hxxps://hurlurl[.]com/wXNIl

Analysis

max time kernel
20s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hurlurl.com/wXNIl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1424 msedge.exe
1424 msedge.exe
4844 msedge.exe
4844 msedge.exe
932 identity_helper.exe
932 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4844 msedge.exe
4844 msedge.exe
4844 msedge.exe
4844 msedge.exe
4844 msedge.exe
4844 msedge.exe
4844 msedge.exe

pid	process
1424	msedge.exe
1424	msedge.exe
4844	msedge.exe
4844	msedge.exe
932	identity_helper.exe
932	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4844 wrote to memory of 4392	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 4392	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3876	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 1424	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 1424	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe
PID 4844 wrote to memory of 3352	4844	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hurlurl.com/wXNIl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8077746f8,0x7ff807774708,0x7ff807774718
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
2⤵
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,4177596039137557727,4926784577486059974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
2⤵
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
5623afa4c7996efa0d48ef51d668f5f9

SHA1
da3b98df37d056c4634cd28429a17c12b55ff4e8

SHA256
fb56f765401b16f6cd13b70f3df5a360ab09f4ebaee796b37bd6d809573ea994

SHA512
74539cabd6ad00fd98c6bcec09cc779f478f5e9fae20a256306cbd2b0930b869216f9689b2aa5463cc374d7a755943ffe19b8b1a81f692cbc284ef6e2f27c0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
5ff960e761baa2a43f4b0ce414f12d77

SHA1
392581ce555ee477eabbbca31788939777674f22

SHA256
d0ef1c31af0572bdc49b1b32117ed863c73eb2a986b0ee6556f38bea35188152

SHA512
0cf1459a2edbe14757d5a16f248799963e056b27722004057d7cdf0264e692bca33c8a53ed9916ebbbed4234e175cadce943e7688152d5de781e39e3dd3b20c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
4ea564aa12c118f4537fc54be948a8f3

SHA1
d1d56c77376c2feaf6df584e429dbc40ecf1ddb5

SHA256
eaa082ba9739c2c25dd0c1c2d0061e86551d190e5b7d0d41e84f239f74262c86

SHA512
e356eb07033e949ee711d50b21203609d7b5e99530005940cb274b418e101cbf9431e0594e06c5ad762b3053cd243cc4e91869824e3f34aa9a8ed7873d32bb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
a17e290ebe714d61ace77cb20537e3a8

SHA1
b428a31b506c6b36612baaf0144288afbf0b16c6

SHA256
e3eb84abd65e4e9aa292258864b5ca5ccd42fa1707edcfc31414ef62366ffdee

SHA512
79eec2474deb6e12e1e44a8c3ecdf787fd8c3df4ae2119317ab39709fdd44bb6c4969e0bc27d01d80538e6abd1bb5ea94b8b2e09eef6b0d9187e8df0edc24864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
786B

MD5
6005b9ab6406b9b1e02e90a3059b588d

SHA1
594f56709e9bacf127df83fabe9f4deb431406b3

SHA256
ccb804d6ff707077ccee6ed437247f7843fa7e7512f42bf0004b6a9fd140c25c

SHA512
2ae0da619d4f74b3d5df7f5d8eb3af1338b77e56d8c475610c3dc81dd5b527d3e8ebccfabdac074c12ab1392bbec4b9e48608234228fcb71a6cabc4b79cd75c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8f0cd2b6092cd717014c744eefe0a710

SHA1
eb7e1a52df568e7672bbd1333c37a297e37dfaed

SHA256
6b1ca039740c38538f7dff69e317b1e80ac33f95e253cbf5e3f888508561813f

SHA512
8b8e68a8e4ec3bf4839d6c82c56e18e88e6387327373f0e90b5bccbd281b064de1a28a8e72767c6191383743dd4ca67282fb0db74a4054510373540fc263b863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
00d3ba44a0a1e9a51899db24b235a3d9

SHA1
2bd36179446e816c3690756c823af510afb8d953

SHA256
61581c36da5bd3a3e6a73add3aac1de89af497329d45440d0643244939a68735

SHA512
6a39355427bd03dcc29bc49212b5c8e8282906c1194b65ee97471ab169fc8d765f082c6d48a0435c617b99e852b02b11de89580a10e3689cb79b909c23f116e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c9eb53c8b7e61524dca6ff0646df1541

SHA1
822eba6ef80826f27ec4803f091dffa76aca37b1

SHA256
69ac15dd60547111152e7ee21cee7f854fdd558ea8cc356fe3f5643794833074

SHA512
153f29701624a87af957c4f7c542a35b5c6107e73dbaa8b4499a353ec7bae19607b6476bd7c03403ca4a41d91647c0b8e5278d7152127b2b8e6fde3779a35e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
506986003601a893159e0e04cad1486b

SHA1
363fbed66b9082a87d6926cf8848037fde1aa771

SHA256
a05e92512ce3969c294e6527290e785db3fab09d44e0cc09ac6c6439a7ffbd33

SHA512
88106bdc8a3670bad432054ae11e7567c322a4dd0d35c8a715b8acf0be07216f2d5332c6bd35271c86ae01e95576636ae83d89516f54a16e14fbae80869473f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e1f6d43615f5cf830b92f47848e1ba3c

SHA1
d22407ad36a378435b19bca9e4ef9a4a3a3667cb

SHA256
7c299c99339e9072514a20ecedecf15681310ebe3024d7e058ca7fe7fe7f45c5

SHA512
dded7081851c8908e688a8ca0cb53cd51d407269cfeda956d4218ba3e4bb28384cfab38a86389a7f8cc201b53b14093ee5f8e1b414e41b0e145cbc407772977d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit