hxxps://hxxps://steampowered[.]playtestgameinvite[.]com/ELDEN_RING_NIGHTREIGN/2246340

Analysis

max time kernel
112s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://https://steampowered.playtestgameinvite.com/ELDEN_RING_NIGHTREIGN/2246340

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
4784	msedge.exe
4784	msedge.exe
1360	identity_helper.exe
1360	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4440	4784	msedge.exe	84
PID 4784 wrote to memory of 4440	4784	msedge.exe	84
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 1084	4784	msedge.exe	85
PID 4784 wrote to memory of 2940	4784	msedge.exe	86
PID 4784 wrote to memory of 2940	4784	msedge.exe	86
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87
PID 4784 wrote to memory of 4000	4784	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://https://steampowered.playtestgameinvite.com/ELDEN_RING_NIGHTREIGN/2246340
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16779275536081283507,17442729424823629708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\189c925f-1c7c-4fce-ba41-cdef0198d031.tmp

Filesize
874B

MD5
905aff9542186dbe4c74b66447749ce6

SHA1
8bbd5e8e5454beb28a9b22fec5f701e19715b147

SHA256
1f174fb9d30147fa2eeb9a23e16a548be501ca3d74b40b82e272a92639a75bd6

SHA512
121b20f2babc6a5c77ef4460170fcbd63d4539bac934b302fe60ee633a4600f6a0689b97966411888b7c0ffa6657b7fbe5c1369854ed845eb41f1869aba0531f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
385cd80f46505446dffda5a56939e6a2

SHA1
8725b766a3f9d7efbe44b4f3650145d8db763adc

SHA256
a28a539672a4e2933f9591e8fa624e054e0f3f6e33437e09bdd5cf6b8467d5b1

SHA512
35f4dd802372178043acfbed7943b21d178acd96758c89cc1df243f42357605d181a9196471d466ede376661314881fdfeab55c42619a3062eabd15b65887068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
986B

MD5
cdb044288b75376daa7385fcb9da7290

SHA1
8497f8f025ae259edc2df68557d29b460805a26c

SHA256
cce8f8c6ba4db69bfc5975bf455a9da7f04ee6165b308df080ab83351271633a

SHA512
677ad8b580f727c10ee85145f42b95fdb2edfbf010f6f97a4982845de43dbbed05f7565af3a5277ad6780911dc96c5568c898a2aa235c5779d3f0261728c9fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b2832847034eff4f41cfc4f4a8fff06

SHA1
3185ce249909ddb3112b8fb783a10778af09f74f

SHA256
353094fd3f24254d345dc96eb340bd1664aa621eb9f8e9877aed345db36ee90c

SHA512
d57e07c10c35cce36cb82fce93f1b179bf5a4a0bacbae78701a582a44ae6cf8ceecfea4b3ac114b7c64daf480093cacbe218eda349bcfdf1e11b3a5020e985fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d364fb9273c354cd638e0a1a7a5cca97

SHA1
86302128c5e0546d225e5a8bc45e661398c77d13

SHA256
4c285b430127d2167f2a72675876c54204cfa882284e2aa440b8db0a1f43d272

SHA512
2c17c0803352798d05b7c7eab7e8d2f0bacb4edcf5af70fe1aef051b35e06f95589de4fb31cde4085b600db0653533aac9f14d5543858d132a04d07f55dfcc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1feb6a6dcebefd32625915880e3a9cfa

SHA1
29b6d30e0dcd37c348893df79bfd57d10d945301

SHA256
15f76e7b8c521c6008f1ab39ed36848045d61a2e26ce8cb238fb7fb28ed0aa74

SHA512
9aaf70837ecb862f0726fe83e8c375a04ddc72ffd37f0d92b4535aadc48fc4e0ea1aee9024639db55da6b657be578846f5548b952b2861ccb80a707575ba6b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba72dc4dd3c54149ed8937bcfbae48e2

SHA1
4a673ef76c8569173e667074bb01493a994040e5

SHA256
bbb0072e837b3649798eca12757bb56cd99824d2c0678a4a65cdb75899f8b42e

SHA512
ac8a754bc61b33bce17e0cd6d29375883c4df9d36c1d536d930d550e931bb3c87805cf48fda3a20484fbf90451a98409a86c15c0185bae7b45361907bcb21785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b45e23a40f303c4f119951caee848ff

SHA1
10af038918011646dcbf87d2d8f698a9b423b869

SHA256
c8ffc28bfa26ead818ae49d566a84f86526996a57c411b91d4a389a67788076e

SHA512
09dc5a7eef2b088d52681c2876c0dff93d2cd89989f4401f3d24b8e5b34f28464aa8d80c408ecedb0d93aacf3ef8cbc8712c22677515676e7caea5df231b0e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
4a459b97ef3f262f3a68804920395fe4

SHA1
0ffde35ce2ce43f233af35037d50491dc7173da1

SHA256
0ebe0abeaf80d9fda4d2e55ce13186be69aabdc69301baab220c9e642c4b002c

SHA512
d227907bea98a42420c7084c080d6196e214808f4964e6baa77dd715962eab161362be4163ee92eb734462d95a12c9f3a37dff88ac6f1cddfccc28ca98506c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813d1.TMP

Filesize
538B

MD5
3b9ee7ee5c5cbe0444abb2462b69ae4d

SHA1
7f30ad9b2cf27894a7771ef2d7f60b67bc9629fa

SHA256
25de42aa5269b96d303ae1fd26efbe804ade46e2f903eddf4a332797821bf9a7

SHA512
34591573943c3acb9377863f52e602502d42eddb8fff2b90d5d4e4d29bbeb7337840eafb1266d3083d0e3144a22e7a260aad0527233d8dc07059ecb8f083acc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6fc5b1ce9a9f46a3c5ee643bc73591a7

SHA1
bf2822bc4d09ea50b83bbc04d5af748f8918479a

SHA256
2c11e09f31b0508ac8aa594445812be368bf5182ea36230ac70b5ece34fadb05

SHA512
fa6f41f029bed629415976b5d3b7fc245932f79f43123715f0c22e9e8181b6df39d2e9859812f3f67520d502f591a1b7d5e444512ecdb7a52dfc20f3317dc852

Download Submit