hxxp://steamcommunmutly[.]com/gift/activation=Dor5Fhnm2w

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamcommunmutly.com/gift/activation=Dor5Fhnm2w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
3136	msedge.exe
3136	msedge.exe
1848	identity_helper.exe
1848	identity_helper.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3136 wrote to memory of 5084	3136	msedge.exe	83
PID 3136 wrote to memory of 5084	3136	msedge.exe	83
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4108	3136	msedge.exe	85
PID 3136 wrote to memory of 4760	3136	msedge.exe	86
PID 3136 wrote to memory of 4760	3136	msedge.exe	86
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87
PID 3136 wrote to memory of 4928	3136	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunmutly.com/gift/activation=Dor5Fhnm2w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9acfe46f8,0x7ff9acfe4708,0x7ff9acfe4718
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12877707614351504403,14255716584395280039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f82d4f2433981a4db07c0a1dd30dac6e

SHA1
046e3f60cb7f0af7d62922d34821e5f312e3be79

SHA256
a328510dee0a2187c465d6776fdf741e1a542fee3d3bf7f56d27f830c5f8d222

SHA512
bdadeda55d59b25d176c7bbb8458bf52167bc187e4aec1a7aff5be598c37ef6f0c7b6ab4984b0e92443a58f86c3a6f640e96fb4bb969451460e125363c942e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
707B

MD5
348ab59c4f7178d82a4df1923c5805bd

SHA1
cb25565622cf01038ff40557e963c182c4f6d1fa

SHA256
2f07ee7606c98d7177be43830968cf8aa462aef02e5b0a96e19152a58890ae9d

SHA512
18be91972ccf08c9fc70ccc2d4177014d6f7d9bd4d556b68b16a37689ec56887f4397634789a2cdaf9f18f19cc2b5589a90abe851bea6f7635601afddf6f5b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f430a297ad0ec999ad029ee88c9107c7

SHA1
4413da724753969c68a8767d2d461b3e51252ce6

SHA256
2f0f7aeb2fe2724f334e3a5fadb3b742eef2fc337867385b47f0b062a197fa42

SHA512
0299ea1b7d99632cc3f1b062b821a64a9f9496f61bd22dbff0440d646655a57301a7552e2c217835ae7269b4d9347da3db17d88a9ba0e6b88cf734ad4dd73b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9ec7bc74fb2375e8775b240dd4bcaec

SHA1
0b31f54a135f6a1c9f45afaec5bd4d16aed133c5

SHA256
6661e0467e6abec79481af3bbb77c16079a63239d197a53479a3ac1c2cd0a9da

SHA512
100ea72c457777507305210e696cf3c30abdbc424414e88912b0a0fe4cc96b5145daa9688a86d7f2cc9a995778aab46e440468dcdfdf167f62e7ceeab94b660c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
114fe54a57793451615e6bb627e71ef7

SHA1
2bc41ed94c26c93058c42b27c57e529198f4d5a7

SHA256
95585fa3a78dd2d74346176813167f1a5c49ee1bb03cc320360133745ef2f2df

SHA512
1931ea63e5d5a08aab15af882e52ffd212ff369c9b74aa4b82733cae7d1e70f521cbf3d41aa0339c8eb4317359ac0f1e6a18cb00e7e882ccda1764248616cb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc56.TMP

Filesize
540B

MD5
c1a7a825f36df1d2243f3aec50b0acdc

SHA1
a6b711af10d85e135ccfdea1e6f5da424b31d2c0

SHA256
ee615d910898d850e7fcde63dcf13d3e2e75b4bba34bea89613cda56b26df5f8

SHA512
490737c3fa17c46bb6e3511011c3cd18f7f7b9d7f70597d155394e448a01b481803d424ca5f0e9c644d7a8a99391a1f2bd0e20d0e042e9b2f18938211dd99c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fbe7ae25-dd52-421e-b2a8-20631a1b1305.tmp

Filesize
707B

MD5
d33752ef41c5560ae8da36cd6210b66a

SHA1
e4b2c221b54bf3c77440390a4a7336218a70be5d

SHA256
50d6b04073a9e9a3e3d8edee06bc400666deb74f0f809be05eb6ee1246d1ea18

SHA512
31436ea6913d488fbea472a1013ffca789b5285e8a271625a63d075b7911550a34c76354ec9371dbf8e33b50f4ba9477f0a67f2f067243c07621bb2d6d8d6ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6095fdc46fbab153265d04395d1d8051

SHA1
1748df54309676347ab4dec1a39cff9cb64c11f0

SHA256
093a3bd03a43c49fb8f60de002cd3ad63f6451dc892eedc6e6f19fa3b63dd2a0

SHA512
e7bccd9d5d69d11395a1d1b7cc7a0b808aa1610fbd982a89d88bc8cfcfa85f66cecb4d317d9854f11cc2bb811b457de8cd83e1960dbade1a6dd5a9e65c415719

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit