hxxps://indd[.]adobe[.]com/view/68dbd12b-f8cc-40e0-891f-8921252adcfa

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2023 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://indd.adobe.com/view/68dbd12b-f8cc-40e0-891f-8921252adcfa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4796	msedge.exe
4796	msedge.exe
60	identity_helper.exe
60	identity_helper.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 5088	4796	msedge.exe	19
PID 4796 wrote to memory of 5088	4796	msedge.exe	19
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 3936	4796	msedge.exe	86
PID 4796 wrote to memory of 4052	4796	msedge.exe	87
PID 4796 wrote to memory of 4052	4796	msedge.exe	87
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88
PID 4796 wrote to memory of 4208	4796	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://indd.adobe.com/view/68dbd12b-f8cc-40e0-891f-8921252adcfa
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428746f8,0x7ff942874708,0x7ff942874718
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10534091219256542282,1636649488288194003,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95638730ec51abd55794c140ca826c9

SHA1
77c415e2599fbdfe16530c2ab533fd6b193e82ef

SHA256
106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

SHA512
0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
cfc57239b448adeb29d3515661cce528

SHA1
fb0d3cd4f334a0bc33a8ea6ba359473c3cafc47d

SHA256
9133dd635f34c4c25fc18a79c15ac531248dc79c8e08d8f3641e8f994d584423

SHA512
0db6be84dc730c63dbc5df9b6c08633ae5674407fd9c3a417d3489998a60a544dedc1f66ab41d82dce860c242f8008925b6134c9980e4cc2608ce0def9e353dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b4ee7e038b375ffa2bb1d4402be66779

SHA1
af4109f8956da3f3b80095bc0b62182e649d2d30

SHA256
6f3fe8706df059bc7f880edc3d692b019f3079905f49613a2c816eda7a43b333

SHA512
1cc8d6499c5041db580b4a731167128f288b0aa68baa4d92ff4a45ed391b17f5c5bac791a6d46f9abbcdd03e8faa21f3eb57a67dd8cc99a755799fe7bd5c81dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
84358b51dd5b7afa0eca9a13da25f3f2

SHA1
63480d049c8b903ea8e869639e9be3a4d4fccc29

SHA256
5bc33503278d085989ee841c6e7d24e05510289138680cf0cf7383fcffbc9490

SHA512
6ce909ad16dc47b25379574be429e37a4449d9e7fd8777064398334409d1612c5f4724f46a225b7b4be73706f2052dce90ca20a19663ea83a24f0f2e5ac75c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d71b837fd689358300a1c4911d22e50

SHA1
c6088f419146f7be7e6be52132fe2e405339f45a

SHA256
b38559591e609942be207c7dde635790be04991593ec2fde686f7fb2b592de8b

SHA512
8133df060cb6d80f5e4ec080279ff804f4280988d4e031d50807bb6217e503bbff1a94a45fa517c0e4f00c0d175b12d3488d19b81b7ef4fb4c6255a66a24560f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e6ed32adb3d51030d5ac0e67887906d

SHA1
3697aa8302a1ab00f293a7537d50fc3a84875707

SHA256
81583be6d2b82b497e8ec2c59e9a11519bc9b1c57e3777b8c3dcdad07ce9f330

SHA512
f63fedc1a877e64859ec66c2ee62c055bb8f589ffa4dec037bf6ffa4e5087233b89410b1ad33ffbe10f667a8e0f906f9ff50e1eeb99f2ad66bc86d6d5287f303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4a078fb8a7c67594a6c2aa724e2ac684

SHA1
92bc5b49985c8588c60f6f85c50a516fae0332f4

SHA256
c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

SHA512
188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8b7b5d0bf4cd477d9e2850204401b9d

SHA1
01766db6d025b009bf0758d3a8775115bae8b3cf

SHA256
c8fcd86cc39b16974f3b80111451391e893f842fe291c51945b225d66f566c8f

SHA512
dbeddc520a6d3580005519cc6eeb8ab6675d45a77cab5a81e8cd40b4e44f7e31a00741ec10bcff3c769445deb83e8742d3f3e0c57a6bcc96b89754c525ad299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d86e.TMP

Filesize
1KB

MD5
dc3f0fe482bf33b0efea568da8c56c77

SHA1
6b9d77a8469c492b7aa95ee1fa900747a882cd33

SHA256
a7ad47816f4e1c6c1643e3d1ff8aa5d7363495cd8f85ce55ae4fc755348c8df2

SHA512
c6385acc833b800cb88b4ce972eca215bf67be20c91a1243073760613bdf9db5951188485567ec1fa351a0676887b80882eef6255b09dd0fb6c623c41c6e410f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d0fb5c4dd0f6791c0e5c003b33c25b8

SHA1
f78bfcec8109d7138caefc02184cea1037f1e6d7

SHA256
19e0acd0446b2852cbd98c2b864ff24a7043feebebdcca6e00b65537f1c69fb1

SHA512
d22b28f0808a14ea29c2bf3c517321f9f92fb63fb65fb53c531808d9f86098dad9e8a4e1f999b69a3477ae1c5b5bc6525213a6cd25c627137a17f4dceb7f3bb9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit