512
344677bc2fb9b2bb038431e54d217a47db04c0f3f9058905004143b3254a2e0e3837fba0648e5030ecd92b891c50a1091dce3f50a1d6bb44ef6b1a4c584ed74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
54d4337062c7421fd1af9e490f4655fb

SHA1
97b8d68a0c868ae7f50b770333fe222534e668f4

SHA256
a4f8e09db8d1344e007740bc7d5dfdff475d984d06b9c5beadf3a8a2a0407ced

SHA512
78da7315bf9956861360e98ed33c8f66e8d4bac1aa2356f75d1523fd9426fd5b08d5153402e378777d6d86e1a078e4a86b8fab9d15ade034f09e6caaf6cf54c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7fc80a25f5531836fa033aa7b4050bea

SHA1
71a876ac9e2d6eb195d689307f34a91b4c441e42

SHA256
4bee466f88b2b5a2c46ba351d5209a9f13a2a93ef3bfb6a69ac25dd0187b1584

SHA512
b9b4c798235041454b55197413ae893e80809857e79fd93648e093a4ccd643602faaea646f2cb6512c59a5a344855eb8839a888d27f22331508389776db8fea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
504B

MD5
0e0586c707e62f9d951daa6787fdea23

SHA1
d16d2c5cac04ffd3ee950044b0a6c6b1a4fd3f5e

SHA256
c10f9a1ee79ebe7c0cf212a51f2ecb9a0426d563e0b4aa9b7658c97d95de6444

SHA512
772eccbbc10235cce830377b4d2c4779dfff447bd6df8e4010839bb3d95cc0ace4190d170cd8e26481f6dc04f5fc9dfc7ca4d546651199343bb505df65371b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58722d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d73c694ed027d874bdb0ee2a5e7a4e2

SHA1
7bb41a2dc5dfb29f4f1a2f03c4407f77d8a43af9

SHA256
38612dba27c998b40fea29d722fa2734efb301c8ad3f286cf9fdcad01142c8f3

SHA512
f39ebed326dc2ea871f5074ff702c3ef597d4f536b814e50fc300e592cfa49a4a85d31e277b45592365a04eb47d79c6e89e859a4552b1cdb31fe276f25376c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64e1a14db5db15d8fd877cbb426350cf

SHA1
69e7600a386d260054214536b052d21ca57b0e60

SHA256
71915211f0d3e562bed8764ff5e84749c68da7da6e5f016c1af5130f5499147c

SHA512
72f639b6d98f878aadd62b1b7d14ed1fb27f841f70b130dc697c69174baaa5c6cd9b268b86e959ebbf3073072df2d654b7e536c17d6dfa7dc4305ae961598568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28158bf68e99450249d171386b9bb0e4

SHA1
05d06efe43abe7e5f7f07cb295a5c18907ea2241

SHA256
03892f14b227dfc98526af021b3c0332145ffca730fd74733a9305636264d2df

SHA512
1d4ce87c29278f74a620ea6510ba4f2ecd1089f591f1874679b4e233d5d391c54acde1a504176cde9726c4a3d533cb783f247d34bc8a2217d8723a0d7ed7b98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
40054cb73dd68fcf513186a36e7b28b1

SHA1
782f64c46affe72bd6b334c69aae88aa32216b2d

SHA256
136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

SHA512
8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
729df10a7e0b722edf6673d36f2040a3

SHA1
d082d92cb6eb8c0d79c9ea7e67e8b4828c5ea02b

SHA256
e2c498352af617d6d1106ea4d53c59fadc993a1f432068307250cdd0be68f7c0

SHA512
1619048945ed9b48ab2568dc546adf5173f2c60d03ee74f4616c3ffafe7182052b760feea19ce288799448c0f613b5e5592e5c547417fd7705997663439e3270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5046c818f5ed2aed59875202d6c92b19

SHA1
126b7658044d0f92b6756d9e7609b9e7a94b8c26

SHA256
a1c9ae8401f243058527c4127393fb98a1b2e47d62f00d1880ac3796342e7e9f

SHA512
0fcd588f513c9cc21c505979a1c9187a55c1f401ad7c1fe161475e4a8ef253c9d94c5b9ea23a3291f73dc84db012353045eb40e25ddc079b288a10eddcee7695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
627a9bd3b1ce24979bbe3f210b2d1ffc

SHA1
e5e63d99d209a9e762b3e39c513b4ed3ea0bfe32

SHA256
77f68aecf763a9e96de47636c8df77fcee833128b024b3d070fed82583ad88b9

SHA512
18c8909e4b28109b7d71b40f85ddce0844a080650fd68292ab16f9d0ff22a851a3ceb1655147f4fa7f57221877dc4e320c7a81e5e9553b8d4499afbf005e5362

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
385454714977de2e3fb88d14d37995a7

SHA1
0d648bfdacdc21982a81cbe684d52365e114510c

SHA256
b89384058d840b59464d6bb9da62150e9aa1315c2b2953a74b58882e67bb7f25

SHA512
bd362c0a2ebee183b11996e5c3a70c9063ea0cda07f5a99773b7e7f4d60a9d658c88eb1bc3a1bcfd995a23ddb50349e0646b0784989faed89721dbe1f85f5095

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
be1ed43eaba3dc364339645f066e72df

SHA1
8270356ec13ee3b8fbf83ca20fa073f42491f00f

SHA256
add5ba3573823b4bad92e0b6a307490ba2fa47075b8a319e3931adad1a17786c

SHA512
86ff951b5f4a262f49c6c9eb6090a2c8453968809e7142ed67d1ed9ae59a93a39fbd3b3205dd4248bbb0dbbeb71c1bc40147b879edc17d0c546f72ec8990c42e

Download Submit