hxxps://steamconnmunlity[.]com/gift/activation/feor37569hFv1rba

Analysis

max time kernel
146s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
13-04-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamconnmunlity.com/gift/activation/feor37569hFv1rba

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3856	msedge.exe
3856	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
2428	msedge.exe
2428	msedge.exe
4684	identity_helper.exe
4684	identity_helper.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4804 msedge.exe
4804 msedge.exe
4804 msedge.exe
4804 msedge.exe
4804 msedge.exe
4804 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4804 wrote to memory of 1936	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 1936	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 2848	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 3856	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 3856	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4600	4804	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamconnmunlity.com/gift/activation/feor37569hFv1rba
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffb53843cb8,0x7ffb53843cc8,0x7ffb53843cd8
2⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
2⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14209631004852634397,6663234894803458247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3720 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e51956799fa67379ea02ed281264a0e4

SHA1
e8f9403225aedfc94b27d902b72ca6591858d643

SHA256
6f3fd42d136b90c98ace40fb6b1522f1b9a1076b431e5290f89cabb4948c3a57

SHA512
c5e017b2b06bf486daa64612f8bbe5dd9f28633d6dfc434f1605c2f36cc08ae6ae40c187316fe1ff998ed7346deef35a66cbc445f2adbb273ac928175e735391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b0d0271cd8394035d3f04a57c4376225

SHA1
6ef25cb6b29467e6a659b8dbc28b52006778dabb

SHA256
1c8016ee1208109e59206f98b68b821b61f1cff2ab3852042379b3287674c42d

SHA512
b856d97096d0288fe0547b484abddce5fd100c080a7992709b0158b7e2d498c9820ba54f99b6b71056bdff7f0d6ceeac87793ab074f126e506aee2c83d2523ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\211b3593-71fb-4df4-b1a7-ad5e5b0fd229.tmp
Filesize
6KB

MD5
465b7d93259ff4d649913803b18b6263

SHA1
5217b8f7e5ac62d0faedb737cb250f163f8db426

SHA256
61af5d8a27dfd4270b67fd5a317a8675ab9973b51bfcdbfaa38fe6b367e964b6

SHA512
b77a60795014ddbf7222d4b263cfdc5c39d7bcc5fa976d7868cae6d4fe25401df9c520aef8c7d536d135408bfdab7ce70fc949aa287959c473c9f7e295b06ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
3c3c94ef10caf193789a74e9961f77cf

SHA1
60221b07e5f51af4f5ac2c1bffee31b8937c7930

SHA256
a98b977b5ca9b06df8372af52e2210e619039845a8b8fa8e0ef63f891e1328e8

SHA512
904aba418e461de22103b5ba2f0de05519c8d698a7f59ef26f0d3dcc2d002a01bc80bace0f90733923bc95973db97e10599f319887b61cb7bcbf5d7d2ca03b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
2deb0dd41be2ae9414048b83a829a652

SHA1
daa9f689ddfb95bbe461f9a8e6dcf69440e03b6a

SHA256
0e5b36cd05633849d37d35c55efe03cd74dab75c316c2a5a4a7cd02c1d5deaff

SHA512
721aae6f4d64f732c17c61df7a7313c1eadb03384f51f54a1cd86a2548286634a5da265fc98b057e4c70faa8ed56bd3f0ca45b7e7d304ea790d68491265cf5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
544B

MD5
32d0a0a8485e0a7987e2fa5ae2ff9699

SHA1
c28202604ea6bfc38e92e080da9398091fabd57e

SHA256
d2f92abe343c0de342bd9a93fc16b34ab3c898c3048554656c11d5caaeb19700

SHA512
2811af58e6a955681420b84e087e09b310b3ee075faa38faf14dc5bfc969e1f0762b4a3b951395de6fadfdc29074824babea019aff30ff04d02425a7cd6f0330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
60cc8d6f510e84809a496568bc5bdc86

SHA1
280737386b26af8a341526ded91b48772ec78c7a

SHA256
032c1d12511bf2f70399b767b33ccf9d52d7073a1d91cd6ac1993f4ab8a14cb6

SHA512
0339fee0da236b5654d528f52b33a4059d40935f656505a190721924d66b73eede3c98830e45d6d4d2ef5d5d6ad1ff3f0fb613a7cfb0da908a81b90501197e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
853679b6877715d47113cb4cc3c20437

SHA1
fe279ef243a8eb4bc3f86368ba04ed2735fb259b

SHA256
daaa28e8202cb51d4315259f43f9f62fa42cdde581645fd903d86480533876b5

SHA512
5c46ccb21f615359015fb567f9b5919c2acc02c2ce1dbd3bbe387b1a407225b5351b33359fcf50b710789984e04031afbb078e487a336c21709e0cc03b44ffaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7748207730e345eadd96f69a61b5c7da

SHA1
1adf548a57a507db65866ef31d136eba65b33e76

SHA256
d2f9fc0e385fd5a12415fa8e687aeb822d0a9f22f6e722d2e7f04d0892bd1890

SHA512
bfc68aedee1ea6c67732784d8bcabe571243489142786fe859e0d2d0ef284646dc63614fbc7c66ad965764101bb7a37a74569ee4d657566154525571e99722a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e42ee2a9a000174fbf5f97b241c2ad3b

SHA1
679ea9584a9d8081b1992c40cfce00d771bdf0d7

SHA256
350e08fad7a4bf229232c17a41e9755b1afc8673955394100ad96cd202745583

SHA512
2aabfa016fb2c440c44d3e84cb635031d3bb2f109b85f34a5f9b86b04f16413fdc77572a53b24e8e44db561ff5e6787a923b6a410d511230e79bc3bdcb268429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e1d881421e3455eac4ee22b886dbdad3

SHA1
6fcfc41b5ebe166d945fd8c7de5e3f563f51d0db

SHA256
f5983b7019d5ef536899c1be09e229fc679b06405c6a2d232081e336c4874cf9

SHA512
7d15dd147f61d2348c86100df2cd87153a3095f255c805592b46802dbf0ad82c867af14340414faff227c6ce5d6e74fada414dce04fe2a2d9abce9e0aeda276b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a7a58edb2c0accc46dc2e5ba7424a042

SHA1
ff5d45312cecd8cd4d447fa5811dbca2d2f08321

SHA256
d406dd3900ce027d126863f1d90954d399089745ad58af07ea1d398ead8c84b7

SHA512
1108016a966d9cf0d07b4244b1d66867ee31446ebdef915b27d2e3d6b28a4279ad9b6b24660199a4395fbba937fa699eec0b0e5ed1ea61b286949e62edd819fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4804_NITPKOWJLEDGWLMG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit