hxxp://staemcommunnutly[.]com/gift/activation=Dor5Fhnm1w

Analysis

max time kernel
127s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20241007-es
resource tags

arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
04-12-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://staemcommunnutly.com/gift/activation=Dor5Fhnm1w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
1088	msedge.exe
1088	msedge.exe
4820	identity_helper.exe
4820	identity_helper.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe
1088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1012	1088	msedge.exe	83
PID 1088 wrote to memory of 1012	1088	msedge.exe	83
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 4440	1088	msedge.exe	84
PID 1088 wrote to memory of 984	1088	msedge.exe	85
PID 1088 wrote to memory of 984	1088	msedge.exe	85
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86
PID 1088 wrote to memory of 3436	1088	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://staemcommunnutly.com/gift/activation=Dor5Fhnm1w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe22ae46f8,0x7ffe22ae4708,0x7ffe22ae4718
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2712 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=1728 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14310582127202157834,17161906548460864582,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
f0744612fdc2253d390c0d3f97c7c539

SHA1
aa6f8d7b094e5e4e6337b17dba037be49c054850

SHA256
77fb247dd1d857585951c809948492fba5bd84e4b74e3c3d68589ccf8738d19f

SHA512
6b9969c2c5788eb775ea55f91a802cac085920919ef31ecf1325af3bfd5dc6acab96795a1236e9ec9f624b67e42755c8ed61ac3f2c8eeb72b91d09b938db3808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
707B

MD5
82d85e02370d22e2fc004b1e87768121

SHA1
6c43b8815e1775a7a9ec165b2a2d4c5357296efd

SHA256
3521a6c1cf908427142a5d2dc36df1ee5d4541a83ced2086f13aaf42a8a11cb9

SHA512
e777441addfc264e27f547966461f59f5e6c9f898ddd7cb63275aeaaf5577fd9cd5434be18163aa2ee507cd9fe9249206da7d9df82df47a80385b0fb25da15fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
787B

MD5
e6fd9e26d4b28395924ded35e7e75e5b

SHA1
3fcdcc4e9e4ee6debf421f753e26af3756609a8c

SHA256
c5b7a7a5bed880eb70ea18c044c4b5821d4b085fec2d45cb4eb26087f201e75c

SHA512
82d50d5d136d634c23871f32c605ce344be55f8423e8a0aab2a750a5a9599207581830de87ee90c1aeec8b824106d4e80e877324aa829b9bc542fd3cf7c12370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
38b196c697801ee5ff35e57661a70519

SHA1
5923260d7d29204445a8fde5e6d08e97d5aa0f7e

SHA256
0855f2da5ef2ad091aa31afc4a135b272f1b62279c55936d9c53586e90ef2f6e

SHA512
e31f4f2d9138c2588fd81a6d1d5e34f9d04b03932b2d57705a7935e745dc7b2ea60a09d66df5d876a172c042dceb1f4448563ffb7e24e74bceda14b2bdbcbb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d9026fa8abd9b4e06a14d0f81b665259

SHA1
85152a73da5c5f4408ef53085fd19a323dcc4494

SHA256
8b74be6d59cabb4feb5265410e7174594647626780787661b96878d82ad4a45a

SHA512
2d90b2106284a59b8a85a020912c6c62f71cee83b52c6abbd430630315c89dbad2e05d4fa75fe67981c192c2806fc10ed1738346fed6d0da325df7f901e7da0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
678a4940095b387389fdd6ced9b7ca98

SHA1
4854bd3ebd7768f978d6381e0e68ffd7e34a1a67

SHA256
757f1cd874880fc398256861278077ce25e2b289e9699c7e2512c0601bbf032a

SHA512
dc71ab03e83bf0fa9721440a92f5679a87e4c6c17550ae0aa21f8d13dcfe4888486ae5eb8ca5e9a4b861c916bdbcde0aae96c82fc4e2ae67af139722e60de0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90b6b455327d0d0b5a162982a67948d7

SHA1
5d329ddc14f93ddbf387c79f10064510888fc579

SHA256
405633c9f3ae85c18cd841cc6c32b61058592f6f741881bb0b157b7e8a0f6053

SHA512
44d51f8133b2eb6fdb009ad900231a46f44874f5bcd4153903019c12424462f48a81e6d68fdbcf589d5aefbb89d5a60e1ebdfa5f79877bc9c8a45ebeb234c6d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f48c384616c4f5624f2cea74833a5b3

SHA1
3efd0fb8276d9e3619ad505266d559d078b49e13

SHA256
2a71820b2634f80b4245137feaa2e9d97d4abec1804bd3f262629749605095d3

SHA512
8260d155bf09e1a1655117cc270db68062856d9d10e6a7e412a29a1f9a9dfa10fccd93edf3940243bcfa651252cdc9d6f266615d089aed28fdbc5ef42f29b56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
105f25164ae37dfa4d8aa1ab5b51d743

SHA1
19087b568d26b9e4a56dd47a0649203fb5c61c8d

SHA256
1019dc696e87522542ed6de52095b849a13a0d533609b531b49c4978fe248501

SHA512
3fdafbb97b2220216d9ad4d042effebaff58b51e04d73a01a8d3086b8f6699f591ce353a8bf9d8ef7ae979bcd33c1fcae169740dc1a274a9455dd829e867ffb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
939a1e6a5a42a6a48fa8070172b06874

SHA1
191956d5341e8e1f16e6b3596c13ea80aeff096b

SHA256
0823d900d5e731cf3622631e4f10f0ad62143afd1d97afd2a2317f40f2195d6f

SHA512
402187b232b99cb278bfc3103088a42eb2a1b123a323b06f4053c37a2d172c39d2c9fa7d7e5016e39fe6f610d464b54c1063ff868dc6989b4f1a4d88dce054af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e12.TMP

Filesize
540B

MD5
b434b40e2657e53bbb628c9d1006903e

SHA1
8aa3487c808d1f1e9ad9be0b1882ce1e261c4eec

SHA256
fa559d2082d3bb8b8ad589d90f7593942a0f1fc1ba059a854975c010465cde70

SHA512
8f8149895b40ff66a371535db83f0bc6bc3ab3a9eb5c0cb6691a0409e9b770a6c90521356fc23cd60a1e015f4a9eb1879359e760fcfe4f81b9dd64fd0be0d929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99f238cbf78edfb0264c227987b501f4

SHA1
28477a61e452568e67b4344c9683fedc5c9f2404

SHA256
c3c472f0093ee06507d645dccbf0a5515587b69c2443807b8b8ea1c928c690f0

SHA512
7731b4decc1c183b7099b6ae592d89bd2c841242d5eebc910626921f637a3d8d44b6f9f1a2d0501eb31d34129d27f66529802f37f00da2d69e7180e6cb1898f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e05ca640bc32d8025e959b4704358137

SHA1
2d5123cfca95ad49ad1064a22c92e24d123f98be

SHA256
82b75d431760e8ae1f4f2922568f217369518f16c5fe95ac3ed441ee528f8095

SHA512
ccb80359236034fcfaad200d23730c733ca001b12ac3e9a8b0dbce2c0a784cc9f576c9885c2ee41db8fbe99f3334ee9132fc4c5e8feac20e9f8ace2016d0db19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit