hxxp://uti-tech[.]naliblox[.]com/

Analysis

max time kernel
77s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://uti-tech.naliblox.com/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3404	msedge.exe
3404	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 2908	3404	msedge.exe	52
PID 3404 wrote to memory of 2908	3404	msedge.exe	52
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3808	3404	msedge.exe	83
PID 3404 wrote to memory of 3492	3404	msedge.exe	82
PID 3404 wrote to memory of 3492	3404	msedge.exe	82
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81
PID 3404 wrote to memory of 4496	3404	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://uti-tech.naliblox.com/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc68846f8,0x7ffcc6884708,0x7ffcc6884718
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11647356346704462120,13945948817654564221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
4a3d96c8eb3e90ec03bbae3995799536

SHA1
f34db4981ffb8cacce8f3d2da6589879f0f401f6

SHA256
7e4a4bc00ad5c2329c559bd409427a9ae9eca5ef5548c7ad5c673cd95063b3bb

SHA512
c9fb8b3544c89a0c960db70c8fe8bc9a7a7a4fc465ded5d9666800262a51cbb1dbff6f92ce921ecab74e61872aea73689a924f81f3abb0b7ca9aa70cdd7370ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
afa5016f3864a2c77b9b2cc5c58eecb2

SHA1
a9fd82b5d5520ff81bd6c8be2701d99f7f64fb2b

SHA256
a5e89f88b8f2108de0714f481653660789a92508a143588d8c9bfc85d048e053

SHA512
24ccda9b119ec5f468575533a90e0b9b60fa00a8d5edfa7372b3040052c9324db8166c8797a0d1908697444d901bf93054be4ecd669b9e017949b6ae8bc42403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea79a893118e77c4272f6ba4f3fa5ed9

SHA1
762785e8299b11cd104fdc9d9dd3802846082ffc

SHA256
fb7d36a308225d538363a0fcfaa048fc3a2b63b85ae17100b1b0621e3512d7a6

SHA512
8a44e36df6606af0fa18c9754991ac586898f244292d3742f650bfdf06ce12fbf2a5d2064390fb3c1135b394277b5dab3d56287324764b6f233022f8d7732de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92424a2bfbc658773deb64977c1f1b1e

SHA1
d7ee6ec96044d85f3e7b06dfa959fb26485af323

SHA256
776e224baec4fd145e5053e6631946959fe5548f09f7bf4955f28ed2c06b9ef2

SHA512
1a0f16648636d9a3a972ec13fb57a94b2e25894d8cfbec6edd9632843385d1f5df4085316a828b66ccb53c9534567da848a46e8bb035c9faead65eb66abcc845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
921f4e3c9c542da403d0948bfd22597c

SHA1
ff2efd6a01b8595d5a9aab8d26456107d26e90d9

SHA256
cf983d844cf5f521d1a753afc11c070ab0b4f73e35f867ca383d61146360c16d

SHA512
96fe8928f4f593b958e73c02ae90402c57e7c169a3350deed0995172fcc5a7387a21a1be1eaba842befb3d5d34ce8f451fb7a4a58816f7bc097471a03ea6d0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
175f9df3991e30b2ee84b592985ba60f

SHA1
0db559c42baa19bc91e9ac849ad03635a67eab1a

SHA256
e098660ae093c35217692ee18508696eb948637a14f0099a4ff37d4a9d17a3a7

SHA512
e860637a5db7ec6202ee7f5d554b54eac8f98018263938cd3f04d67cb5a4defd0c0fc11286d45248f708a4f85c652065a1de5ec99da500bab5cccc1a224975a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d731.TMP

Filesize
872B

MD5
21c64162685454ae92e78b4021393139

SHA1
e84968a05929c55e730ee90545e5840385f95c17

SHA256
3621d4d5ac31459cdf4949d5426987cb3c0ef5100329cf9ce0391fa7cf0cc33e

SHA512
5360390393fee8cf6c7132363ccb167f0138dc24ab26e65942802e61e1b2d397ed135b1af5374cacaa3f207c7625aa41d3d864eea2898fa0b4565c35c0ae3dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e8ab05db-330c-481a-a69b-953adfaa176e.tmp

Filesize
5KB

MD5
9e8420c98ec23a215975a892008677f6

SHA1
5d5f89fb911e6d8906b575ebba2034660c8252d0

SHA256
606e943b79241bb529cc4969b8d50f1e05555023420f10ed113b15db38789f9f

SHA512
c178d2b585e9b8a42165e9f4f8b371705331eadbda1541de33f92d563391e6c159692aa2365d26be6d10726eb7bfd4ea1f0e6234995dbfc235fb9759ec80076b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c75c2023649e2c22edc99edfaaa57b3a

SHA1
dc0d1631fbd9b709dfb935f48d493b1f9b66f162

SHA256
07ab5f7f9e7e15a23c5084d27f60d11b76d0d24fbb1580c1685e99df68d79cc2

SHA512
41d2bda2dd4a930f663393dfa14727bd2b3afdd7987fb4526eceb80933715e378ff0f29a5417e5a6162f8a3827838dc436f8c46f64f26961cc6b967f4746eeef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
098d6ebc2273505960cbaf0ac599d51c

SHA1
78794f277ea84108abf4c67682d55227363b56fa

SHA256
df1238d7c734becb46a0afd31416994bdaac33ac9108e32ae6a2d59ce4184384

SHA512
bc08313360fd2b1e1db0f693d6e974c65eed6fcd06f5f217d0af573e0b781adbccbe2248d62f592f2ad57ddd46f62eeb5c5cdf351e37f21dfabd0825bd04d199

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit