hxxps://gamesplan[.]fun/teams/20

Analysis

max time kernel
151s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gamesplan.fun/teams/20

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
3976	msedge.exe
3976	msedge.exe
4284	identity_helper.exe
4284	identity_helper.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 5032	3976	msedge.exe	85
PID 3976 wrote to memory of 5032	3976	msedge.exe	85
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 1504	3976	msedge.exe	86
PID 3976 wrote to memory of 2376	3976	msedge.exe	87
PID 3976 wrote to memory of 2376	3976	msedge.exe	87
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88
PID 3976 wrote to memory of 1456	3976	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gamesplan.fun/teams/20
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa173b46f8,0x7ffa173b4708,0x7ffa173b4718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4306123548898413781,7076197926062117654,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8f83ba69-2394-45b7-bfae-841ffb3f44c8.tmp

Filesize
10KB

MD5
876054a0e1cda512803a000411e9c698

SHA1
6f390411fa2a7717fe5b64ec0faddcff8725eb95

SHA256
2d95be95b409dac151676d1ff3f9e8626bd440fdb5153ec685dd6d6a85096fab

SHA512
4b94601a2355b033d3d03d58d55242bc4e67360df21d9b6b3842b564f2de288295d50aa218bb944322776689336bfe5fa38d26796ffb0a1a9bc285c557953fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b1671231d911e1de4b5bf6fc59b87460

SHA1
e601f8165030f19f6f11670278b31369b5e538bc

SHA256
f147511fd40c3bde990b8d1d60f0defa826b1170f0c12188b44c394a5c3d1f68

SHA512
9772a5b652a76b838e48feb89dd042e02ee259b3ba257fb4350c3eb74e9607676745bad8718159edc2d3dea2ad5d23869b83da328d5cb8ac1723c8980abea645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c1c334456c2c85c26dcdb7267d8a978a

SHA1
c5b168a6f7d922f0dab188c805befd5a2a7f8628

SHA256
16ee5e55bb027f577d31da6e664b4cc1c76e4b8063edd3cbd9ba8d05900b345e

SHA512
89911eaf3192eb45416605e452b55424429bcdc4c3bef1c457391b5b437fa62f1b9f1ebad64de08fc30d4d2abf0cb4043e969752e6877c85a3d3aadaa900eeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
fc200f9d05a79c38cadca86fa01b6013

SHA1
20e38202168428889935174e95beaf2e2394b7c3

SHA256
e20e440d7c5fd16b45dbef4277bfe2f241f46b4d0ae9a6cdbc5cded1f8139d0b

SHA512
39cff1a348588b8cae275c240629d556cf3dde089ce188ac406bf2da2db8876547a70114caf9fe907b35de622cc47607e96aaf946f1d869b33dac4771a9fbae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4b6e76931a2cf89f208d000e72b675cf

SHA1
6bf7137d5e203a1e61a8af733c4151d06b6301c8

SHA256
2dbc259d5148c21f249f897e348ef09193d99e885c482486ce3f9ac535474c43

SHA512
09c5b1a7d20728cfa6a4fb6869dfd57da7cab7bc9fe1e3df10187f246583601571ffdd234ee6d019967b5584b712c08aa382af7eda5d145a6b974535043d7fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ffb570f51cfaa503bda5601458d52ae

SHA1
e75f73c7bba3e5ebd0275d8f3446b55ae2bdf053

SHA256
2e443fdfafca2c9a28e04865af2f497a765678e4dce80e09e38b5db5be7038c6

SHA512
d259cb3d356f8bb1541c36521a4a0b7e8fb60db00d0c0de6227022114aeea670402c27871908e8f101c42f861842d081d527eb598d1a5dabc9ee1fecda9176d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e7d9f07690765f14d0d3017fb282640

SHA1
763c518923d1022d893ddba3bbdd0e6c0958050e

SHA256
28e0f89c85e136e3af2984b329613ff624d962f24e6c59ab4255526209d38728

SHA512
0fb18cf9f39bab1f34b931e05ef149d237ef8d001d8c8c500aeacc51be3d8c7cf4338b767db8fcbcab6f8a9856e2db744ecdabb2374189355d39c2aef03c80c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4aae32356b8e9175dde42b81f689161

SHA1
15e51c3b139a7af031020026ea4bb6be6b589f76

SHA256
6135032fb57e10d9e911f9ccee97b0c15f859e55bf0c5f314b20229576386cbe

SHA512
fa01a990971e811ff51f5cceb3552d19a757d07b1c05cdac1c2a2641388bec33dcbf552065472a987e71c23680087b2d45da6b8855752502648a93bea1b01021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
380d7a100ece37a5e9773a6efbbe3e7c

SHA1
9524a45c297a44da95bd126b18c10fe6d408bdf4

SHA256
8507b41e8695a691c21e12af16cc90f8e0690caa3f27ba82bc6ed42b916cdeb9

SHA512
2adf6593cee638c60b0ee529135f86e66ad1e918701364111e31c5cba436aadf397d42d10fb9df0179a01256a14b8e1760a91780205bc84eae787f6db0444ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5919311fc5403dd23f5e16d2bf6bbd6

SHA1
a41ec3ffe9b262f7ea864efb032973dee8c1bcfe

SHA256
6f977de93817e820ce23b7c54429dfc99ce32525dd685e5646f7aab8f875597e

SHA512
663901d4adbe363dfc6e33eb47b13d2c3a47ae2ac93179db867a717a011de282332b5ee60dab191a2f395a113ab2402d71f98d42f4acc98fd8c4edbc2a1ed9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
4bd75bcfb9a1099559c1d9040f622d7d

SHA1
678a957f9178e37323ab29a655becb135556174c

SHA256
32626e4f6a7adb5536af2f9ed2430ff25d0692656f0ac5aff8693d531974cfff

SHA512
d543ae546f694df877689a70183de5b26bd9274620d5fc4cda57af05f440606224bf52dddd385892b6ec67640cf76be68193964dad76817bc080c9296951575b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58502e.TMP

Filesize
370B

MD5
3a286cb092bc7d89e417ee2ccea7caa4

SHA1
3255339ea36f3b3db9f3a710cd73869fce7ca013

SHA256
9117bcfe1a3fa6efdb6ca75495b07007a11473312487c9813e83fcafcfc48084

SHA512
da3ce27ffb8f949508207164909464ff741efc0f1f08cdb6d0f135ba55c9ea256b340145c60d1acbb6300716fb0f2891fa61e672236a4a0dab2f141b7dd6ac10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
aca67dc293952f3d717445b07f653ea9

SHA1
eb7fcbc0eaaac84f892fd5af3e87207cd391d655

SHA256
40cfe74d608c51ea905dd2a8347148b6346e50894492b5d0860a67a23fb3ff16

SHA512
c0a24b6251b87d092bb1779a5487a9748e80681413455386ae89c83d40e4c69b03bb46c2a71176743d3d1ecb38d2b6a2be920ff49d26653e18d6e8427b39e293

Download Submit