hxxps://steamtickets-key[.]com/s/KQRA

Analysis

max time kernel
904s
max time network
1134s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22/01/2025, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamtickets-key.com/s/KQRA

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ec3c46f3-a323-4577-a606-4bab13abce3e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250122011318.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
1536	msedge.exe
1536	msedge.exe
2220	identity_helper.exe
2220	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1404	1536	msedge.exe	81
PID 1536 wrote to memory of 1404	1536	msedge.exe	81
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 2632	1536	msedge.exe	82
PID 1536 wrote to memory of 3136	1536	msedge.exe	83
PID 1536 wrote to memory of 3136	1536	msedge.exe	83
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84
PID 1536 wrote to memory of 4304	1536	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamtickets-key.com/s/KQRA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ff8dfba46f8,0x7ff8dfba4708,0x7ff8dfba4718
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff79dac5460,0x7ff79dac5470,0x7ff79dac5480
    3⤵
    PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7274049723221735372,17540811582321635827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b16630717cf81f638bae67ab57f5e76

SHA1
5767a40e7011584c074743df3ddca48d05c833aa

SHA256
687f4722fac01dbddcee3ad0b9bb4c5483d21a83538b049818fb3ea9f2b52cfd

SHA512
3718b25f887b0112db461060ee647ad4240bad91d82816e48659e15b9f1c94b4a637665ac258b025fdb6b3ae0349bc26802e4b6d8215846ebc01777ed5a6f771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ab523be0df47b9c44c0863d39e9402e

SHA1
a41f981235db6719a25988be3f650f0dd44c5803

SHA256
65223a518625d4525c42fa0a46e7bc62cfbc9f4eed6570a7c10f639ccbb907ac

SHA512
865d0e948b80b911c029f4782d31bed455d6ae405823db137fe5582674f556312db9182f04417f876a4c04326183d97759abe5b114230a939417c9fe87449e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
555B

MD5
1dcc07768a22c6e4c4ca4d5b6b87b394

SHA1
5978a7e5c1f5952a304d33845f44cdde5e3e9c97

SHA256
d7de1438aea7230406bfc8857d92f4da337f10859fc874780d8bdf4ca2f4bf1e

SHA512
cbc63f31132b8deda29d4ccd5a9690161042ba4d81e666d002fc3e802241536cfb78198c0fa92c54a9b094df6942f6ed18debbf15229a20f4748f9dc6c2ac9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5892f4.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ed90b431e42a8dcd4422dc4af23d757

SHA1
0f450d0208e4ff0bcbe71ed0ccd0211f32e2eb94

SHA256
ee2c0903afa14aeeeacf6c7cbe7672f86bfc7cbb818490acbc5ee160cc8369de

SHA512
2a148a0e195d70547a932b9bf927f130e68942b3f9438b79e43b703920e53ef82e8ddbbc0de4e10f93a1e04816bbdc95f48aceeb2dd17ec68f5a8f15e9725273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b04e85774a7370aab373298206401c9f

SHA1
6ee0551497f5d09bb234e8aba4b2f6a1c981050b

SHA256
264cc27ffd6b8757926d29eaf00262c02f8e7f239b3b6ce9550f240e685002e5

SHA512
ee025a3e4a3897109c24d011ff9c73ed9100cedcf4fc5847b41a8318f38fb02ced3213e0ccc63354ba988a5d0ae37c7916e3975f24113107d0439e3447cbc2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b192a3ab5cc55f82942cb091211a0a0

SHA1
ab7dbca32523f56e004f130f998f4e75e6210110

SHA256
ea15da95344737828d2ca722d84203f7bb2e2dd62aacf95d510e7e1be0780b26

SHA512
e58d1d9acba8770c7f9ec32ee14716329837ecda20c1ba8df8e16439bd0999cce4c155e459e4f78ec09af6a2ab1c6a5439e5bdfe61614229f4a1023306b18a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d590b705436b349074c9730516c56716

SHA1
545dae2c594f8dd63eebc19fabd55900b7a001cd

SHA256
da4e0974a427913f72174b1fa4fc560396d987ed41ed691409916cb42d914413

SHA512
e11e7aa45fe3b931bbdf7956379dc61f845e19a087eac8e5ebe4783c5ca3d2a602016271e8f1ea4bd2ef9dacca444b93f1fcab0373921246e2ed7350f48cb9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
99315c72c0078122aea1e2e0e41a26e8

SHA1
1d04494fd6fd5bc394405c02e23f8df323394d4a

SHA256
2dcf01b803332137a3a4925f7fc2878c3c6b8be4be77ef359e7f658811446b97

SHA512
7a5404b86f6b5cdddcc12fb9c0f23f4264049ae784faf0be2ff16277eddc09759bcd4f62a6652c87f956255de49f12b12c32dbb5dd228cb99574a963c26ab605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
35733c8b9a7883d626148f8a67aa6424

SHA1
521de84d55f55df0c9225a24e97738d19b4ee410

SHA256
4428f7b140f59ab18450d75cb902116ce5ac348e2138078cf4dc1a7720d1d8bd

SHA512
2d998533c3b70141e2256e43078c04d455ceabfbb2cacfaccfffe74fea71f80a714e1fc67647e30b226d4a7bb65e270495aac702c2340313a6798146f414a6a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
710c52e45cab131a784947e3e1a59fe0

SHA1
0558235bf6839ebacd76b0c5c800efb33fc6de3e

SHA256
f41ccf03b0abc2139e89af2f4ac2f5944c24263a58123f1c5036bb251a334304

SHA512
ae152d809cb9955b27c890407e73c1cd3b5e3d194e3298a379b9fa9c62584f3b7cf91a09e4b6814974bf82104c79d93795e951392a1fef17eba617704795ca83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
571f30981fac113675cbac66fc2afa95

SHA1
6324c0cb7929a431b06561be2eafa3a11c3aaf04

SHA256
4f0b3e6d6d78db0a78bb0df65b9101be3dc6a443fa869b9574db2f386710bb48

SHA512
360e6bbdcb1ad767d800147a298d01314a583a0bd5e077460503ff36a275496107afd42e3105a67b0e7d75a5612ca4c382b9f1b22ac7fbca3dd1eb37db52b3f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ed48efbb214770373dbf25be1997c5aa

SHA1
448fb3ed7fd6b70d5685c63528571b133cc49184

SHA256
98bdb9d0022434239cc95a755e49fc8c4d9697d88c3bf19bbea5cc86f852297d

SHA512
77499f8b3851e06272a4dd52a9c3761c6d04fdd12847453917482a098a5b8252b409d1d33dc5c33ad62ac85a22ca3f285d9c44613b25ec80ea41a249b7ef5d1b

Download Submit