hxxps://marketing-40[.]ovh/c2-5a10fc69029a2f031c1d9e2be6d196db-86ba4ff676d647e40ad3cdb655a31d5c965d0e06164e0136aac65f2c27e377e875bbb566c9fb5b061680-754cf77d43a344b4c3eb4e79ff83947b[.]html

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://marketing-40.ovh/c2-5a10fc69029a2f031c1d9e2be6d196db-86ba4ff676d647e40ad3cdb655a31d5c965d0e06164e0136aac65f2c27e377e875bbb566c9fb5b061680-754cf77d43a344b4c3eb4e79ff83947b.html

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
3024	msedge.exe
3024	msedge.exe
212	identity_helper.exe
212	identity_helper.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2180	3024	msedge.exe	84
PID 3024 wrote to memory of 2180	3024	msedge.exe	84
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 4832	3024	msedge.exe	85
PID 3024 wrote to memory of 812	3024	msedge.exe	86
PID 3024 wrote to memory of 812	3024	msedge.exe	86
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87
PID 3024 wrote to memory of 2884	3024	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://marketing-40.ovh/c2-5a10fc69029a2f031c1d9e2be6d196db-86ba4ff676d647e40ad3cdb655a31d5c965d0e06164e0136aac65f2c27e377e875bbb566c9fb5b061680-754cf77d43a344b4c3eb4e79ff83947b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba1446f8,0x7ffeba144708,0x7ffeba144718
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,547288097673806112,13549671090059271383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
5f82de141be5dcb186d41cc0d243cf27

SHA1
d9e7c8467d5cca31a957e30b9e4f7a88a73ae0b5

SHA256
aaea48fd8d00c4222f4edebc672db41eda4a50f4946ef24ec4bb59109757168e

SHA512
7fefca64120cbc7bcbc5565b65c731951ece43ce192495978cb8a93a86a774e1310857f24c8c7a38c17b604f783750b58498dd7eb8bd125cf80314219300d6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
656B

MD5
1bef836c5896d871898f060f60dbc2ef

SHA1
3ce2fa773acd6b1ff46571c5c4f1c6da03f90412

SHA256
b10b4448ca5e995ba589e8b225c42b09cae0df1a5a6d57ee35d38b2e8e95be83

SHA512
9a010f867764fd22f8a697e59fb4f2130c140b3e65dd179ea5b30fd08288f88fc70bdd7eda331d879d97ec6b71c096f28867c9d1bd1eddb9995849de9b834169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a9cf6e1afcae8b4a0c101362ba20ec2

SHA1
6df25e477f22ddc9d26a6f704f19fff844c9b167

SHA256
fc2704ffae88dddf2d0f37a1c3215a645de3761494d494627485832386baa488

SHA512
5ac8e3950fc7b8bb92e747d8355b583a20bbef71cde238ec091839eb355ee97d50fba3d8a80639ad62cbafb0c03d3e8d023fbae8b4874f3445b6a8769b3b0db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
046fd56641d59eba0c0f2cbf3206afa5

SHA1
8ebfdf4e0dcf56b95bcfb6ae57e075334ddf10dd

SHA256
e3f62e8cc753c500aeda9a019ac1b406a096c59c6324216996df5a203bfa0cd5

SHA512
68b55c7e93685acde012dbbe4d9ce43397ae0b237f81d15e190ad05d684858b336624bebd4bdccea2353742c37400d123bf732063e2c224eebed6f0e034a8c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74882e863256e8bd59887e09d3547b69

SHA1
3042f835ee19ad5ad9e52b61ea9299aa62d5edc9

SHA256
e62a1eefcd3c6acd7c5f35907efa7eb0864a344075fdb93bc4094d7f9bffdd8b

SHA512
8deac41a30b11069894eb00f356d5842a65cb46f941ca8c4093bbc8d06976f27807abc3bb464f7b80121d8ce59b78682962d90974eeeec7497334bb613f6f05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09f5fb77bb34d2d5d78d8aa048aa1e6e

SHA1
53c19e286070c2e5d70ef50453d43c6eefc40710

SHA256
bb58a84766909672f239a38bec053a1e0fe17c3d5ace6f3f82525286adbfa31e

SHA512
33a0604ffe76357bd604fc2089ec2c4b2be64adec93c3364d801dfd9cdd47008f929bbd8289d45e96c13152ef6a19cc98c955fee96a1368784e684875c192d6c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit