hxxps://dzbush944b[.]storage[.]googleapis[.]com/dzbush944b-u#un/66751_md/9/77260/575/11956/2117328

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 16:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://dzbush944b.storage.googleapis.com/dzbush944b-u#un/66751_md/9/77260/575/11956/2117328

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
4324	msedge.exe
4324	msedge.exe
3244	identity_helper.exe
3244	identity_helper.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 3236	4324	msedge.exe	84
PID 4324 wrote to memory of 3236	4324	msedge.exe	84
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 2344	4324	msedge.exe	89
PID 4324 wrote to memory of 3576	4324	msedge.exe	90
PID 4324 wrote to memory of 3576	4324	msedge.exe	90
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91
PID 4324 wrote to memory of 4444	4324	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dzbush944b.storage.googleapis.com/dzbush944b-u#un/66751_md/9/77260/575/11956/2117328
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc960046f8,0x7ffc96004708,0x7ffc96004718
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16306194247856817824,2498470390096883924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
edbd6ad435fdf6bbf77fc9035c851fb9

SHA1
df497102dcc965d17a412a202cd848da8484e818

SHA256
5426aadc6d4a005cb8d0bcafcaae018c15617b53659f0b37f4329a9264b25bc8

SHA512
64d5c9bc38f7ef316f3643a212a0320a68fa1be97872b23bb5fe100c7757d30a08ff6f8481253e275b116c08ba57a5423ba1890978ccb21589037114b574136d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c39675925c282be7d126236a517c5b91

SHA1
36da0f3680acd76572fad0aa4511bc2e97059396

SHA256
843b6e8d39394dfbf446b3bd705bb7d545e3185a535a0f9f95d77d568146f77e

SHA512
9f2970a9afa39bc09165c77faf166a8452df56d2ca5deb4393a1166be56bffca4b9b7ffe94417c2ac472bea74b4f6b91b2881f1b2884a63cd7b8604cb9c69100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f90ebdfe2fc30ca2e3de246a833b12d0

SHA1
112d4ffa849dbf319eb79b7179ca7dea16429949

SHA256
25d6c1bc42f790e145d8980315db97ca92c4457f23f6d8456d288937469e6462

SHA512
698a2d667fe247e1b6d88730519a56696429b477e052712310283fdd2c37ae95590770c901b7a6c114c9d670bd9554a36a0dbacf494890ded59e619fa243ba12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea6242350a0c2cb34cf63cca5db74f8b

SHA1
4c2f6aede6f2539038149889bc812cec9a52ef75

SHA256
3e4db4a4d3ac29a0e66fc73589e4154c36ba523bef2d0fcaa6b533c1a0dbc341

SHA512
d7c79c0c79dc6e1285348198380c96e04b962147151e10da364b2139e11ccddccbc8bb370e83854f869eb78b1837a9e2e054955f7eed70ef131a07e09e07971b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90df086121eb7e690b4aeeed22beff94

SHA1
1c6f79ef088521a687cf32bdc1639d1c5b06c94e

SHA256
a167069959086ba1144373c85de609bde8fe7eb933dadfcce81b3c3d74170681

SHA512
e00cad4a15687e50d0f8a5b270928ac6794406a45302d7d49878db58fd851d6f352cc5684e793550d773f6bf7147c88bc7ba16185cca6b2a1ab8272075939890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4be2f82cb3a56f0d996bcf7bf5bee78b

SHA1
18cf529d2ab1988b4b5cb51295c0c8183d976d76

SHA256
6692740006a3645ffec395a8fedc5e9d06cc7437fd48c204682677a1dd686dcc

SHA512
67d79290cee840497f67c3b5a349b9e2711602ee6fcf541c9cd87cac98e8724b7f501d70fa0fde420c88b3360eab0c97e95072001ea9ae6f04857b1316344acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
cd9471077ececbfb11d4d69e3029689c

SHA1
ad9cb7c71d517a98549db5a00901a9617659a9d7

SHA256
52680ce81232d71990a82065bb489be7dc22c536f7c243adcbbd97e8a83aab69

SHA512
a821428e565ff25a00f95cd14522e5951c7fa3b54b7c449ef7957f539d6fc824421f1ee6244774adc83714a31014a0042f4e89fc3278994b1ce0c06abf84f402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6981c40938292e630055aaea87051dc8

SHA1
3a9e3f6449bf7a8b12c225370ded76050cb66f74

SHA256
3cbea485f9db9f76b117cc503f57ce77b9b24c22345562fac80845280e286e5f

SHA512
3decd4935dc02da82c441b3cf1313ebbe687c49ba2c815a2a6433d4a097ba72ea14777dad814a77ca1c9bd7231f10c98b42e204d00cae2f59cad679d0bd742d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb2cfcc2696f5cbea1c20795cdd87b62

SHA1
f9f0aaf85f77f9628a99936142f8441ebcda1e68

SHA256
52d69346ee3dd14c4d6131571822b4ba4cfd4ca14535d0e9ba60616b4ad179de

SHA512
d8808f091d04e35cf0c02a3b3bc101f1220c4a83688506a56ef3f5bffdd7fb188d622450ee063fda733cb1eb9dda4d8d771a4b16ffd1fbedc7b720a8e4883638

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit