hxxps://steamcommunuty[.]com/gift/id=1737219938

Analysis

max time kernel
52s
max time network
49s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25/01/2025, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunuty.com/gift/id=1737219938

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
22	4488	msedge.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\29b82c2a-3b23-4f73-9137-ae5532e3accf.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250125125511.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
1744	msedge.exe
1744	msedge.exe
4504	identity_helper.exe
4504	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 4784	1744	msedge.exe	84
PID 1744 wrote to memory of 4784	1744	msedge.exe	84
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 2332	1744	msedge.exe	85
PID 1744 wrote to memory of 4488	1744	msedge.exe	86
PID 1744 wrote to memory of 4488	1744	msedge.exe	86
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87
PID 1744 wrote to memory of 4596	1744	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunuty.com/gift/id=1737219938
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb3b1946f8,0x7ffb3b194708,0x7ffb3b194718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:324
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x118,0x254,0x7ff6098b5460,0x7ff6098b5470,0x7ff6098b5480
    3⤵
    PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8763924111724873170,6928829977619710427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
34dae7c722275716b2f9e9a9f6f6cdff

SHA1
8e8f176998517ca03652eaa91ec6d9c2a99130b8

SHA256
ff1f7b8010055ffcf4c69ffb4d6caab4d3cb0808330ad585b2117606191dcf01

SHA512
c92ef9f4904434abdf450b38657eee9fd09289ad88ecde76f7abacd9f5fc759d1479ef6b4e007100789e1ed781e87db87abd9dea26d2533c4424abb409cc597b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
dea2cdb4763e5f0c31d8a7d162f2c089

SHA1
02b4ba83e5105c39cea80c6b992e5b088abbfd1f

SHA256
e5d3def3b52dc47eea1a310f48063951c4d054d2495effac6febb2bdfc6437a5

SHA512
cbd13f7d74c61fc7c84c2131a33a0c772b0169f5a2ba909c3f74218d7cbdc7cf048ef35c1b9f6afc80636538c20c7e78f038bc8e233fd5c056a5fbad05d47664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb8453a6970257f3edae269688d8ff4b

SHA1
de682b97bdf91757d028e0d7e875a12b0f6f03b2

SHA256
495eb458d6bd083b5c4a89318c8bff1277f81efcfd9e8806ec060835801309b6

SHA512
ee437af1c3a36212743e454c1a6313df76631ec765dc45fc68e81d984d43fe01445bfec1029a0985a86da041b0ecfdd6be15633cdb21c1724ccf19d6e0c754f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
838b8783710314cbe7c22417ed73da55

SHA1
66f00d219efee5718b7717c767e4bf2eed739135

SHA256
111ea6313d39648c03b34eff43777f9b57186e0881e53b4b246d6dd2b222358c

SHA512
7fbdf3baa416e58d31501eba76da9fba660c59ae2d47f753b07ccfbd7364a8f3e4775db281cbb81ea81a63a72fd2999e75e6b1d42d038d96fc7c4b583eb6ebc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f36441bfa6c31de61b2019af7d26fbe5

SHA1
df9b36f9bbb7ca78ad1b9f37700450427a01eb2e

SHA256
3d9d0d8e72327f59778575b3b26bb6f8b3ef157902fd90228fc0429054741fa8

SHA512
96b3cab5b8869f0f93ff690cc34da20ddf584e2d6bcd9798453836977e51f012875ac05edcc7da52c987bf99991729b60eabed6f4b31d229d8290e4f5cecdb8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bc3a0ca62cfef580ff9ebbb7afc92b9b

SHA1
fde9832ce521fcd53850d0701a543ef75b772e3b

SHA256
b0203fb7c3812937e92ac04ad6065a2129bc165a36a60a4d2fdb0accc4499464

SHA512
fc1f3a5bd2106d9b6ed5a678c2f4978550a0d7414172b0ce6954a835b0da01ac28c177955a48c2ef56ea3d517a6672474a9cab873aeccae3f22a45ccf2d070de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f6330d17e3ad75b82674c4f5ceb79dec

SHA1
1b7ba25d84f77941304d7a03882183e1a9190b2c

SHA256
937881dfa12367f70be03ed53932cf80ba70b395c9933f1d0af8573ac2b73db5

SHA512
0e2f1eb87260d474abcf83cc317c751012aa51c86fa9b7e9754c0a3b07d7fd13e39c60ad559f5a951f1a20821da2704303411cbd10981cfdca62bc2fba513722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582333.TMP

Filesize
371B

MD5
7bac066ff4e532ceed6b3af5303800cc

SHA1
53fd980d09084ecc306251a814efdcef6a7d30e2

SHA256
a3fe09714dd9a711f8b93c4e61a7ba2f9234a9ea674bcd5191ee6f26325b96e6

SHA512
681cb656bd5b25eb84b5d04bc36f16aac2c11f51ea0efaf60c7945bc4439201753f2254ae18614558572b6237fdc18968cbbc09cbb45076381534d4929c81fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f6e632cc19793aa7b78ac9637f3b45a1

SHA1
f30896387c914e6aeb1d19d202e3e280cb731626

SHA256
ff3ed89ba4a25223fd376def151195ad5669e06198c414b8bbc43ed183c15dde

SHA512
202cb5c7e3f355b1f69f81747857fdac3628e828b94b2ec482c163ab55b62eb7a4889be711a5f3bbb6b50ea26b6a64243defbdbd4a85d98f9b033390d99b7d24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7dae341b31073449926644b299107f99

SHA1
7de352b2feb5cc9c0be6da125c6b64c3dd6c9176

SHA256
03a2e302d544f44b842d6bf7006efb8dec902e365293c8e656529b0e93c9be1c

SHA512
1057bd13616afec1cfddd77dccf4d75b3fb33247660724fbcc1a013b9a7ed2241447e1e57361e470f16ecd17b0083ebb9970560976215c4439541ddee04db691

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
29fdc6f1255f2242649eea69d4e0d99c

SHA1
384a1ae4bfd9b0c3561bd354d95217d01711c260

SHA256
730012204dd5f3eac83a48a2f666c34e4757ea63985db0be2db6e210995037fc

SHA512
6cfb00343548ef2854a10054a325f189c0f0fb6922cd1fafc3f3c5db3d9b821b69024bee49b66f43ba3cba19af604f8c3d2b80e76bc755debe2937f30458ee82

Download Submit