hxxps://steamtickets-20[.]com/s/RQAR

Analysis

max time kernel
145s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-01-2025 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamtickets-20.com/s/RQAR

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
3032	msedge.exe
3032	msedge.exe
2920	msedge.exe
2920	msedge.exe
4244	identity_helper.exe
4244	identity_helper.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 4768	3032	msedge.exe	78
PID 3032 wrote to memory of 4768	3032	msedge.exe	78
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 3920	3032	msedge.exe	79
PID 3032 wrote to memory of 1176	3032	msedge.exe	80
PID 3032 wrote to memory of 1176	3032	msedge.exe	80
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81
PID 3032 wrote to memory of 2400	3032	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamtickets-20.com/s/RQAR
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff70b83cb8,0x7fff70b83cc8,0x7fff70b83cd8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15562855718314932148,5441965324851116798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a36062c2bf6ffa8441eab13d88f13c6d

SHA1
1eb729cc34a3c4d14b308938969196f7b251d9d6

SHA256
93653adf666f43549f559d14211941eca30d848e29971fcffbff1a56bbf5d91b

SHA512
ba913160ac3c98be94554ca87f9ee083ac104e2d6abfeef72d2ad0c6a28b2fdf22128e9934e7f1af16fb471dbf356a8e7a2620acb2cff9d78cfaf502f69f5e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3ef231b717c13493e40a7427869a8c7c

SHA1
71d760cf319277f722d5f98f99f13041d3e1c19e

SHA256
53689463667229c40cbf64d5d31bb7f1c9855c01b21aea8a65189d4a104cc694

SHA512
06f7ee73fcdfce18f9e1daf62b638ee13719d4d06069d3731b202305cdfac580e6fb16d6ce77fb6b355c4a769ba43613527f4f3629a6808b37c595aba0f7dfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42af67e8da780f2b242648e6f24a249b

SHA1
9ba0cd9f204dbbe9d96d75e1bd9ff0ad6601c7b1

SHA256
ecd26ee47a15723f29095e4d5431994376be962248b0432585190e0780c91697

SHA512
8b658fe36604fc5fe356fbd61208e6de682c6183dddaeeba6244a2fbee803bb1086b34c28836378c38211a492f1f94bd6b011d9998c737bd6dd166b586ec1d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73f2fc7e4dc74f3edf37e3d67c3a997f

SHA1
f8dc0ea431e31945843cf497757e895f41892753

SHA256
ac307d2f0fc2bfe8fc490dadeef2a98d862c52345f6b165386268bee5b213cb0

SHA512
b62df1ede25fefb8a7b7755c68e5ec1728e3079b6032113148af8352e586b1a5cd76b2cc4c77805bb7b2671d07e5a640a4b383843429a09ff7ee0dc68f3e7e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e3d5ffd579781cdf29643c6f3ff3733

SHA1
70c4c3aedc73a2a963cc75ac73ca351361d23248

SHA256
55db224a54661d18e8aa1024cbcbf2201fd8514ecf1b924ac5439743be4a0bb8

SHA512
6247ffffd518e6e24a899953a9eaa85174787992d8e4a34951ff4503d9b25a53889578d7a7759c02d09d801d38151beee263a2735c8e1763ba53ea10de2745c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45bb4394c97f59a93ebfb54a3ff36cc2

SHA1
b48f523c52da75489a069c95622e6f34653fdac4

SHA256
3de2c9fe32c29f8e7d061d051b6c50f475a8dd57bd8c9552c1a5cc227fa35758

SHA512
1be76fd4e56aee2899a92b235b9cc75a21f9495c071014d10919614e1ae17a958ebc2d16a367d7877440888947df80139a045a439cf4ea4d8c8ffedb0626519e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef723bf840be658c3dc96062e0e11ac6

SHA1
fabbd7e803b1a02524e2bc3e6d9bb7d2b936e484

SHA256
17f262c2b8eea2e6d45a5616a5f3a664c74435f8aa0fef7512b86a53b9b90e3a

SHA512
9c47c4179395ae99cbc544a317fd380e83a0646468c944d5e12c5206410842df64bb9c2ec2b73d1f9f9db9e001ce024dd8a7901d054b3395ae7c39290ca4f28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58002a.TMP

Filesize
872B

MD5
4b2bfe2f8eb7f3ff7b23fd0d1bcb3b46

SHA1
40507fb9f32e19aab9d534dc11d61d71c8f0651b

SHA256
12c17d7384c8e0f57f44b7a2b691b05f79115fa4422b51f2f600d7a04109353e

SHA512
615f523d98c5666dabe6b3f3646020095bd87f8ceb5724a1ed52070660f50c03a7b990ccb858d06644035a7041b740685e03fcdcc2eb4e920a9e6e4f1c3f63fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3bd252332e6495d298687c67c80e3646

SHA1
73da7da4dcc62fdf9b626638f0b31d3bc4986c08

SHA256
386712282820a16e9338bf93bf8a5bfe6978c7fc457127094ce16a128daaebeb

SHA512
ee091931b74ec361df83ade1f4280922147b758342097e9dd3f1a044eba3979fdc392173818c2bd8f585d853f573e122543f01155a506ee35f669c6888797da3

Download Submit