hxxps://steamcommunity-tickets[.]com/gift-card/638616157

Analysis

max time kernel
198s
max time network
190s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-01-2025 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity-tickets.com/gift-card/638616157

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\777bdaf8-9d6d-44fa-b8ae-48e22a00ad2f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250110185650.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1132	msedge.exe
1132	msedge.exe
4672	msedge.exe
4672	msedge.exe
3948	identity_helper.exe
3948	identity_helper.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 448	4672	msedge.exe	81
PID 4672 wrote to memory of 448	4672	msedge.exe	81
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1224	4672	msedge.exe	83
PID 4672 wrote to memory of 1132	4672	msedge.exe	84
PID 4672 wrote to memory of 1132	4672	msedge.exe	84
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85
PID 4672 wrote to memory of 2376	4672	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunity-tickets.com/gift-card/638616157
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb32e346f8,0x7ffb32e34708,0x7ffb32e34718
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x1e4,0x254,0x7ff625155460,0x7ff625155470,0x7ff625155480
    3⤵
    PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4594012963636860682,7818753486782851798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2596 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1d9fd3fc-6854-4d26-a6dd-ab80cb3b0de4.tmp

Filesize
8KB

MD5
d1a5c234d56204cfd1026a0f27145b21

SHA1
4844d9b781dfccf05f627e3f3494678ce1542140

SHA256
2edb0d6b0625982c97837edee020a0cdfbebb84c714d95b0e3320c2ba52769c2

SHA512
125ae7686ef3c6c325a8b706d209a00b51701bfe25ab294965fca0c005b7176f058dfcd9a3bd456a9735ce82e7177df508cc4cba84b173dcf9e87569c828c8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6547c6e6bdac94ad11ab8e5311c7e265

SHA1
cc3401985b79ed678f8b94b0500766691044ee7f

SHA256
685aee2efe60adca559de33807715ef5306c5ccb8857070155eae3d7ab397e3a

SHA512
d685ddcb513af37ea57e0255d9f5387266f882015b9cfca8f100931dc1629e54d1150679e4562717180447887ef7094539df668707dfbdbd3ef9b4920de7dcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0526f2b37744871ef85ad98e2a03cd78

SHA1
7e8475de7f5614e30b67793a41d35ff492aff7cc

SHA256
68ce145d21b89f38464ed7486c74dd55a7e28e5ba25bb640cf4059b1bafdafd9

SHA512
12ae36f493802621601887cdc25e3d7191bfa94f0e784f11f18bff4bdf407efee195aceca19fe151718e9e7498a4faf0ff885e38cbc8e1e7a5d5d81f400b1ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
066c8d05dcac9d3d77becc152c0d699f

SHA1
36b0dfc3276c9f9fdf1d0bed08d9e26448d4cd08

SHA256
81287dc834181b7cb97ac6d44ba6648208c809461d7c34d716f15f75dc73d8d9

SHA512
addb9cd9a2ab85167cd99dc0ac4a495fb2d182e2894de4b0baf9ce36a727e2841fb6303afe9c67d886fb926f400ff0c05b5aef9267380946be570bbacff2d494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1350249f5e890836ea73a205ddf9d6b7

SHA1
f71c6cf05116dbdd8c47a991283e1eae9d47ad21

SHA256
2bd462ed7aad827c5139454f3de936276459889beef4682e4396712260d35187

SHA512
479c183d02b68133cb09be88583cec1e1197c72ca89af7287464b489726b3c4ed7b30cac9e36f1f9c7cf2b6f834ec5c06a2040e47a874741f626ede1ebec149c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5cd0101b0a2b85520cd6a2a94b249ab7

SHA1
397a852b9a95932ab4bd2c93424cfa5b4ccb3de1

SHA256
724508d1b4b973869b34d93e477ce305077b777c6084f9a87c09938d3e186988

SHA512
753ee40c79ef154938e0ecaf5cbe3d8d5b1a309cb3ba2355226967d7dc1a08c8039c391f036e2a7bc3d77bd3bf4b2925366cfac8e8ee9cb4f48f1a7b72b65c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
a6b9181168a077cc86c6b7cb09a8daf3

SHA1
632cbdd36ea16f18f311fe5aa9944f4f13aeb0a4

SHA256
6f9e3600575861e392ebbff76f81cedb14c26c788e5b91a8e402b47734b55c0b

SHA512
d49f484c81d59515dad291cf710218fdfe8b6f7599904529698d6b625b45758e4c8170feb10c36fe70c14a0275744516825bd426b8fe891b7ad0f183596bec3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
996B

MD5
1b4afb04b27e189f44071a1ec27e336f

SHA1
319e6b4225a73e36fa50aa54e9f03673f95d8170

SHA256
e649bb93ccdca34bd1403447abaa3e7eef81e44368d926181e296403690e0a4b

SHA512
8c8ba075fd1ccfa95e9b67d66f1e27702d03bb8ec5fd8a8f2863e09b4e0d823bc9fb9189e11c8d88da1b7ddc1e1f76871801dcb358455f40035f36b72b1409ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
126c59a76bd8a2ddc74fbfa6298f0f11

SHA1
0d0300af6965fca2ab19b8057d0e5fbefa48027b

SHA256
fa5de5b01847306b9c2d5ef6919c20c4545d4ecfe748757f272bd28f511a8a5a

SHA512
8a8183095772cc21b436755cbee193aa38fab1a923ca1d4b9c2e23599f250eadecbb2e90d8cee24fc4a556c97de91a8e6abe10a1fc5ddcadad7c245a75d6e8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58b551.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
610f1fab4cc364729904750795e81130

SHA1
bc1ae448666674b52df93a75c7f448bf96697eda

SHA256
be004bff9ed4905853c72fd9cd1a12b377a7653dd0307d1aa039f6d5bfa8d363

SHA512
7a7cc31d0cbeb54e13bc5708a7afaa175040c57a3aef0bf77df2a09b0c6e690c81de568003f51315921f9f0c99ce073cfcb79a197b7e71c13d80e11ebf540923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
584aaf46bff4c65e748bc0592d19968f

SHA1
71ec0ab18b05b5b817e05bd0721fb04c9b117abb

SHA256
494dc884e1c966910626bc751444ad2a837a182277eab0c9a73910cf65353179

SHA512
c7cbfbdd4cd527d5d957a72b2fc2bce02dc44eb24283042ff6b0d83e3374e84119495681f6e4d57c01616d743835a6df5a5383b926bfc9ca14cf969fcedf2739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b040c3a7a5b278bb461c44bf10a998c

SHA1
4ca65ce8fe312d39bd9dba2945f615ede3391327

SHA256
96d5ae83e55a2e563f64fdd45b54d780c6467e4a2e59e9692d5c189a87d7588e

SHA512
7ac342cd743b956c149dee4949eb7ad77738ed2abdc7223a00e68c496ae196c14539a7161617571bf973493600c8dfd4e41fdc2b9cec1b5c18403e580533de49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
10e45360fd9435741cd3704e74733bf9

SHA1
79ef7f7d347ea05fac57b7729a8bb06f614b9365

SHA256
334ab9f19fea56852e289532f43b3ffec9a60851d4e93027bd0a87d73ff3e114

SHA512
2e280be34693520a045b88563e4a805f3e746fe397bc92da9aa175c9e77f1452d4af72a68a1f8260c24175ae66890ed913ce3b7504fc876ca802c067b0de2d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
54d8d5d412f3513b3c0f5d4f86a4874c

SHA1
bd77a00fb917760fc161fe3a4d87d67182225c77

SHA256
ed80fc26e71dc195ccf0e92873cd3f2d559c83a0acf763829e39d0b2921028a0

SHA512
8bff2beee1faaa562c6b332a0cbbd633ac52c6d60fda2e6ea81a888d3c6a85cb7e6f8ca5a111e61a6abbe20e5673ced2eb0295166bbc222b7cc29458515dbeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
53aa92384f8dd229643647a024db8d61

SHA1
4c1434d5ad4cb0ae4b8bad2ee31f82ba67581992

SHA256
88831be300e64e2d65654f5667385f50a7c05925655a06ccb8252a161455e28f

SHA512
cf23d5eeade7ea6d240cb1b8e30adc2b4f0e1cf0359c802715caecc9855251b2a8affcc7cd0c7d57339164fd8af5dde4447f244a4be3c14d5d4f95990bf879fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
269db759e89c3081f1b2063964297875

SHA1
99e16c9f2f34d75e26d0d3e7c9625c20e50c61b1

SHA256
83660280978af5b8c1fa53e679e03ab3aad9883c4418894143fa0a307b5bfdce

SHA512
db526bd3e6a9d4fdad52b93e1d884222d68f0a93d0d43b6b4f17f04abb125f0f9419869107ea4a0aef1fbb736b9a5a886a677f1852db544810e3b7de4b4c6dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e34e98f954ba767f4279e96e768389b6

SHA1
d2758f3d16454fbbc68b8328e80f5fa734b46833

SHA256
b4c4567f8c8641a20dd0c6b1a9700ac520105bbfbd23601a2c163bf4c02e8a05

SHA512
fa7410971bc4b89bcdd041e0fa6e2906a591f39fcf4fa6b214326d9161c031a1545b80ac77efc63f49f47b20ef975b3b37bcde2c1ef2ce205bdcb5733c8ed2a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
4e79a2775003bb395015f2842599f5bb

SHA1
af05f4f0b97ef28d5a34e62d56cce0091a598d3a

SHA256
5b993316f51bd71851d0ba4e1e6fe14024f3f1fa3a338e3991dee64d5c8013fc

SHA512
477ce4bc15d45ef517f5623ee69e735f07cbe876d9c570cc3a43595473b82a1f1ebb54edb220415928cd0830282b3592be424c46f1d31940e672cb8e46f2c14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f632.TMP

Filesize
874B

MD5
70f3524ff91889b4d1d850e344de6a8e

SHA1
6603a3e5dfbf3b5c0b804e98153d4b9ed8c5a5be

SHA256
193a5a7c573d95552630b839f285136fe62439f21619d118a2693d7af8217b76

SHA512
987f34df9cc5dbac4644ea694b60b6750a1bad6f3ba9db0448409156ac93b9f261f0a7350cd5366205df28a5fe9274eb50ad282405a7538621c7ee028ba36c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fde7a2a3-a01c-44a6-ab67-0f241aaa5cc7.tmp

Filesize
5KB

MD5
f9e0be1025e7810d1574dbe9b5d2e035

SHA1
5306f00ad3a8c4dc6d6af7c0cf776006a5f4368c

SHA256
43a12399b2901b329caa120e0abeca2c7ca6bd38e133389fdb159babc2d17741

SHA512
1e2721139494b6124559d2af1eb76473295836cee404d353bc9e25f3bbdf84644cadaae15ae9c7bd8ac41113c1035e7084efe3d2559932d65312cae6b13a8a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
cd4d8fb15b82573dbb7d36faba2a302f

SHA1
2d7a8fc262c0edcca9d0666e65207774e6a90ca2

SHA256
c15b61e4f5b1388a9235fe8e6076e0e82c7fc6f77f4d4e1635a0a66ef1f236f1

SHA512
ac22f3d6cd27c70a6c3898c84f2e8277b1cbfa806d769bb49aa1ee65e99be862f0e70463be321afb7d9a047902feeb9cad3a1a842c02b9131ec7d79a5e6dfd12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
975e7aad1cd818dd282f18048ff5d4bd

SHA1
fd82821624d48b3c468c1eeb1ea6d16a36a8706f

SHA256
c61efd32b6d455253374ff445f86afb3b1832de4227b7abddd5f9600573da6e6

SHA512
5a59120efe84ba227c1e610392d7c3587149252b946c7ed94231cbfdf612ac470950dface833909225af4e931a48c377443c5e6a03c5492c67d9c861a6c908aa

Download Submit