Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://is.gd/rRLa0N

windows10-ltsc_2021-x64

5

Resubmissions

02/04/2025, 12:06

250402-n92epswwbz 5

31/03/2025, 21:29

250331-1cdcts1ms3 5

Analysis

  • max time kernel
    77s
  • max time network
    79s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    02/04/2025, 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://is.gd/rRLa0N

Score
5/10
steamdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand STEAM. 1 IoCs
    phishingsteam
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/rRLa0N
    1⤵
    • Drops file in Windows directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x30c,0x7ffc6532f208,0x7ffc6532f214,0x7ffc6532f220
      2⤵
        PID:1676
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1936,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
        2⤵
        • Detected potential entity reuse from brand STEAM.
        PID:5240
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:4304
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2032,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
          2⤵
            PID:5252
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:1
            2⤵
              PID:4716
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
              2⤵
                PID:4692
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5032,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1
                2⤵
                  PID:1224
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3744,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:8
                  2⤵
                    PID:3744
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=3732,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
                    2⤵
                      PID:3408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5728,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
                      2⤵
                        PID:1436
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5728,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
                        2⤵
                          PID:5904
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5892,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
                          2⤵
                            PID:1316
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5548,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
                            2⤵
                              PID:4244
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6124,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
                              2⤵
                                PID:1480
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6232,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
                                2⤵
                                  PID:4512
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5936,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
                                  2⤵
                                    PID:3592
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5600,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
                                    2⤵
                                      PID:6112
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5300,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
                                      2⤵
                                        PID:4692
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5468,i,3783396586205524860,1368637402885364424,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:8
                                        2⤵
                                          PID:3132
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                        1⤵
                                          PID:2880
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                          1⤵
                                            PID:5556
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                              2⤵
                                                PID:5476

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              280B

                                              MD5

                                              7da492a02c29529dc0ca538b502e3379

                                              SHA1

                                              cee6a1b81936f6a20f1c9c4f35c29394338ff54b

                                              SHA256

                                              553164a83cb91c4905a86373c61bd899bc1007e7719791878bb95290f1f27f36

                                              SHA512

                                              3a1aaff3da507ce35c4e06ff9fd2516c65780849b24fab33417da2e799e20bda3594e5f2f32b1326dd1d3da560c76dbff1f626c147e99c7a990fe09ab0a2e89c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                              Filesize

                                              3KB

                                              MD5

                                              a38af25471000b1fc753c632028ed2ab

                                              SHA1

                                              58bce188295ba54775adff638e7b85e06d99ece2

                                              SHA256

                                              5327ce887be071a705814f8e14ee2a8ac8ae9bd76b71528c114871036fa3e7a6

                                              SHA512

                                              91be10ac9367b0ff5ee08c779ae07e1c596ce43defb51024cd873cc059c7a053108135dd2b9066f269ba03ed3d4caf50e393d527039d12b9fe888eeaf76be50e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              3KB

                                              MD5

                                              1b585b23f797e7b15e4884b27436655b

                                              SHA1

                                              21afcb6a30d4918bf53e254661ee903495880c73

                                              SHA256

                                              635a2212495c2f9da465116156fd75da6b76130d96b1ca8b116901ceac866373

                                              SHA512

                                              2a3fd1a8c750085653ff638114668dede35124c253252683db7e42d41a551a18f765b96aff73d3632b99288d0e255c85e83bddce7e808bedb3ca28f93e8dede7

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a364.TMP
                                              Filesize

                                              3KB

                                              MD5

                                              de11f8e1d0b3b91fd793296d4976ce5a

                                              SHA1

                                              e2b80c0b83358081ca2c42a33a501390632df627

                                              SHA256

                                              7b389238885da91895878a35876c7829f158da570badaafb57e77dad39b60477

                                              SHA512

                                              7afc21537f07650bc10cad4700bace62715e1139829c3eed3fa4ecce06991514d9af650433ca299b5ebc0325c1c0eee7d48cfe70b88887e84d56e956bae4b943

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                              Filesize

                                              2B

                                              MD5

                                              99914b932bd37a50b983c5e7c90ae93b

                                              SHA1

                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                              SHA256

                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                              SHA512

                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                              Filesize

                                              4KB

                                              MD5

                                              4965895d12082d881139b59b4007803b

                                              SHA1

                                              2a9644b2127f311a8d324fb2429f43c1629176dc

                                              SHA256

                                              0bceea7ed742b553258a979d2b085697ffbc71296aba872c95436668da31fd30

                                              SHA512

                                              18f8c7bff8f75696df5fe22f48257132c9331a8ab607c709e06508a13a8d83f2ad063d51107baae9298605ff940f45ccd94bc983493217358a96da98a2b4c06f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                              Filesize

                                              2B

                                              MD5

                                              d751713988987e9331980363e24189ce

                                              SHA1

                                              97d170e1550eee4afc0af065b78cda302a97674c

                                              SHA256

                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                              SHA512

                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                              Filesize

                                              40B

                                              MD5

                                              20d4b8fa017a12a108c87f540836e250

                                              SHA1

                                              1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                              SHA256

                                              6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                              SHA512

                                              507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              17KB

                                              MD5

                                              3274890d78421b961bebd17222e7af08

                                              SHA1

                                              3c7be150e3563c431633973cd41d85d7622124bd

                                              SHA256

                                              f0938ac38d2610dab1465699c9e3dc215d27fee4abcc2abf68103db877f92c03

                                              SHA512

                                              9d9e62e470e12edcbced6c72a0684620753630c3d874558c2c1bdbeb437a02a8833120f89caeccb00e28b3f5bde706b629077131f2b1886d37cf7b7f278945c2

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                              Filesize

                                              36KB

                                              MD5

                                              85745cb20e3f407476d5f738c52ad350

                                              SHA1

                                              0d28caf63597338ca7a269936e1df8cdb9745bd5

                                              SHA256

                                              38069eb84317cd8d92fa846d52a6149a0f8824631fbab474b15e2d48c1ee586b

                                              SHA512

                                              c398ddf6342858d51384b27ee8376f90029d601e160802102012bc15e2ec000f9e80de43766a2551c207061ceab7d6fb0c92067b91c864782d91863306577f33

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                              Filesize

                                              23KB

                                              MD5

                                              35711ee5331b2fc281c74c9192bae6cc

                                              SHA1

                                              efadfa23fb77e4e671e40c13c621e827f6b7fdd5

                                              SHA256

                                              9956e7e15b71748439be305906416fb90d2284c51859c08f97ae3ae7c796923c

                                              SHA512

                                              9d2271c33933b8643e63da4d586d3a0aff77710aaf5cec635f7e388c0ab2f1d8161614d1789e6b3154e8b11f3ccb41b4995f4256cfb48672d3860ed6cb40ffc5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d78470f8-8125-4805-b8f7-190dd83bbdeb.tmp
                                              Filesize

                                              107KB

                                              MD5

                                              2b66d93c82a06797cdfd9df96a09e74a

                                              SHA1

                                              5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

                                              SHA256

                                              d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

                                              SHA512

                                              95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                              Filesize

                                              23KB

                                              MD5

                                              d86ab5097b3ce5bc2116a397dd2254c8

                                              SHA1

                                              cb5841ed0f40390ee577bf801791d5d60f448c9c

                                              SHA256

                                              75582ef2804f7754990edb9950b7c7a116423851485a0753c475f28aafe98e18

                                              SHA512

                                              1abe041314e1df87046e5b028b492c6b871050fa83ac131e1b56f2ea8dac2acdc53b34fc0ea8cdf6900afcd4c86086d5364c019fc2717a2f383f8197680c30ee

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                              Filesize

                                              896B

                                              MD5

                                              c5cf2afaae242a27e6c91f560e052ee2

                                              SHA1

                                              5f29ca566b2e5dc621bf3b4453286e3d5821a71d

                                              SHA256

                                              16b645f50df4d47064bb136e97611896bbe90fbb7dc9f83615e852786d7b2ca6

                                              SHA512

                                              04cc4c5c43c426df068fa36ca3252494361f8933c89cf80a48c645b7fd75efa92331dce8222e866302598e43ac3cd937cf2a9b92b38fc2fe7eb89a3c8e39d442

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                              Filesize

                                              465B

                                              MD5

                                              958e2c3296571f7906ba8ac98ef51312

                                              SHA1

                                              871f2b7c98b2ea7ad682ea68dce45afa5781e6bd

                                              SHA256

                                              757317c76992927f391770d29146ef3d94f26a9642c3fbf8d50fd1c5ccd30d45

                                              SHA512

                                              e3a9272fe185286c2c9a1be43281b75354967ef76728886cc33983833c4be5d0ba59a3cdf788bfa48fd0cf61cb8fee213c1e62a657027c42b7452db114475929

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\d2753a87-ab82-4be9-ae0c-f521d71dd7c2.tmp
                                              Filesize

                                              19KB

                                              MD5

                                              41c1930548d8b99ff1dbb64ba7fecb3d

                                              SHA1

                                              d8acfeaf7c74e2b289be37687f886f50c01d4f2f

                                              SHA256

                                              16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

                                              SHA512

                                              a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              40KB

                                              MD5

                                              fc2ddaee4d2fc76026ad582fd0fbc731

                                              SHA1

                                              8705eda9f9bdcfdf53b980542521ee8e35e7b48f

                                              SHA256

                                              dcf898ba58ef2a0cb506e37fbbe04b8216903437f839a0e8ce98d06c239a0b22

                                              SHA512

                                              13c96401887fa854020211e10bc568b0e6220ac87cede6aebc6455767bb1b088c79002c7e839487a9581a980f50d2f5d32cf38907668f67a7c35b2bc050132b3

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              40KB

                                              MD5

                                              1cf441b615b4e0190045dfc507dfb306

                                              SHA1

                                              2d68f96cb88ddab9145f38a3e70d33cc3542b170

                                              SHA256

                                              c80f65c1889459193a79fba619b15e5586bd5822cfaa5af6baf10fab0405e990

                                              SHA512

                                              e5ae7d16c357112c09573576cde3f1c471ca1ca1b1e05a0a36763289c33b3a3da883cea8ea1cda6498c20a4d7fe9a447ecd6261978bef2f07504ddfc2cc894ed

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              54KB

                                              MD5

                                              343db7cd33b3c5fbcc1d2fd8615c7ed3

                                              SHA1

                                              f581b68dca324fa919fe0e58a86d63476dd660cd

                                              SHA256

                                              aed24c5f395dfa8d29e86c0dd0dda1e848caa3c098f80f3fba618382dce4ac71

                                              SHA512

                                              e259fba76da4d9c77740602fb58cdbebe6ae888619fdcf9560a03948ee69a576dd2e53a79866e7e9ad79013531657cb0b4d2766f1c3a20c9371d1ba4576c402c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
                                              Filesize

                                              152KB

                                              MD5

                                              dd9bf8448d3ddcfd067967f01e8bf6d7

                                              SHA1

                                              d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                              SHA256

                                              fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                              SHA512

                                              65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                              Filesize

                                              2KB

                                              MD5

                                              96c9aa7e7356f2ccdb863a10eddd2b99

                                              SHA1

                                              5f7673f8fc393c9191ed9d3dcbe1a990cdecd2d3

                                              SHA256

                                              777c5d1241341364afd82bbf07a82a3d314d9aaec934043580a1f44e7d102ded

                                              SHA512

                                              edd7f99c7d6fb26c67a78d80d7bad6ac937db3aae9464b4b2ddc4389395189424f8fd3e12c5d2c9df938fae58ff9b2b169e14e89be3437ee0037331a002dc938

                                              Download Submit