hxxps://modelgroup-my[.]sharepoint[.]com/[:]o[:]/g/personal/egaalaas_modelgroup_net/EkaNxclQUKxIie-jydDTZmUBErq34KeFQQx5Gd5JaUjo7w?e=5%3axANXq3&at=9

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://modelgroup-my.sharepoint.com/:o:/g/personal/egaalaas_modelgroup_net/EkaNxclQUKxIie-jydDTZmUBErq34KeFQQx5Gd5JaUjo7w?e=5%3axANXq3&at=9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
908	msedge.exe
908	msedge.exe
3904	msedge.exe
3904	msedge.exe
1584	identity_helper.exe
1584	identity_helper.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 4108	3904	msedge.exe	82
PID 3904 wrote to memory of 4108	3904	msedge.exe	82
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 3416	3904	msedge.exe	83
PID 3904 wrote to memory of 908	3904	msedge.exe	84
PID 3904 wrote to memory of 908	3904	msedge.exe	84
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85
PID 3904 wrote to memory of 5056	3904	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://modelgroup-my.sharepoint.com/:o:/g/personal/egaalaas_modelgroup_net/EkaNxclQUKxIie-jydDTZmUBErq34KeFQQx5Gd5JaUjo7w?e=5%3axANXq3&at=9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92ff946f8,0x7ff92ff94708,0x7ff92ff94718
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12913597094835820742,5679963139157834265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
21fdb3697f194140bb3c44d9190bf76d

SHA1
aadd47eea8dd780ea88f5b850e7dbc6a02a57de3

SHA256
f53f7d65884f43ff51d0c6ff145b72244902278609abda87f1ef56217123f48d

SHA512
d5a7e393cb1f5d6ee1ea93aa0d0a0e28e08457908608664de94df4534826e2f74bc2519330533e615750338c785632ec2bedf781e5e2efb5cbd4ed41b560d72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5447560a39d2482c087d79350f4519ae

SHA1
5bfbe9b945403190a796df32d0c00125539a43a6

SHA256
09e51907a7845a521a9cbe7d93ffa54f20304f3b7f6f7c5557203664f10ab44f

SHA512
8fb1c1051d1bd7a12cde22558d473c5391979087d9959069c4d40bf180990942cb8501212a00cc841fe1506b369ff4f6c2480eea23b8a2c23b6b661aa2106c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
362B

MD5
5cec2b503c6b4451e23d8ea2d58f4d70

SHA1
ab977a7319fdb888380efbb1278c0c39d37b3b99

SHA256
b31a9b1a922e5b43286aa619d8a46b9b87ddfb23fc166805ac8034bcec5127e7

SHA512
6c8d2f2e9673507125d314e67dcf4b151bdb7a4d1622eeaf539ef2b850c37996f6c8678d47c37d909623585ccddd00072379a640b4865d7a0a8eb16d7fd5bc9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0776372a6f23e25503db388d428a9e90

SHA1
f202efdc053248f7635a28a58a4a7760a0863225

SHA256
2d069fff60d98585c100db3b61899c2416b2a171a66c1dbf6fda31590d06ba3d

SHA512
89811432cf6394e78ba7117339f59ed1e03c133fd6c4ae83931f9fb4fdcb632747a6e2f61ec4c931350aa3411e2e8adf282fedfa008b530689a0f74c1b71e22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
789e465a64f9e9f5475afb2a0d756734

SHA1
7a50738a207fa0a8cfbe30ed19fe515a79fd94c6

SHA256
ccf844cc00e4357ac91416e17c55b89b30d5e381160ddbf932a5b229cb6cf3c9

SHA512
7bde1b32f10f47f96668b4e5ce6625086d360253e17d8711248b132d0177fecf5566f768d31e279a7b2abd25e29ab6d8812671407da77e6f448d19f32d3732ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1884405aed1691a621a08f43813f31fb

SHA1
eab5b3161f8db3dfb104800dcdd1db564f53a793

SHA256
503123aff9604ec86bb7db5cc15b54698f43a511725cf86baa5106b463343143

SHA512
6f71e0aebea69d66e85fd3783f3d31a256d097b42b8172e6afba6331be2987fbeb48b4dcef3a862b0273909983674374db54455ac798eab06ba68e89cf7caff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e728403f90f3ab7306f46992dbd25efa

SHA1
85575f61a97db45d9d38003f981fd2ae7693ddf8

SHA256
391bccf179f8d54e7ac57d090f42f18ebed13569e8d59c0d3f268ea9b72432c4

SHA512
bb26a1b624c1e7f3c68d25ee13ab7727dd8c8a0b71b4823822ac957d30dd3f915abe20a126d1ee743d9169c0ab50fec70b2122ed4af4bc3bc04cb0edbe241cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585cd1.TMP

Filesize
371B

MD5
0a18018839c9bdde8c422d7862bd1a78

SHA1
319154238fac7cae005394d4bfb455a48de6e496

SHA256
322d3b8a42b841d5e6832eb18d2f1edd4a216f29526de66c4a92144a415d472a

SHA512
a2cdf625f16e6aaa0eb595a64a61ed23afcb9cf6f22654aee95bcc1736ec250a794d1144cfb76da46a5a6a26577fb637fceab8e5324798fa0d24e35f41c3c90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3881ca8f427c0d6c53b55d0ae94a2ee5

SHA1
0c8e94e34addd3b54b3eb52593b83b669c6705c5

SHA256
fb7ec10bc9a04df721aa06c6522006d89bbf3f68565819384d75104258104267

SHA512
0fbee85a23c69583d9a7ae9492ec5f8bc246c3dae55f1f3ea731882d6a55151dc6a075c5aa255336c98692f20f54c5d275ac7fb08122d217e30a5d694905e323

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit