hxxp://steamcomnnunity[.]com/activation/gifts/id=489501036

Analysis

max time kernel
53s
max time network
51s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10/01/2025, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcomnnunity.com/activation/gifts/id=489501036

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
4108	msedge.exe
4108	msedge.exe
3516	identity_helper.exe
3516	identity_helper.exe
5092	msedge.exe
5092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4644	4108	msedge.exe	77
PID 4108 wrote to memory of 4644	4108	msedge.exe	77
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 4760	4108	msedge.exe	78
PID 4108 wrote to memory of 3200	4108	msedge.exe	79
PID 4108 wrote to memory of 3200	4108	msedge.exe	79
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80
PID 4108 wrote to memory of 4640	4108	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcomnnunity.com/activation/gifts/id=489501036
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf7a63cb8,0x7ffdf7a63cc8,0x7ffdf7a63cd8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,11897359596339624513,4026402583812329482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
fd2d332c1f37375ac64faff4325b7529

SHA1
3c082d70a940b6f946b62e4ca047646f1d6b0685

SHA256
e2cea4502e027a5bfbc536ef5ed1111346159444aa12873b52957df38e3ce70b

SHA512
f02d50ecd49127e409f0bd11d84babad5e4949b966e36363078909f081362c83a960cbdca0aeb3f60ec6a298316633176c6678a48b64f56acc7a7777680078ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8116fc581afb671221a94e6d708ac919

SHA1
ed95600908291c2fa0f615e82fa5df1d204ef890

SHA256
63eea858169032036065cb95f67a33d5549659da104113c6f0bc9eda8517a197

SHA512
ce9f5ecf17c0017b988c6bbb62e877efa26adf4f7ed4d64b2c8e2b2a1b78d135d307667b1932f10a6e9d57880a5d865179b56cc5aaaafdde28a78c44ceb46356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f07326fbb9b98386d3898af1446d71a

SHA1
15cefd80c28c40f4a2f0468152d04627a171a6c2

SHA256
9feb72212ab7ca4be30fb8cba660dfd10d4aa9785e22992b2113c44d567a850e

SHA512
cb89b8806d7c3349b89487f4829acbf0f4085f15bce343f132bb6dc9d3d0ee7c25e2a76ad605e44f46deb31b764988fa609b20c0ae67020815e8320314549d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98d01ce259b2fcf44f65dcf1f8dcc719

SHA1
072322c4eec96cfc65606af45debfa3f14a0227a

SHA256
416c49cb08075d8952b4d23091beb751e892eecee50cf9ea257e18028ac68877

SHA512
baabe9dc359483147bf8625073b93051f36bc3afe82f7b7b71d85308a3cb9636d0191f91859889f92027c14358e11704830fc1b8d6980eb7e164e3bcbc25c12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fda9a1f8fdf6594cf03d87d46ae6e660

SHA1
031ad8ede98ae6480e943a97daa1dc99c9c1696a

SHA256
a502e19ed436e578de47db119d76e0fd8215a848332c6832ce9bed71bef6e7f4

SHA512
e1e99e1f6c5f7c0944238b4c787de8a2c860016bba1ce92377d96c6a7b1e2e28333b77b6395e1c6ff37cd27606430a86413407857cbf05ade0acbb4a0d3c2b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85acfd540b0b6ee4db73d8bc4423bf1a

SHA1
3630ffda5a06bef0422ff4433d170ae201b19031

SHA256
58fad069c77f9c88617bdd56aa7f4f77bfe07a9c6dd0b1705ff7ecc4c29f29dc

SHA512
feac56ae537e6529221fe7dc41782d952d8231060119a4385efb3d890223c6be7c282a8ac39c8c78f6cdf6af090fd6bdf22317e4d1da40e52a1f355c8b2677a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5871a1.TMP

Filesize
868B

MD5
d39ddb7f385d9d945e702b9b93e003ba

SHA1
397914dcf09b5e6f5ee6f629a3fa967899a0b895

SHA256
6925d4392b802a47d849a35e12ed734439163230bda1a215555a3ef2f1f29327

SHA512
57402f3705d1c67b928d2ee9ba56011df4f0230625c21be4eb89168e872286a4b1444c7c864217181eb83c32db638b5b61cb9d76f5bb433068f621cc6fa65550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5b05b1003ddedd398b44735b593aaee

SHA1
6c8524a2dece9235d513878ea5c3916f1c8aabe3

SHA256
e18dca5c6c07a9cd375fac32c1e619989241b39fbbb64c1bc82278fd612c087d

SHA512
15e70132d43fc6104da514e1a566952f50c1e4d8bae4b806f06c1841d85c9845bd49de525f96a1835a5ef041fdce0b1714cabf6bc3b672ea885a307528795bdf

Download Submit