hxxp://staemcommunnutly[.]com/gift/activation=Dor5Fhnm3w

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://staemcommunnutly.com/gift/activation=Dor5Fhnm3w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
4240	msedge.exe
4240	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 3532	4240	msedge.exe	82
PID 4240 wrote to memory of 3532	4240	msedge.exe	82
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 2412	4240	msedge.exe	83
PID 4240 wrote to memory of 3264	4240	msedge.exe	84
PID 4240 wrote to memory of 3264	4240	msedge.exe	84
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85
PID 4240 wrote to memory of 4800	4240	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://staemcommunnutly.com/gift/activation=Dor5Fhnm3w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c6c46f8,0x7ffd0c6c4708,0x7ffd0c6c4718
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5149530361729615315,17530937570907637129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2600b061e1581e0f2d5e88c9ef02a3f0

SHA1
9b3cffc7a0abb354bd9f290dfb10a1af560e5a23

SHA256
5836e9722550a2b43f1909f98d0674c1a1e956a70bd175c1a0c20298f93ab58f

SHA512
3257500f4a9faad2e4ebdf228233a90e572199fffb97bb66e6a340e54044ab8d67b38a1034020035191b1acac9fbda322d910516a4bd2a89ae3480a91dca08c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3ea305672783c961483c8e0d898838c

SHA1
9e5b3731e36b14ce4eb5b6031dc5874b08dbcca7

SHA256
8e0f43b20ca2bc57821a184fe7aed27d2fa02047338b37360f3c8251086f0ae8

SHA512
5034c0adf8440f9d617a116cd0bbf5f3ae9e06820d26daa6695e573378462aef605dfe5505ac1121fdbd65233d1158ddfe82963d3c5505edd7c0435aa5071951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
5666f2adf6371408019310b4658eaabb

SHA1
50989ac65574c5ac4a101fb9d03be83debcd1c78

SHA256
1ec57e81a9d44a9ed52d8b11b6e61fc2bcd560af2fb681e85635c086e71441b0

SHA512
df203e630992af1edf675e092dfb6582c9db05d4f3f14ef13c955d057f1b108182d3858e41f8e2e76f143daf2110164ac005228cf006f744472600778faae5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
707B

MD5
10cd4765e267bfc888ca7afd5c3257bf

SHA1
c2ad676fa2578e3894ed93c506857da5f507134a

SHA256
2f3ee4b34c0bceb7d8b750b8cf2a37d46261a9448343199163a64ecd504b9c32

SHA512
b3a142b5c560031916d2888d8cbda131053427274661791a4b7f7eac39dcd858c4ef3107cd276dc724a10d181b90c8c999d9ae5f9ed75395be8f739d20f23f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ff82f6d489f55554b6dba39c1c4b78f

SHA1
398852c105ae3086e8e9875e711fa7dc75d9e453

SHA256
b8b3e041bfc972893cf99dfc1f56dc6ca0cc005aef0a18200a54d7a94907be29

SHA512
afebc090c737d42b41c61c4397e382ea5460ddf5f9b9c1d6d23410cdab16130625033b213896481cca426a112091068b7f691b2528cf5533a604d917ff34815f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c36e05b2952269e51df3c5677c33a41d

SHA1
12130af9bd47e8c6c81293b172afa6e32cd69725

SHA256
8730dbb3d8c6773e98d998a051601425c9a3dbe014e4c10dc7ba014f0ded448a

SHA512
c184fc030ddce91ab52e2e835cc2bd01fca655a5af72ef68675719ed285d53146d0fb30b3c1fbd331f158bac52538e52853fe5d111834b4f71cf100c4171d6a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1148d36db5172dbbff7d340e03ba3056

SHA1
b50346b7d3638020d0b308b846c1457b3d316f3d

SHA256
8135c03865363ae417eb3d8c8765adeb22e83197cc36a0174fddae43d8cfb1de

SHA512
1114cf20e353c0f0bbfe3945bbdfd666b2faf09ef93921b85ff4961afcd2c2a2dd58475ef38785b23dba6ff3ac7f31184d17bd1e8b45078a7d4b50288d2c9e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7d231f480867d525c7524ac39e03ea1

SHA1
399f45674885449d68c7903cc8a37eb4ba60f471

SHA256
489b282bc2ab4ab1ee13b081fce7d69972b24bfd93fd85c6af80c5feeafed4c0

SHA512
f9202d014c47e29b3698b7ed0bc5e0669f51335fd29720bde2dc9594b67ccf7e39c7d52b17861adf1e801564b15ba8d74af6346aa6d074d558acff071aafbef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
410f9a2367c599be7ceaaab7f449e8d2

SHA1
6f996b9c78c8d2bcba82c65af75e728e23fd795e

SHA256
d99596aae058b561d237f07a27fb85fe8c45cd3473b9ba0649e1963ea4244287

SHA512
0b0ea6bcb85eca0d3d051b5658aa3d1dff8640e6437561151fb56bbe24443f7c3a173f3f78e0ff5ada809a88c058e726abd6030f4a7436628b35590a413b998d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b070259cbf79d5a6d2d6efe9ab6ee12

SHA1
86605230f31b039d5362e09c373bbe72291cbe94

SHA256
b4fab14d49c9d11a891a434b45a28bcb9a05c705479602c1b513c15075b38c8f

SHA512
3ebcde16eb34ebc1498168e9b34f9d992c8309065b424481b6d40a5920ef55513ef86e8d42d661215af20acc377c8d774625338a1ff023e27a8126c58dfca0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
c05a8adbd7970896a94483bd67067ac6

SHA1
afa9e5cc6065502396590edbe9d18c2307e4bda2

SHA256
347225d74e2fa570eb62b2f779f0666306a3729adae85759d747077ee35e7083

SHA512
a3a2db3e4690a6902c26c4a67933452b84432ca7c58e42361c3a015d29be5931f476f810cbbe8fae084409087f1f9a5ed9b847425dafb8a208848e571ea27a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0c815012dd2431906892155f247f796

SHA1
27bb3d66ce670151654e32a06256bf5b13216709

SHA256
2a91428ffc1edace683edd6033b959769d0c4c017a20c15daed6c46b90a982ac

SHA512
6b8919a0e8cb1c47a525fe77616188e89ea4458f53975f9ded169f5949afa11ccb0141c8f6152e93a45e00f3c2fd486f5349ef03f1b4aa4f6de47119233d16e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581da5.TMP

Filesize
540B

MD5
9520f181930b8e5d1b8637c1ff8fad44

SHA1
77d2a5a9d073e9844bd4cfb05b49a0fd29859657

SHA256
9c126328135fc5cbc12cee76fc0ec481ab46069ced95073472a54ede1e84c570

SHA512
66730ec7a8151e9800741116b2f48e1231679fb38a541296579a2aa0a5eada33827b1b3053f56a62875ebe6a7d6a4d183fde57cecc5f1de05c8c2598478a7131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a257a925ac4ffaf26c02d4677e5c3f5

SHA1
7d65670727af620b2f0fb591ae564ce4b038eec6

SHA256
eb20651cc99f96c66267f354bf5400e573196dfdb3b17330938ae6d907d7629e

SHA512
bc84dd51d0f7e490f2fb36ac2c836b4606204a4be7a8b96cf3e483391414028387b37876f53033504a6a5379c9db63426c99fec5b2651c020d57bc9b50d10c14

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit