hxxp://staemcommunutty[.]com/gift/activation=Dor5Fhnm2w

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2025 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://staemcommunutty.com/gift/activation=Dor5Fhnm2w

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2716	msedge.exe
2716	msedge.exe
1296	msedge.exe
1296	msedge.exe
2976	identity_helper.exe
2976	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe
1296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 884	1296	msedge.exe	82
PID 1296 wrote to memory of 884	1296	msedge.exe	82
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 3708	1296	msedge.exe	83
PID 1296 wrote to memory of 2716	1296	msedge.exe	84
PID 1296 wrote to memory of 2716	1296	msedge.exe	84
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85
PID 1296 wrote to memory of 4336	1296	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://staemcommunutty.com/gift/activation=Dor5Fhnm2w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda90946f8,0x7ffda9094708,0x7ffda9094718
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14307441177014096612,2222585683881627628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e40f36e0c2c5088a47e4b18b7e35a0c

SHA1
334fa8a6eb1a9fc983f365b5775bd7d403a8108a

SHA256
d15ccf57ba8ee1e9f1dbdacdc39ccdf991c16975789feea1f7818347a783f30f

SHA512
ac8a84228553a62183d967ca6227ab945f0e48fa4827b1f743cae046375bd1a738d23248c37d963bb661c94aee5688e629e8ca56c0fd4ea83778f12301490c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5005971b5593a28c246ef4fe444adf69

SHA1
4a5bff2e881658410203cfcc252b6b0c1c941486

SHA256
2600ed48fffa42ed1f205252432821487805cff770e467da8fc91c4938d8ff9d

SHA512
bf8f6c28c8c6cca4767067625515e0517f73a0dab8c6e12fc81f00b5b3ca02b53a9431aec9fb37a037da533009d61966160c531f200ff8d57fce7170ffe4d712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
622B

MD5
f381f534800a6b0d8e0438959af69737

SHA1
cfc09e2e5934d847c2e564cb0b667c9d8551aaa8

SHA256
f57d0d866da0a4b89118dceca2ead2710b5383f9fbfc815b8c21c9b010ac3ad9

SHA512
da72565b098a36af773aca51f3e08d409af70f843ef66ffb4f018d29e09dd1e9e3e451d9d967af1f51e4f2987581c03b498cc134ebd8bf31261ceb12618d4bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
879B

MD5
ea5e71e9ecdfd58b261394116c2bb9a6

SHA1
65301bc4b8c35b4c55af55b3fb00013235551097

SHA256
47dd4426c47ada088f819688b8a59321c84eee84fdd736c873fca9ea45a99998

SHA512
8f6d06e724303e5f5655d0ef77206b0f0467c33501e397dd79892d0a6dfbb0fe61de094a8adf8fae00bc0aeec6f7770c71386608822d55091c895316c5259958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75e4733cd6cdc3246efd0fdb6ccb1c57

SHA1
b1aecf2065db29727c4b830d8d936dedac1a4d4f

SHA256
d284bd3a86effde49aec598e527ef1a3ef32f8137d7ce8602bbcc22ad6ef4dc7

SHA512
99a1cba710116f968cc015dc3280413641e011a31c96b1b58e179ad329953a30ead9019666c549ae2f558a205bf399fdf7adf0463ca849bfa4e81bd3cca84cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d12bfe7cadcc638868025a9a35f17e29

SHA1
591c39e16829ecf62c41a6fdda0f7c7abf1406fc

SHA256
e6dd4a3534263bf4b5a7d0c64e0ad39bb40421c08d5a968fe5e3a7b0dd5344a5

SHA512
2f1f1b2c3d15de9de0ce36584f439cb2ca62a6bc73270dd973c2c853a4d93e1108de23bf78d79edac23b4bb9a7a31f133dc20fdebf796f7c85cf00c05f3ab263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
366b05dd04c993abdba47ca0755289cb

SHA1
80a75b7cb3d7e0c8a169d6cd42075cefa06ff0d9

SHA256
754579d1d990a5e6a24f3f4f9719ad06f948f427fc2049d52617c8fa9184e79a

SHA512
79e8f3615129ed92294bf9c002ff93c639cddaed7d1874f0f5b18a2453b678efff54005645cdc524c2dede170e246a43a1bcf92be74dcc639eeb06913379b7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5538b1f601deb0cc71f0189dd5d603be

SHA1
f7b1d29f6e06b5187bd1c1210e0987c0a7263fea

SHA256
21e01ae7bc6877d857b726a3447753d4c2655f4115a0f18f5a03e906d36f98db

SHA512
c3162a7742692f64bb1ae7e4eb74a6163f93d780edb4644197d5430a7e9e55219089a4f35e2430ed800673aacf4e9a32fac33fd4d1b56d83fb58fa76e7123962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
6e1b81a5a5a94df213f025674474ff2b

SHA1
fdd286ada3982ec68545bfbe4a7559b19831782d

SHA256
ccb7e45da63a83578aace89ca85a4c325e241762030b685c8a9073f63ecd723b

SHA512
fd73cacc7127ac305363d736229df3cc662543627688b69e1c6457ee3571b4e953c5529d4ddbecf80840f3ac3916b5f3e858b472d8bdbac705c545bc0a0c7231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5f650c.TMP

Filesize
707B

MD5
09b20d2c7b40c4e547b6fe84f769ec46

SHA1
115a6fcd131d81b12739c5618934b360b33ad73b

SHA256
f321b4711c0ad10f98d297fc775c6de07cb9b292643f0c7d5239462fead5c244

SHA512
8d2a315572ddff609cba0b5fd79ad7674efb26e7ac740733e9b6e4ad2ba276b2254d58e880ef5b865100f35792969cf7ba947dd02ae6d5c9ba78be5909bc5464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7438fc189f34ac15232905641a2bd0df

SHA1
7f226a064a916eb4611da3117d36fb2a31397774

SHA256
9c5406e6f639fb736331330b0263daf79ceed4b41ce3adc78e77cd025c322d71

SHA512
28961ccd84f0685dd5ee56b46a1e02c647d6503a8181f5d36e311aec0a71852f94319cb18a9768ea827f2839cebf850541b96de1414ce5fc785fbbb76a6aaef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f05c58ebff1b85d89e26ab3138799878

SHA1
e530ca3b7279a0b508b6c83021b056167677f45c

SHA256
5499b7c09ecbd47879d084a024d8199056dc141dac4f4e6ec03965890571383a

SHA512
8ebc8e679dd19a65fbeb2ae35bbbbae1e445c6d3ab93151603063fe0486d7546f568a046ac0fe329658d6c2c6d0fbf218d9305bace6a44eb61f8f1463d59daaf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit