hxxps://dashboard[.]mailerlite[.]com/forms/666984/103422343384139053/share

Resubmissions

30/10/2023, 03:37

231030-d6vsmsae91 1

30/10/2023, 03:24

231030-dx33nacc83 1

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dashboard.mailerlite.com/forms/666984/103422343384139053/share

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
1148	msedge.exe
1148	msedge.exe
2496	identity_helper.exe
2496	identity_helper.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 4604	1148	msedge.exe	87
PID 1148 wrote to memory of 4604	1148	msedge.exe	87
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2680	1148	msedge.exe	90
PID 1148 wrote to memory of 2108	1148	msedge.exe	91
PID 1148 wrote to memory of 2108	1148	msedge.exe	91
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92
PID 1148 wrote to memory of 3040	1148	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dashboard.mailerlite.com/forms/666984/103422343384139053/share
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3e1f46f8,0x7ffe3e1f4708,0x7ffe3e1f4718
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,2413688176332652223,1820007452074178195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f8910aa0ed901b08d171cdc38d38301f

SHA1
c482dd6781b3accc6fa47156ad76ae43dc7d02e3

SHA256
1c3aecba520627aa619afa4ca64d0854a00f2cc05ec645c93932ffa585d6bc7a

SHA512
35262286a1eb7b7d2f3161df23dc82b062a6e9d9ec2aceb7c454eecc46c8468e53e421c196a17ad3ef54253fd73386a9f3aacb87b94ac37200380acc4ab50425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
344B

MD5
b22e36fdaa596a8a5d9f111e2f46f68f

SHA1
a44bd1edab6e4c79fc56e7004ec2994b6121421c

SHA256
c2955fb7ea24a3a95a9a20f40637b49f9e83bbc71cc3a4b5aff0129c6f0bbae9

SHA512
6cf1d829f937e522f4a01b951f43deb52856d39c761cfc9060e26b409770e011f4c5ad5e7d6b22517edb5f5303f9b9b6ff1943f58cb3418c28b0a9710f040c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e30665a235a6e2b687b3673af9e0fcef

SHA1
65dd71b813803128caebcaf4ed463062bbda3a36

SHA256
bedf6335eda0ef8c3690d9abbed780354491dc188b5e11932520487d9dec9a25

SHA512
ccfdc2e9df2269a5f29134647cb8266e4fd9a99e558514125efda84969b29281eb6896e5d60d70b0c574c41f291c5d560c01ad8ca4cb0f575c97b8a2bca66c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53241530f755bf5c6656d5b3ea8e68de

SHA1
dea531376f8540bb604862ccb818acc3611d2dca

SHA256
c7f2c305b6ab9049ab78a1af9eab26bdacd68fd8fbc23960cbb385f9e055e029

SHA512
7a081a81a3ca81516f75aa4ff9bf4018c468ea69d050a2261886df0a9ea182988d3128098a6c123b401e2465684e2de5b616f157c3d6a3511ddba6cbc0981393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fc3e936299fa85cb3fc725b068ce44e

SHA1
ed508e4090d342ba176fefaf10156879d4bf4881

SHA256
04f50f74a80f2db94e78f1c0b27c9b0cc36a4003ec01276e6ca7aac094561db9

SHA512
f79815ece2dd245109fdb24a2fe31c4c613c2b167f2770caf1f1a665c354dd425b8c7efbe92659f3e6a02434a4ac107c59a3bd0a6fad2758d58dfba476b3bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f928daa39f55b9d58cc5c22f5fd9439

SHA1
8824d7f1bdf457daa2672715ae3a2543642954e7

SHA256
c78eb79f08528f41374de9c488e2ae9d5fadc209af065c41754fbe575ed3cefb

SHA512
d0f791c3fc727d3660d70055821a171cd32d0e30797d0b5c17b8440fab4ebec26eeef64961922886ef548853f6774670e63d6ee260864be264b83008632b1125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
73e910ccb854c8e461f97fdc2744200b

SHA1
ff30a67cdd466b85ab44282429167425f3665e7a

SHA256
1fdd542b7bb7e4c497e31610639f3420e5ab60e1c327452b5520328ce433d8bb

SHA512
3022c2352689895c3f1df040e99b7c3234ed8f6affa450a3cde7eb6b459373e97ac6c6ed9bafd9c9e184966e602bda9ca0b9d347c5dfae7b626da6d6d0613633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584810.TMP

Filesize
537B

MD5
7a48a931ae4bf356bdadf0811eeefc8f

SHA1
35bd2daa23feb289d932668ab9b0b3ab2da98022

SHA256
1a24566dbe3d16284dcb89777b76da2a65d846c4a1cfe7c7915f45cd265b59c0

SHA512
8287c4e2852037c11a5f9c006f43734ec508cc164f62f834acf0294705952a52d1ff535fe255a5ac121ed32d6f4880f57bcca7569f32670d100a2bcd37a5a94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a66e0e5dd2ac1e6feba7ab6b4b423d9f

SHA1
abb3f68a4296b7e60e5bea89f21f5cc85710341b

SHA256
3fc13ec9c5f160355c337702ee43b40fd3085aed39b1733ae49fd16d65aed1e8

SHA512
cd3ab0ddff20f05bc21c3da57eef2620489aa581de6746a3b64dde822a2951737d2b619b8b0d71fb2ecee386d5e2f3246c3658c53f832fb6afcff120e51b2748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60d75d4d88fc9ab73c906e8189120e8b

SHA1
506490d187fd3777b94060d766e8cc526ba7a4a0

SHA256
50c39809d21226bb6c831f50e2e04eccd0c7caf024834886f5c1a8d3b0fe0528

SHA512
ad81689038f0c1f0aff13bea4c24fca2b8b0c3b5b54460fb3dc5d4ad6c721f00f15b982cb276387dc570a591aa7c9fca0acdea71656a26268e797ef462f15193

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit