hxxps://www[.]salainenihastus[.]com/landing109?cat=milf&pi=1001&pt1=pt39f8d50b4e5f4d1aaaa5db57a43e48e2&pe=l38940

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.salainenihastus.com/landing109?cat=milf&pi=1001&pt1=pt39f8d50b4e5f4d1aaaa5db57a43e48e2&pe=l38940

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1856	msedge.exe
1856	msedge.exe
1600	msedge.exe
1600	msedge.exe
1280	identity_helper.exe
1280	identity_helper.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2648	1600	msedge.exe	88
PID 1600 wrote to memory of 2648	1600	msedge.exe	88
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1096	1600	msedge.exe	89
PID 1600 wrote to memory of 1856	1600	msedge.exe	90
PID 1600 wrote to memory of 1856	1600	msedge.exe	90
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91
PID 1600 wrote to memory of 3788	1600	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.salainenihastus.com/landing109?cat=milf&pi=1001&pt1=pt39f8d50b4e5f4d1aaaa5db57a43e48e2&pe=l38940
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b9246f8,0x7ffc3b924708,0x7ffc3b924718
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12742619033916698677,14580975932137892649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1024KB

MD5
f75fbfcdc595d9b03dbcd07a7caece30

SHA1
2e6c46a7a8e3dfea423ce0c1842f73e3616fbf8a

SHA256
a4a91d2ec65fd2061b24ca457d6875410062045acf7c62df9a9e1ad6bece9500

SHA512
d54181b6f395adcec5eacdbdef33071ca2c0db3e87fed2396ec46f5feb9361becce25a51f55914b6347c64eee9e68263eeede7768f00fda4ac258bd700584353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
0f0cfbdaad52af3244f8f0269a9ea274

SHA1
ddde03afc4e5c24b7ee4158ac8d3f384ee84a825

SHA256
f1c6b1d80c495e377780e85a8a53e55512c96815807865b0c1bb4033fc149b01

SHA512
d3555251bc32a88de5c86f0d4bfb163f7c1efd50fc42821634c1fd9fb4c8ffc7e819101dfc944a27c9b41431f6dcbf8fcca3d73ae87eb2c872debc2531113274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c46d777e5d079b4e0ed82c46d2d95579

SHA1
256aed59946cd9ce952d83ce7efa6171724a9b68

SHA256
c37c88107687d4a4626c30446d4eca442bc1098feb48d89919851d7ab055b1ef

SHA512
8f168923ed3b5dfba37427983e6e10dfaf583b783d0086c60361a449576fd68559308ca321b9d6ac35bca4fa1ec6a249083977923627b2f4ad594bad834e8f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a912e71574770a145c018225a550bd38

SHA1
3644e56545e566f44462abb863605ccc174f1a5e

SHA256
5e2112446536bd615ad5d8ac17a90e4e01dff76cba3faefdbfdf1956fa99b1c9

SHA512
0b9a29e0ca6e2acea0395126a9d0b3b5d6eca0c4e4a910b51f201135018c83a4bf13813617bfcfd35a9962db3e3bde6011d62f3b0c70d212c1024f4d163fac0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
711a0e9bf0bb6dcf85ff8bf1b33203b7

SHA1
16bc14acb41ed19a3ae45e02a38088f3406893a3

SHA256
e100aa4eda0b441130b70b832c73c8d707a1b6e06c8a7d4576dd0680729ba53e

SHA512
95c78b020b8c1b349670ab9ce1ddb5a928f0cfaa266637515d2c1643b445c8f9540e4feac125b42343680ed707ec551b418ca9d45fa31bf50238efdac70928b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea63bedf-4c2a-416b-9e12-f103d154382b.tmp

Filesize
7KB

MD5
a02edd3b8cd3894e37623ae9e19fad64

SHA1
bac162af6d31e9c819c8ce3d115e48f5b222002f

SHA256
c9d76b26335f63b20684f150a696dd38e724b534b5e2c1239b746dfc8693439b

SHA512
9af4d832d3e672797c2ad973cdb004217d8191514713e9526caba3380188104d0b339029d9900c6f842ea4ecf47ba2c754f6081ed07fa5638d53670c9af60809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
caa208534646fb0a2585ab3e24af77d9

SHA1
8d0c95e934b8c3c6f85315da3acab8146fed1018

SHA256
6a315a59bb62f90e69c07baa4f531ce3db617b5181412d3448c81a74ebd1177c

SHA512
9f62a8cc3a694ffa091b59a4f03f4d124c42d47cc614c529062f2b51d301c32968446072e4612d428433cab8939ef24b17b66aace240f74e0e8566561d4576f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit