hxxps://telegra[.]ph/Steam-GIFT-11-17

Analysis

max time kernel
63s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-11-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Steam-GIFT-11-17

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4820	msedge.exe
4820	msedge.exe
4444	msedge.exe
4444	msedge.exe
2772	identity_helper.exe
2772	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 4064	4820	msedge.exe	77
PID 4820 wrote to memory of 4064	4820	msedge.exe	77
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4128	4820	msedge.exe	78
PID 4820 wrote to memory of 4216	4820	msedge.exe	79
PID 4820 wrote to memory of 4216	4820	msedge.exe	79
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80
PID 4820 wrote to memory of 3464	4820	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://telegra.ph/Steam-GIFT-11-17
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffda8f13cb8,0x7ffda8f13cc8,0x7ffda8f13cd8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,1121549700067943536,17958678261122193963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
505aeca3d98723aaded1ad3c7d558b5a

SHA1
b88feabdfa268f8dbedddcd273a287ca412560f1

SHA256
754f0788ba8921ce9ee68adc3025d4a767d5d990986c70ce08ed7790dc4cd2ec

SHA512
e96da4f31e2c8975a92d5dcfead1b65a4b93799e2739dd7fa56ab44c3958c4cf27efc3956fe5490ed3400ba1aa7e48bf0ddf3bb1bf1e20057755f7c1b7b0478d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2df23ad21a543564da82d1321a646b53

SHA1
996f401daa2747a12258ab71a709e0bd2c083bc6

SHA256
9000107aefa55ddfea6b60cb0384739eebd73b8a20a4c0d9275ec08b466e5591

SHA512
fe02631a5bb2032a96bcf0b08e42e65cc8bab2762a58a43f594f24bca693512fb9ac67f0c7ddba8cfae9e54d3c204412c40514f07d62dcbd51cd29bcd880c6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c09561b3d3f3a15e82a01fdb900f82c2

SHA1
a9d24c249e268ad49a1604771c5fb363f37a08b4

SHA256
a676f9a630fb21adde656aece7004b41a0d6e62ec589e8730fbb4ad3a052e999

SHA512
b037e22af70653c4971554f129cd292e100a3fa8f3b042bd37e682b5e24122287a40e6f7829a06d2665f8be50ac3f436133bdeb0c68cc6d4e6234990fe79ba5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d52af001225fb77293228305165ee2c

SHA1
5de20b2d905f1152ddda7e7029782128ea09c544

SHA256
423fddfe3a0ca17750279f1623d449a1f9032067a4073e4fe4d78fa6e8eebfc8

SHA512
cd659df23cdee341f8b3b4f54f6de2a6cac33a0bc13c2ebcded96b8135a7d1d0cc3f5fb67d8322f1e2e7425419def6d1548af6e84aaa2c27395d5d4ebb51d3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc5f867bfe6eb27fd4293f21b2d5a7a9

SHA1
51a1cc09fc38bfa8c1aac6bdf2f4e6086a434101

SHA256
7adbe82fe654132e85fbfb0dc3bad41f228ca0bc2daebcb8554837ff910db7df

SHA512
ad135b12dd02d398b095f80de3599e69b68e42ccfab4bad66d5f790f5c90666f974f9715c5638cd6f7ebee6e45250adf8ad5a9f4aa99c590a528c40e12a2879d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f759c7a321b46860c9bf1ba6d5a9ff2

SHA1
e8e5066118235e5badf4d1cbfa3486de70dce538

SHA256
55b9450acb8a9aaa798c6c08b551091a7726b37fc613ffbb7157f06b30d4f5ed

SHA512
052e0b8e71ee2e396a3141badc198709d0f0852a84d3f830470412f7618de8df02f8de16b2decc7d2bf8e203bcc44e5c084b9f7963f4add130574a99687365c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de73feaa85a70520a3b57e8d53b7382e

SHA1
bdcf12c66ca97a8cca68f19e2a69f81036823c8c

SHA256
20bc11bfb76790eee2926c9793305025a2b6173d52760c02209426d2bb10c943

SHA512
94bb01d49d38b51bad107e5f404b2ec5f25bb10525daad97d4fcf495df5b902caf4d1d0149e1399bd9fecde970b9feda4399299980160b93e1054cf1e835569a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3f4508412df945d9312e21a7744d408

SHA1
10e81e12902782860f86c7ef2eac2ea4ae766812

SHA256
684c74188a825798db18716232cfa9ecd705e660352f757490d213a711e1078c

SHA512
c0d5fafdb383146ebee6ae154a5592bad108b5de8fbaf15c1e8e45b37268db5502ee8ccd94bed3bde57c4cf754621d58885e4bfb06333a26c8c4261a406ddbab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1d4.TMP

Filesize
533B

MD5
226983ea3b0afe02c68f340bc8fc9d56

SHA1
31a7e01580d646638adc5564aded68aada232521

SHA256
9675c8507c85f52683b5d594d419c93cfcd6d8a5b98c491dc908ee7b2cd2c02f

SHA512
7882aad4c8eeddf4140d08473e5cd96b6f52369a533428451d6f6ab739f54e06f7d470ad4d0830fcbaf06dccc45689c32f513e3d952780cbc5f65da4694886d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f142c2069c75376fceb6c0848a544555

SHA1
75329686ac8835051b05ce0851e1e453e126b605

SHA256
b9de80cf3c92672cb4de310b572b5073976265cf2162005bc51f4bb6b92eb1ce

SHA512
25c95e765b6568d1f723f2c169abd4bafc10cd75b01ad3ad44e51827ac784a29bee198bdb43a14c833af66e558e1e49efb790ef1353c17809e32c5ab32d73545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
97c953e679d03e8eddc9498fd51926f2

SHA1
b52a1f65c9283869fddf6f2f51117b2e48cfba73

SHA256
abb299f6ff49d4135439c32a574c43ff18b37584298e7d039ab5b579765966ec

SHA512
d6e3696d36b44eadcb57fe605f6acbc8c2cb15de82020e75415f3f7e667ec6f85c5be95a5a0efd8e783c02431e0f363a86904574ed358dd2761d3b38d357305d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
125954e03c816e1a1fa07ced802c98a9

SHA1
0234a12cf2f1272ab1167bdd5842a17264413b40

SHA256
0befc6fa5e788851b50dd82f761c933a9e3ef1b9b1d1739b7a0c9f3d2157a8ce

SHA512
939b4eded64ad60d175dfdd2b8fc7bc2adb9d7aac8bb7f157b60ba51a786bd6ce4df3ba537eec3628ef656bb6b54efe78b5485d72d51207e1e0504f0cb4cb825

Download Submit