hxxp://apps-mykasih20[.]my[.]id/rx9/

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 05:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://apps-mykasih20.my.id/rx9/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
2468	msedge.exe
2468	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2440	2468	msedge.exe	84
PID 2468 wrote to memory of 2440	2468	msedge.exe	84
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 4340	2468	msedge.exe	85
PID 2468 wrote to memory of 1280	2468	msedge.exe	86
PID 2468 wrote to memory of 1280	2468	msedge.exe	86
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87
PID 2468 wrote to memory of 1696	2468	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://apps-mykasih20.my.id/rx9/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3fb46f8,0x7ffba3fb4708,0x7ffba3fb4718
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1561501859354591572,2594670796116482046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
713d8bf4bc367a9cce7fd4143975b751

SHA1
c98962aa787d0e386c3605aabfc235e56e46cb0e

SHA256
41866ef5907ac7e5af5c2f3431bedad57cca64acaa3a0ea5b58cb7be64cf3955

SHA512
65de7d61be3752964fcfa6cd6ea45914f5f4aa2a65159c38d90500722d6189623c5f58c5966ce0c1b7cf699b26ad7805e7ab34cf08cb3b61d9c49e0dfe29b3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
594B

MD5
3bbf48324c0423d2ec3035a17ddbb815

SHA1
863567c052fa04c6266971d2376e95c37e22c799

SHA256
ea894b78965b38656d1481b22d20689137639540ba33b1d95639da53ff8eaba3

SHA512
d690b0aac9aa09b19f9e75c8911e8cdaa6048b61663ed7b1517fb51767cf4f02c2e9ef112ceb3eaf87bd5294f97b1270b480fb8cd0973d0c059e199e507813c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e4d9bd6eb2e1aff741fde779b7ea4bdd

SHA1
e3b9f63633177c764167946755df0ece35d469ea

SHA256
821fcc1635a516d2b3375240f69c38d3a19f723550d080fb20e6bacb2e256ccd

SHA512
c471f5403a6aaab670b5e242b0ae7c1691c9c4684b556b4156438076be2fc316eb6fcf64de36feb767c322eff1dac01d551631ad6a45f9aee4dfdc4fcc54a859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b9745103805c2686000bec43a3e2af7

SHA1
70fa7b86d688bdcd677df25ee052ee1d02de3a2e

SHA256
a25ff3b1c4f68469ec015f0684f66348a6194aba32f79df0b0b8bbb6c7d33b66

SHA512
739e161feac4a8b317404bbf2f2d320b4e6808c907ea7431b815923b913e0435ba64825c5367645152b6c72ee93604b89a85b26e6e3f675e987dcced4ea4ba83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
458bdd66b6ac419b33cb2d5a246f873e

SHA1
a4f56a6ca8abdc8ad3ee3c8ad41edf10d7d2cc8c

SHA256
c4b60f0725bbf98f3f306e48db20d83f9c293ffb48b17498c14227865d4644fc

SHA512
71d18792892d1179595587e20d452284a3645b6019e1203ae8e01faaeb2989e8adb82ef085af7b21106090692afc8940afc53cff6d7e2b88922f8176386e5a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96188d58b87902bbad03d39f6530f92b

SHA1
d9c5ea284626fb02e11faac485d34182a69f948c

SHA256
d0188a7df50ade948096d98efa733299778c0f9265bf0cefcf4742e44b994366

SHA512
043b73b403514165ce765bd224a6886c7a909dbd66a02d704a563a78230bd5648b7c29874230a99fb875d17201136b2e643232dfeb32e4050577db963f4e8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af927780e32046e70b0b20e40bcb9905

SHA1
8843c71f0bf999c6c0bd029a1e37fe8a39768fe4

SHA256
a9dcd4900d64d757b5c3c4599ae17544df0dbf22410588f13bf3d68bd27e3e47

SHA512
95e973da2c37d0064259162874786dcd31580df2c49dfb61c7105b0cd34f2bab82364aafeb055e95fb419ae4249405e0cbd0511aa7eae3e7b37514cbdf246dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa4817454f16cbe4f7412659ba07b80d

SHA1
1eb73404a6b38245acce508ecf43f06b48cedf95

SHA256
ff513b52053b5b022deb32bd3f6e27929345d780f923283f4795d60e1880d8e5

SHA512
932b90550d94d3de6532d91ccb0944ad483c3a4b827c4285ea10ff8c92fd7c886fd16b4a0a4a9371c80cda757a14c8cb12d85b096bc6ef1c1453035d91fbee6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7adceb4-615f-44ae-8123-bfe0bd0cab0f.tmp

Filesize
5KB

MD5
f171944473b68d670d86bf7422dffce4

SHA1
ab289773278ec0ce003b8fe5163b70edd01fca10

SHA256
40307f2b81437d5c9b8e9294f78498aa1a5cf5172772724704870633d3a764db

SHA512
96d93c7523dc0bd2392395b537e535399763be72abb49452efcb6aa648fe786e01e36895efa5cf2e849f31bcafda821ee750107d6775e3f41805947e1bca9d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
429dbda8ee7eb063245dcfac918434c3

SHA1
965370b62231842e6b84cbeb797e50d6ba279e23

SHA256
677bf9b6ef961e12f5b315f097b95e970c00204aa58b232e645b44daf8a01e1d

SHA512
a77600ead7642003c6706ac1d2611a76c38bf8906419ac807568ea6b5bb90fbb68192c5f9e4d0278f47be0dfdd6e2b278046cab18f9c49bf2dcc3ef7948ea1d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit