hxxp://steeamcommunitii[.]com/activation=Tvc2Fh9mw1

Analysis

max time kernel
249s
max time network
296s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-01-2025 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steeamcommunitii.com/activation=Tvc2Fh9mw1

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4380	identity_helper.exe
4380	identity_helper.exe
3668	msedge.exe
3668	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe
4872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 3176	4872	msedge.exe	77
PID 4872 wrote to memory of 3176	4872	msedge.exe	77
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 2536	4872	msedge.exe	78
PID 4872 wrote to memory of 1156	4872	msedge.exe	79
PID 4872 wrote to memory of 1156	4872	msedge.exe	79
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80
PID 4872 wrote to memory of 3312	4872	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steeamcommunitii.com/activation=Tvc2Fh9mw1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d7083cb8,0x7ff8d7083cc8,0x7ff8d7083cd8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,15358576375083048325,6214311391122126833,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4604

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4012

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
43KB

MD5
7f2c172ca810d85c0596390b4ab21df3

SHA1
d4acb412e626e744609aa326247bd7eeec469bec

SHA256
4ccac6b00b8d6b7bec9886d8a23d84131bed955d995a37b5017196b03d1edab6

SHA512
961fd847cdc7b7c54dcb5ec19e3446701de454e9d06e1e2025360a1d0b426d204fb8aec90b854c7b2dbe3153aa66b5d90ba56f8ac6a8bc996177642d6f55c263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c34674057de29054846c0346999ecbe7

SHA1
4f12a53f32194039c30b47703b0aed8317126e85

SHA256
3c4164909813a6b4e38c7c65b2a49b42167775bd5043f3b8a440919a46275806

SHA512
a1854c21feb1c3417a16b75b10f428eb1587d574b06d2d516564cdd5b5aa7a713c2f4626424cd19dc73b5fd04a7280dbbb1979be1a7a23c1e798dc399793fe80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
453dab5cf16dd61c7816c554e40f8978

SHA1
4b7bf11fbb5bfb4cafadff4c0a6b943aed97deab

SHA256
4ceaf48dd264687c444a4551826d695d070a1629b2b54690ab0ed64b8f9324c2

SHA512
7bd959ef4bafb5e0305f2d1fbf78bb4b890490b515ac2e554af97bbd0fc5086d26d6c6215d0cb94afcfeec7f6ea3a93f022a1df27232b0191fb0924d8a599edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f6392c8b4e1528da60ca4fa0a4d4415b

SHA1
f2f2b39de8d3d6b639ab4c000ff856845d5d2b51

SHA256
6a82512f68a5a439dd1cd8cfc4bb5155df9d1e0065b2eab8169c046ad71c3fe2

SHA512
66c733dd625d0bf464a261a9c8763af703d2bbfc2a574ab5b7581365710949ff667757fdf6ec3260baa5e74de134aa22765c0b93405266c587ce1b6d0a10bfb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
fcc073865fe84cea4e205e81d8009059

SHA1
7e7e0a385fe219ca9c5111c7fd3c7cd1b4ca941d

SHA256
29230bd25e05b540cac5017990665ed6fa02a5ab99abc605fa9d806e06d757ab

SHA512
c7eb5b0e90d1b31b83475759b248d7f554e4f7f6971fac12720c7526172d03747257176016b3a2963153befc8399d5a320faca624126ec9a338ac94e0f564c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe05f9f469033bb6337e3ff2d4355c68

SHA1
18d139452f7cacf1f56f4eff1567df1cb16f8426

SHA256
4fe031b6f09f882f0ee14c92a6310fb82fa94afb08b8286cfc419ff10c56fa3b

SHA512
9e6047ceb879738284e18e366c6fb39a4f8da837bafeea47ff325e80e54b55aa28782ab805a2aeafb090eadd478ba9e0f6815604addb81910b1bb1502f44a08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
349f5318aeb7b6606e8419e15818c855

SHA1
969db47e3b4789fffd1be406e82cf990bed84989

SHA256
9ba76cacbb1ea2430e0f116ffb61888bbfe07a8ea1e899f7f59b7de970496b35

SHA512
f46ed6703cbbdeec6af188b2afaf0d01c9789cf99e98296a3531689fd389310c1e94df0da5e29af772fac451b885b77109fa9afe34d462ff47d65cf6d23d7248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb3ab95b840e2e46a96d33034bf1612c

SHA1
58e70cdf602fdaaf046d0d9e22a0cecda1128301

SHA256
ef5a3d178bb7b9307d2dfb6bd2c1b265f029e7d85bf85b50f18b08adef0519d8

SHA512
b12442a43e2b61bd843c5d268829df4afc9d29e2019c890635fdb57d745b247fbdbf68fca29e77b1038a7191f008f5956c3f9f88c9b9ee03a78a4d32de0cf1e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f7339ff41f443758e87db8a02936484

SHA1
4e7becd0875ef6ef1474e337da69da14bfc241a7

SHA256
1ca22a71a25e719a53c260813b13c91e31a16913a6b49ffaac1729679e6ece7c

SHA512
bf4d3bf2556a2cabb7f03547d10407bc6f05c7c56b34ca9805a77b642cd0faaf5087e9bb5d1264af8588f23ab6e9547700f5eaa410d925115ffb3ef404af83d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca3887b9e785646a3e00ef631f98c617

SHA1
fc8cb277d85f66e6a6cad723f1d3d4a61529d647

SHA256
094adecc05eb1689f5d18a34c466aa17d859e2dadb70f91bf825be4dc3d3297e

SHA512
c6968b55179347e73a8f35e7e5a26d99605c2ae6027a4d5f9e85ef8b960792a6859ad98a04293f29fc95426fbbbef0903e13557ca87fbb94a274a507fe85e654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0651af65d39fb36d3edd34b4de07a41e

SHA1
8805353815c48bd36c7e300fa3de9ca084146c37

SHA256
d15eeb5c88bef162e6f94c02ba0fed40c16fd93f9d8f3bf1b2e6ac8ec2e95f4e

SHA512
3441f4220e4dfc60455659ce2ee34508842699e1d29144a72b624ad6605365cc19019df1a9106d072fb06af86a168aeda982615abd97a75097e87c0b24620bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8934bd8fa2a5441fee23665e91317ea

SHA1
cc9577749d35d4fcc4e593cdb634118105370a1f

SHA256
b7f9aff1dcafcfd67619848e63fa8e2e2a4246bd004d0ef9cf80c618daaf413a

SHA512
edd19acd5e59608251ed12bd69bd96dd27b95d95a71406e9b66c466ce1773b0e0c4bcd9f3112723438482b071144c5403ab35986c93d14de3d1abb628304a213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb89.TMP

Filesize
874B

MD5
204695220bec52dc95e55ee569327843

SHA1
dda245a6f29081b0696a7101ddf3e5416f096d6b

SHA256
140cd13d14a7e1d0ac5cfd9f3daa1fe194e99a0c507ea9f987df78317fe3c7fd

SHA512
a3d3fa5a9b0b586310b8af5632ef7ab3b755918293b759b0d27dae7ead017628f16716278e7b6db830da6ee4c9108b201f5b87916624986a105b395c30e46062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df8ab9e3-d6c9-4ea5-b3c5-e153364ab2f9.tmp

Filesize
689B

MD5
33aab6dcaa620f93bfbf597d1ae896a7

SHA1
1d8f959259feeff228458d8df64b2d6eadaeb3db

SHA256
093223d3444110a782793371a8000c7531c74b12e1526ebc38c8f2c27480c2cf

SHA512
424bd6cf3d9621b759c0cea0c609ca29b32c2528a9e43288e5a40ad341bb2c27ba34c78e260a189dba8b257e663b7f050a4e7212ec91c86a01f7dd589fd358c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6661877-4c6c-408e-b2ee-2b475ffa8b77.tmp

Filesize
5KB

MD5
a09f4b65860b12538fddf758901d1291

SHA1
f1c6d437d6841091d68228f882bff34e2d40b359

SHA256
25e6c71f69aa5fd5f8383ca676a8d961bb29881df3bd81dc362254bd584365e0

SHA512
f41b0c7fb49c1cb83a5876c2b0dd0cfff85ccf48e056b39686a46f03dca50203203a88f16ff09b08c8935c3923d7a2a8e060e8f91d7a0e14340fdd77ee4cd5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d11494c4f713a8fd98ff3e5296aa62c

SHA1
6f1fd1373ffebdc76a4f9cc9abc401e4487c18b5

SHA256
d5f87e6e889c7d5368072c0440f504d1bc21b1559e91c07c7c7744e2b666ed76

SHA512
b3ea665cf3a2a4fad565dcc9066bf3d5c11ee6d2d567466941d1ea62dbe885b50d77492e5d80ebcf00d460947225ad615cfce0c564abaf35d2f858245c3be200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
240cd3404831cc620aef31c3b5342847

SHA1
044e022ed959b50c94de628a54c359b53a1ab4c2

SHA256
618d34139cfe0d8576d03a7c2e04428accd5e90cf44a27bbe406d18a3f66534b

SHA512
56185d8178f6ccdc249b8d122c2f1bc161a43823c6da031cbdf64248920bd77bfc3e503ec948b74c866f34ae27ff087da307b03b515d8d17a5d58ce05585440a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
36b9e3d635f6a4431f011971ae7983cb

SHA1
8273d70eed6e7ec87433f73c3ebfab3c6b250eca

SHA256
de29738710d708ec9bf63475899ad0e2d701c09dded57036c6a733ff23290f66

SHA512
e5455ed3fefd92dd60a4a0f5f2068a37d19d2fd80be9b16a11ec4f45d5728d66ab6f5fd4d3a6893da8edeb0a21fb235ec156dc8d35f818ccc8b9012c682c8a94

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit