hxxp://store[.]steampowered[.]com/

Analysis

max time kernel
116s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://store.steampowered.com/

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4228 msedge.exe
4228 msedge.exe
532 msedge.exe
532 msedge.exe
1932 identity_helper.exe
1932 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe
532 msedge.exe

pid	process
4228	msedge.exe
4228	msedge.exe
532	msedge.exe
532	msedge.exe
1932	identity_helper.exe
1932	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe
532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 532 wrote to memory of 1916	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 1916	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4548	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4228	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4228	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe
PID 532 wrote to memory of 4880	532	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://store.steampowered.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92e0746f8,0x7ff92e074708,0x7ff92e074718
2⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
2⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
2⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,622866290988018759,3708928992777076963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
19KB

MD5
47440269174752e18c6a6932d8c499dc

SHA1
d28c1f01ff6368648d656054128de985405f737f

SHA256
1e7dc424657cb0614dd7e063f5d2c0821479ed5b7a626b3154472c383a2f93c9

SHA512
c5c02b2a38d8a9ba8caa3b478d619306a3f25fd423809dde8d32c40270e6059a5664e689c43f4f8b219ca894c45069710e33231f1175828f5f4ec8f90756957d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
43KB

MD5
014f13ac39cda5102e4c61aecaba9b9f

SHA1
bb704c5bfddf7f566a3aba1a6d8415f586ae8dae

SHA256
2e208673abb161e722fe93ee712fdef9faad09eb87777b27ea5ca774b529ab3b

SHA512
24622926ec4598a32299d377f704585e2628b1a9ef3fecb0de7bee4783a4345090556524038b5959078295d5ae81ac097385763d03d35d6405d7caf3213a4bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
40KB

MD5
e6845a89706eedb205b4980e3baa5a28

SHA1
01f11f35813d5c8211ac9e2c29a143cea441123a

SHA256
768edab1ea3c4580ffcd3931eb6b3776961a73094a20c00fb2299382a53e8ef2

SHA512
443185d5552ecb0147bbe6d6c2949ff83f762f0e6dba91bf02e252c2c21bbecb2676ac9faeb95254d45cadc0ab9bb360d0dd7d178e8afd2e028a30082e90a95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
61KB

MD5
59a8faf3203b57d86be61002636b8a8a

SHA1
b346d83603d18f8269982331cb1d834d891a4cc8

SHA256
46a9eb62486d53fb58898ccd5a4a155547f6b34a8aacabd61fc4e867dd9389c9

SHA512
7a76dd894858047156c753200f178536dc937ea6c45c85f1c87cce6395c33270e8829b0d20088a8ae029e74735096ccb99b06b0fcbd4183f4bca04cffc6613c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
54KB

MD5
b2a5c13ed770865cea7dea1c94d56449

SHA1
67b94aac8fc48ce0b41bf9af7914ea625b2cc65e

SHA256
e0f180431ab427b57cf5966b2189b188d7a2a768a6a6d6b104990b7afe84b48d

SHA512
7cb40c3df5b3d18ab013aa4b903602817d51a53a266557f652bdb5220fe5dced73ab495349613529165c6bff4f99e1e76d8c247c646a27911572d06b90f351e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
16KB

MD5
cd2857254f5723fc0ae891f409f2a8db

SHA1
375a0d07b7ca81968b7643b0f31919594eb936c1

SHA256
1968fea6aebadc20e7b5c9c428e6c304861d16eeb4f04a9f263efbb95335f089

SHA512
d394d2a81483d643900a4e27a539d283d2f95bdf131f670cb001ac893a0452631000603f29511b8873080e909390d23be5f24e851c101015f5ccdadea56a849f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
20KB

MD5
7708793bc4894155d117a1b1410558fb

SHA1
4783a472afec2be2b6ba915a7c446816ca30149e

SHA256
dd3972b4c751a41127e0f1b5bcce759ec81ce86b1fd73a513cc82ca4f3591b83

SHA512
c42a3e57d21b6ccce91e5947e4f8cdf46b7c335d6bf3dca2016efb54f9769ef19ac2580fad3ebe6493ecc3c2e65138a5b2e2aef9ac64c967dcb5030fc046e92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
28KB

MD5
e16eb71fb27169f61e4c617a723c9fd5

SHA1
2816d99f7703976607e33dc99c21e2a68f521159

SHA256
db15d5f6ca96fd09c8e89775d4255409ea52374aac6422b1b534b5f4616ada81

SHA512
92298917a98547062bd30a46dda9b8a7cec4927ef2f2d08cf62ed5102397ce14dc65ccb44a8538f5a97f0842c061385f43fa6114797d9cd8ec9fac67f7b36b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
37KB

MD5
452bf22e8fba3272c323656293cc9921

SHA1
2b16de33196223cd85a042f82dec8cc1904d47d0

SHA256
101be37602581b400d79cacaed747a9ddd40140430aa411af9c340738edf1c0a

SHA512
adb6b4cc776b619312b172cf903fc310a65999cdb8126fdc0b8937778b15cfebc73138be7143fd4f0659487980fe85e3e8722bb7d30020a446fe4e65b21f8c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
4f02d06d6498ea1979afa1fcb26ad2f7

SHA1
c085e2f65d5279804fb545c8fb7e1da55ffd23fd

SHA256
24797607a3b21d3444809f6717e63143d53d25ce855de27e12de767568a25e00

SHA512
e9aca763c57580b618d8b03642e5752c3754a25e534ea0107567112305b6f6a4c522796bb711a7deff7ad591b27d90ca7eb960179a1bdf57f67324adec13c342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
75afc9f8306eb2cff2a7fadcfdeaf360

SHA1
766b5b39e90f2cf60a9f27155afba49078e42626

SHA256
02e8942894f37bf32efd8931401fc4124aca62d666e620f7e9119a7d7b2d96f7

SHA512
39cda1cae8d2ac402fc4c3c8d785742e546a225cd05cc12385dcee57f0d440397fafc1ba851105a1fbdd37f5825f1b054ad283ef76f42b481adadcfec7a038c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
892B

MD5
1635b1c11e39f9d7a045ddcd84c77d2a

SHA1
bfe4592be358c359b34939bb08936531f32dfb54

SHA256
c0ed207d58b321c60692c4758c841efdba5dd03d39d6879d161bc302d381dd4a

SHA512
a4cc3e15471fff0028617d13523346f762c45b7be2608db727ecd883fb8b948861d97f1d91a2f58f4ecb73e485b9e79a6fb61c68386c3b88c64ce8007214392e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
311975c50c2744b20f9a2010c44fbb53

SHA1
a6f9e9e9735e7e1c2fe65704a72d3129644d3bc3

SHA256
21d85eabff5f6fce12c64723b42bcaf5193e192e9282930cefa9a51b43981b33

SHA512
f419ee69ff7516f4ba6e10482aa26dbc4c91809b8110be241a35ac86d0b23211b79cfb2f0c7e7d48e890d4c2068fa3f3fa08d56f098d85ebbafe64460104ee6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4442733b14bf4f9858cc3576666413dc

SHA1
3e9c7a5b1b3eb033bac5c56bca9921aba3c0343c

SHA256
e94709f4000582751c36103d3fe626d136c5f11248b7e0ef23ebb2c1535afbbd

SHA512
19fe5550e79ca6739cd5f93f6f3fd56efde3ba60a45f04f774f9f73b3e1c4820894e14b9f9285bcfa14acdbe90286313cef46e21f594d2fb3eedfa9284ce9203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08cf7c9cb4cc9acada9ff791d4a74619

SHA1
3664de551754f3840147be038a919d0223431399

SHA256
0d533c362c858c501897d931e898a8c6adefaaa44d35f89364214988a79ca409

SHA512
109bd81f0046d76ef8f4613677c91c575705e3f44358051ff15fac8ee708b5fc6c8e1e81db0eaa581e1761690ab407f085a9867c671ce8f334287b3ac61821dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2e25ae732b5d70d9936cf98984f11d4

SHA1
e224331f44833fa2ff6178cd6811ef407cbaf79a

SHA256
73b18c4b7e4df62a681bbcb0683fa218311ebe19c433887562c53487220a8b3d

SHA512
05dce8844e9835a776279ed8311f8864648f0d6326f343f68b01298ffdbc3bb9b0100a158e238aebff5d0f48df9e26529c570e7ddbfc9e293417e39998363e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8bbd1ec45e9412ab20e19df64a2f68ee

SHA1
647b0cfc5ec64b670e6c39019843f7f86da649e9

SHA256
13a160929d76b3c0cdd9a93cb8cbe18ad76ba11bd0d26aacceae52c44461be98

SHA512
948d1aa4e6891daa71c8ededcb1019db7aa6df89d1dea6e97d5d66771fb0a4912344c7fb131ad822ab834214f42a5ec30b2cbf306dd30f07b1bd717498bf79ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
609c4ca9e95a66b93f83b0e90795b91c

SHA1
95d5d1ba7e35aa48afaedec09d8a09deab9e2f20

SHA256
d44d14b5e25b35c635e8cf46e2ea9f33b07f6fab55a5418020ae0bc4a3ef5761

SHA512
89a0cb565d77a1b977b8f5e92fc1b1f5d3ef8d83e3905a74e4ad1e147de93b8a0b7c097c672217f8886c127cb6f4740cb27fc7879df8de4819dd5521c3645101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
1c9f68e16ab9865045365cebc6852c4f

SHA1
0bcc15fc64963d77a1c3b2286fe8f8bcf3d6e5ba

SHA256
b87b6db5b036b80823b0d945fff00c486e3938b9c005288ad271f6800b2a1971

SHA512
5e04bce4488b980897fe415086b2c4cad865fce1728d47aa0a35a64493a88ee2936e8d79279584967fde0b77db5ef32c6e0ff21a4f1646aee5b96b6db71ac76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
cc6af07b8c58c956a136c59ce630d8ce

SHA1
5015252812f13e7893aa4dc3ec434b2e55ee5650

SHA256
e55adac26d3dc307510d6856fc4bc69132e8de64adb05707cb07bbca37e9c9b4

SHA512
34ddadf1ef511636d7a1a69ab5179fa61bea79eddbf720d71964789ccb554876fac0ecdd5732bcc5f91ddfe27db27a4821056e1e80510252e78ef7b0fe2df543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdb0.TMP

Filesize
540B

MD5
5b6f936878d2825df6ddffa4c5b92fdc

SHA1
4d7ae6985099e9e8f1785df93f348df35dd84649

SHA256
8d31eaef67cd8697ae04180b1ff3cebee1bfd508ace931a1d54db5d01031fb1f

SHA512
33e291f6144854b8949074b8d01b513841a8fa1c0259030591236f3186841b93fe0c85ca88c776d24469eb8e483c7300f8e5e7cb6d1726a9fea1b3c21bc5d7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b828de4c9d3e2ab1410e45070d457421

SHA1
465d298f30e4fa5a8d3ad59348bcfff99204f046

SHA256
8739c2d70ed7205eb7786ba9ccbde0f27991ee2f397636e20a04db4af058476d

SHA512
32037f4929102df143a6e7a0ffd6bda22dfb0a5b722ddd937d4d85b26cdae3f65623b78230da84b49f8fc50ffc7649d9034a1937085594456891ab2658cc3fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_532_XRGRSTYPYVVGZVCG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit