hxxp://staemcommunnuty[.]com/gift/activation=Dor5Fhnm2w

Analysis

max time kernel
90s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://staemcommunnuty.com/gift/activation=Dor5Fhnm2w

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
3472	msedge.exe
3472	msedge.exe
1428	msedge.exe
1428	msedge.exe
3548	identity_helper.exe
3548	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 1012	3472	msedge.exe	78
PID 3472 wrote to memory of 1012	3472	msedge.exe	78
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 1656	3472	msedge.exe	79
PID 3472 wrote to memory of 2704	3472	msedge.exe	80
PID 3472 wrote to memory of 2704	3472	msedge.exe	80
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81
PID 3472 wrote to memory of 3056	3472	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://staemcommunnuty.com/gift/activation=Dor5Fhnm2w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed83e3cb8,0x7ffed83e3cc8,0x7ffed83e3cd8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4387825440225015480,5849609871069792308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
869c48fba415935c86fad7791b9c9151

SHA1
4398cd238a91f5067951d3cf675feca52811b3be

SHA256
46b5e85e0ef9842157704df88d688abc7c439ea58acec3f552d6f68e7d917725

SHA512
076a3ebb841038871172454e4e9cf9083dbc9bd88f1d861315cd8d2acd2cc606af112c29ce3b191ae59bb3eef620c4cbad4bfb0b8f0ae208b7096232387ac9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
9e41df9f909e13b5696dbd42e2eeba3d

SHA1
da7d17fcd1f186e3e34df57f81624331c54c08e3

SHA256
44585fd73272ed6930195960ec06d42179ed528447a2aec72b1d631ba16a1bf8

SHA512
e517a5aa5c02e2bffc0249843a3908b9a6cf2f8a03a80c92e3f809cbcf0f6dc830bee8d430b4f7d31298a5bff89edc24934c54d189d78725401b74caf5050912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1e19b9ada8165c11e9fce2e6ff9a3bd

SHA1
93965e17dc8fab55517265f733b64372ce20110d

SHA256
dcd5fca0b542de3dd20f5db5e4312306305326a75d44f8974bb97ede97a5fde1

SHA512
d5cad9e7dfff84cc642ac0a5ccccd588dc09f428fc640e45d417706e9961661199d0398138e1b647f22b90796e1a9708c27b11f6f00726f74c5440190d0ecb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
860f336a29703b746861b4eae72cdafa

SHA1
28ca4c5052feb4fed3a8716faae7dc83f9e04b92

SHA256
bce5167fbd7c089e171185dd378ed7c60b27f7d404a42d899e1d9f6bd65cb8af

SHA512
631d96b2f38a7dfa88c207691d48a4486af2ba9361211277c70f19d7a2dd6b29f46f5594ee9605981c5319049972d2bc689055908fae80669cd4f36e2e642f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
374c9e414848de723158179f4a0d2142

SHA1
f25e3ed819ead9dbf3a27203f450cf84bcb1ae37

SHA256
82c72af27e377ee00ba3006bc7ea966daed4654b60dee10487c628baf23ea0f3

SHA512
da7a2f0d7f73d8094ec25fe5b471c72aefece9e45db79e2beb0c5615ef6ff751ee69223d4663753f7d01c7632789ea90d37086e93f765e4ac581889edf96cdd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
4977ba2a05be304a17a927d044ec1041

SHA1
7379d9afdba83f7c13df96db8c2a239b9030a35f

SHA256
ca539e8d68e514eb158a15cfc44f64171748ab31e2d2710ae75049b2cd375a99

SHA512
d2a696f895d8f3136ba5eb08b27b6964c2a7747057e6630c11ffacea9561ef1999672ce32e8185b72fca7050d821390992900efdd27ab40264f3948a55099764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d78916212f3ec3cc656ea5be0a880845

SHA1
3127f02a223e0277811fdef067b01267d69670f4

SHA256
f53b2bae602a8529af462f22be143710db1c1ca344094eb5fd256342302e74d8

SHA512
67e0385a35ea43015c8bb68985ce7003c944e37605f0a282e0d9f881fb4280d3bfd73ff4727fe18c755e98ed25e7d118d65c299e1c1a077891a2ccb9df616061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582a47.TMP

Filesize
868B

MD5
0909ab7a8e1bf89fb6096dab6312adf2

SHA1
3beae4fb4451550bbd2435ef0bd555dc95d6dffc

SHA256
18b0746d688441de7ba9989eea387403a0be7ee68f4ce9cfc3b4a66b7ac58959

SHA512
8ed927aa36e0b1037caa1f602d62d3f003bc7d84969602aa12c825dfacdcb4c0d8412db5ccf9469d7bc914995e1fc77d48e06b64395c3a750d1d6897d16a86ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c27e904425eb80cc3c85db9fc351b834

SHA1
99a8f78125c1567e0abfe4c1be007400b1465ae4

SHA256
7218d736d2e8ce8d97ad1d751fcc287197cdd530da2f500c2935f6ec1ae22e89

SHA512
0c83769bad2f0551293abaf7dc055a98217c87ec5dd2f3b6edea3e00bc9c485d2b16086916883f07c351aeae21c1406c3b1443b38394056411c746447edbfb85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit