644a0d92bf5fe0d0ee01b56b89fd2ffff347558f0e3d7a1690587f0b3209c2f4

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

40KB
MD5

e1032b9ef243c26ac1ff49f3f060f8ef
SHA1

b612b462d42fdf00a59d4dc1c3d9cadc5e146fe2
SHA256

644a0d92bf5fe0d0ee01b56b89fd2ffff347558f0e3d7a1690587f0b3209c2f4
SHA512

11f84305c3f4dba60bf44446fd9685c982446a9a8f72b8326cf2dea76f5d00c213a69e881c9a341a0c65cf1a5d5323fe424297bde7ea35dc2315a1ff838b3f7b
SSDEEP

768:jAXHyc4Pp8pRNVyOzaRChZEK9DMtrEdc2Vm5ENW:jAXmBUDMtMrV/U

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
216	msedge.exe
216	msedge.exe
1624	identity_helper.exe
1624	identity_helper.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2924	216	msedge.exe	82
PID 216 wrote to memory of 2924	216	msedge.exe	82
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 4844	216	msedge.exe	83
PID 216 wrote to memory of 956	216	msedge.exe	84
PID 216 wrote to memory of 956	216	msedge.exe	84
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85
PID 216 wrote to memory of 3496	216	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd480846f8,0x7ffd48084708,0x7ffd48084718
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13535472046875853221,4071294062394075840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x324 0x4ac
1⤵
PID:5316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8d02b6a9-a22f-4726-9beb-d10f2f038176.tmp

Filesize
6KB

MD5
85550f6bfad5f3511bc5958241318192

SHA1
18b27a308cd01e60f529e763baadbbacdab55d8c

SHA256
169bbb480fb02751f19f896f2efc83a07e7a042db64c102c7342147c31d5a0cc

SHA512
c63c62129bbb0270353ab806f13ec7ad01c9d3a7fe9fad9c5f9d4a022f621b7774e9d7d4b97bc0c792741873a33fd7d7728c81da165d6f852423a066f64e3de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c11cbbc5852a0d060dabbff4658bda44

SHA1
5750e26965ddb96176e042d5116d38c297c0942b

SHA256
3f2f407decb032c665314f9565c9bab272e81ed21ccc26ccae52aceac73a5b54

SHA512
4f7e5ea6df82a1e9464f83d2ef7bd76b0407a7a9359ed34ac3f77bcde64427fd0ca0aec2d25bb2dd6ae3cc8c6015b89b43aa0303e37e51affcaa0211979c3754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7d643691ba6e9c74b3ca7925b6a96d8

SHA1
fcdda7f0ff123ccc49ae7396340edc87de6b12c2

SHA256
e09b0056836bbb54a4694bb2cbbb7b6ecc7bc5ebbb81f9e337fe32d07cfe85d1

SHA512
ee536cf384d07beb7f2b44f6bcf8deef1b60770a0dbe334493716ee712359a318250f9e5ad4037f7c5381a7a6772519cb33b90071557548c1b1464208c7dfb35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b0d0dd57203cfa4fca89cc965088880

SHA1
8090e9de1fe8fa6258377c1bc09a813e95b54bc0

SHA256
16ada966e3f6b3a713510bd63d4684f9d8b47c0695c1c022ad7af17e941aaab4

SHA512
baf9f8547180d77e7209b81a0bbe57eaf02db9c428efeca2557e7020916fe9df89aba84d059c8d5115fd3b992bd5509c6e1edd02dc21e198e9d8b264980e1664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
91143e503793ec4ea154a13b1369a788

SHA1
dda3ff46fd01dd1d72fd9b4eaa0dc191da6866e1

SHA256
60603bb97004ce79f806235bffae37eb1b089423dc051abfb769a428046cc656

SHA512
ff1085623fce67fe7b21cb06e92da87de960621828ec1736e3bd5ce6ca2941dd8dd0bf985eef09f891ee1bf42c80c4801ad7a801190595d12b7e493511580c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e5a.TMP

Filesize
372B

MD5
f3ffd8c0504cb331b6243edac1305f70

SHA1
f7ecd3cc88978ad3b906d5690447373dab33bc02

SHA256
96139a0cac1253137f44730a605e2b996ebe94383dcbdae41de8aa7c96c00478

SHA512
53c0ea4c6cce1d55d57ef6dc56a82c23f7ecf0b48b495f4830bacf27e1473623a2a51eacffa227e545719f18b9a75e902e10b6e2d0cfa8bccd1c135cda18e833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db5e056b-f378-4ad7-9451-acfce4fdd86d.tmp

Filesize
774B

MD5
1239bd7ecdb8d82a1586c23fbe08e926

SHA1
60f9217e6653d7c48fce3e16871710bcfc110023

SHA256
63fd4447ff661e3b4f11aa37111818aa959ef484a040dcf944be79ad57163b0c

SHA512
62429daa7ea60828f635aac0a6659af3445f680243682e203c37ad57d7dac6e7c0d00e848c59cd6a69a34023051e48a4a9114dafc4cbf6db9610aa17742b6b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f5b10615291e7823c35fbe48f7e62ae

SHA1
2b99c50ee453d71a33f2ac9841095bf937190cc7

SHA256
247c71d0b1c6bd94d8baf17f396cb363469435b3c41ffc26e5f89d25c25b656a

SHA512
e3a31d632c06efb97c1e3300c7b268286b859cd4374349ab52b63fb7b85cd460db3e60ac9026b52763022852947fe384eb6264dd5f3f283bb8a0b7b3a7b5b95f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit