hxxps://store[.]steampowered[.]com/

Analysis

max time kernel
480s
max time network
596s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-01-2025 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://store.steampowered.com/

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 436419.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
2536	msedge.exe
2536	msedge.exe
1208	msedge.exe
1208	msedge.exe
2432	identity_helper.exe
2432	identity_helper.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2880	2536	msedge.exe	77
PID 2536 wrote to memory of 2880	2536	msedge.exe	77
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 2516	2536	msedge.exe	78
PID 2536 wrote to memory of 1848	2536	msedge.exe	79
PID 2536 wrote to memory of 1848	2536	msedge.exe	79
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80
PID 2536 wrote to memory of 4180	2536	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://store.steampowered.com/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8feab3cb8,0x7ff8feab3cc8,0x7ff8feab3cd8
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11532710089469438491,13732894381878515391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
dcc4e53a316717ae8360e9bc4d2276ba

SHA1
f32652b9e1059b6f88f04630ea21a4368ef9b126

SHA256
c230c795f6dfab6f03ecbeafee49c4a56a42ae0527ccc807d6e63eaa06d30e87

SHA512
ec2df2bc7f8c7772ca87f373185a9ca25bdf8f065644ff67d676ca42a1e82728edc72a5ced5abba0e37acd9bf538f8412fd087074c9381ae530425775fd5ca87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
367B

MD5
264f5853a3f1207d5a8d5db5d22d188d

SHA1
f9fa3854c56f8853a0d3c1d697d5b3d3c668b087

SHA256
2e6d9fbaa3df1919071baaebee4c52ccc5e23643756843aaa1bc61c12d85adcd

SHA512
3dbbab35789610217ee372c42a322479054347200a6e586150d98b8db0fc585da9b21db365fb8a3afb2f5f95eb4543b7e6135d8f35f0bb793865a4234e1d932f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9a55eaba2446a79409cbfa2384cd2d9

SHA1
e75d2dc7f0847fec619fa24ea79584e073c656ab

SHA256
9f626446449b24dc0d83fa723f34a30a5ab9df5017011d149e69be54f574669c

SHA512
c0e5f3a704e0476207fdd41cd72a518435fb55526487ff5b1565aeaea0b073767aa8e30f7e523c442c581883ca1ea257ef3d676880581406034a7c3035a29615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36a7df6e21f0aadb8c63e2d6b045db89

SHA1
71ab30091015ebe38a9853187ce52b65e6fe76a2

SHA256
48cca37a2f879802af98e512c57b1e1174f19bacde61b439b180dd436eba58cc

SHA512
5380f77e47ba4637e4a4bb58da58f04a20623612f63545b07d9fa464c05250a501e429d2fb15be3838f664c78802e24261af77b88f3c47b51b5ceff2e6204a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6964cd4b14d4ebd219a60854a431b1c0

SHA1
4ee05800b6e6e455604e56d7a47bb22fd0dd0b53

SHA256
ec1203fbf05b846d4bdc606337f8cc30e87a097e7d3e980be20621de470c1279

SHA512
8f445e882c464a77f546ac6172299f7b38fd40185aeedcf9e03cf5d6d0749b9291b839c2e3b1592a6ca4373e2cbfed4e9a224a342d1259a43355e45198caab31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c87925c60dc212bd65df001efd08b72a

SHA1
13fa5a01898e8fedce90f0832bda0f9addfcf238

SHA256
e17a7f5cd1d3d300877f2b822d65efcd4488a634ec8265dbc7061e7de679d959

SHA512
6f831986e26efb40aea2745cbd9380aeb1e875e8d74ed16c146ba5323b93e61b88fead09e91cc2f034753f7589343dedb4717efaf0bab2d16ff2ef294925b49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
54c1d2133e697fa249ed1a5f42e29cd1

SHA1
42de59efee63fb4c40d1594c980d94c43b0ea5b4

SHA256
c9887ce6fe3e65fecebe35604e621b41dbb8f42ed388fd918d450b9139aea5dc

SHA512
26186a8ce16ac89940c0de0ab0d2e1072496e49e8fcea23c55aa4d0bbad7dd2ff681772d51c6eefb0cab4a0bb8d8b9bf4ab34b3e4f7bd60de45609742930f092

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 436419.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit