hxxps://docs[.]google[.]com/forms/d/1f2GvcsTQeu4zYe8rDhyQOn8oa--BlCmvRGhXdPUbBmk/edit

Analysis

max time kernel
258s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/forms/d/1f2GvcsTQeu4zYe8rDhyQOn8oa--BlCmvRGhXdPUbBmk/edit

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
4396	msedge.exe
4396	msedge.exe
2296	identity_helper.exe
2296	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 2044	4396	msedge.exe	87
PID 4396 wrote to memory of 2044	4396	msedge.exe	87
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 2132	4396	msedge.exe	90
PID 4396 wrote to memory of 1624	4396	msedge.exe	89
PID 4396 wrote to memory of 1624	4396	msedge.exe	89
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91
PID 4396 wrote to memory of 728	4396	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/forms/d/1f2GvcsTQeu4zYe8rDhyQOn8oa--BlCmvRGhXdPUbBmk/edit
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c04846f8,0x7ff9c0484708,0x7ff9c0484718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,388580162437120777,13306485511039245371,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
14bc3dcc5878c4fb36c014108d39e9c3

SHA1
568be53be92b021e221978a9145b1caffd833ce4

SHA256
c8d20077f7d9ce11a825501529a35f6f8f349fa08156bc689f13b039c167fa86

SHA512
0269a4a52cf7f8af59a7ad1cf35d33477bc60b7a4a6b5f09497e59be0ca17960505de60dad2f05016af4de5c14965f38f600e8a2850341f6774c0e84f0036bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
affd62871f72d7fca6edbd704ba7eeca

SHA1
aaa449afd10cea865a35049f2073d0afb4239cfe

SHA256
549f6991d862e2e62203103f37bd91c5f5e9eab12851b503f2453419b4744d3b

SHA512
20fadea678d0c1ccb6e7041e5f60bc778b82c9db87daafff38d7d5d11ea84c589695111a895251ad71694ffd752d900d1a29f81312f94ac1a86241c8eea78852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1404d59f8ab2aade2372511817004f1c

SHA1
b92fcabd2c502f99027cd94afbd99611913ad793

SHA256
0cfb785b2be73a09582cd7b68a9530cf18d493ca4445cb499dee3087b0c1510a

SHA512
235f2097e474a1ae8cffd174226ee43d14637acec8f987e60281568d6ae74b3e3a5c68535fa53720afc39e474c1073fc1ff1fa52742775c30484ebf93852025d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ef1b4fc35b1f15b35c607649e868b9b

SHA1
651a74fc65691a08fc246c0f6f164f36dbfdd7db

SHA256
bc4c94e004eb06331cadbee00ee29793e60e185418a152d4988fc7a2617a5a69

SHA512
dc6a2018eb903c18f7ecc17b167b19db80898e39e7bbc573514d6262cfe7a576c476e037e7dabee7999d5fa2f8942f0aff187c3d9cee73672a5bb5944b1e8f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fde5403d27a981afe386e93950b4fbc0

SHA1
4bc48b228fa10ec76543c1b964ee030d0d457b19

SHA256
5b02133e2316e13d63bd9e125209144ebb44f21c96c242b5f2b97b3314380c4d

SHA512
907b2e38815166086eb1ed6b7ccf862792ff4dbec5c4370d373c25d4e93b2c61212878ca3266de7dde46a711c587e869f3ec75572d2500f6dc5c2a4707f8e8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcd6869db76dab14b7d98d9d90c222ea

SHA1
760f4be3cce534db3f117bef8e339609d8ed1c8e

SHA256
95b283f8ad1e60fd7798adf00032a5696a7c14b6ff885b8f38ed431507860b2b

SHA512
5d7b4fb5a8a8833ad642d609487e27d1b4eb70597ca9bbbeb9799507e6accd460c67b034a498d9224bd8ae4f0d24f681f455964dded9ef07423b77f6553cd217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91a5f8b570c4c5ef9d6a07a4d0f5c336

SHA1
a254b1e3df6c9a0a5b25781cd32963ec11fc4677

SHA256
d2bff0400f9b889246726e172af785e62819113441ac6fdd40e9cdab2a8ec464

SHA512
6815c92363ab2a4cd43309799a11f0ebead11ceefc708331281503792d2d73927cda08cb7a1c3c66d105ae22aed9048297e5c25063a3cb8a790e62bcc9583b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e34fab6e27e98ae3d97745a8fbc290d

SHA1
c513ece2e25bc314b92f97830cc92d2b35854225

SHA256
52daa571f221fd2591166f3c917344b57f4bd0f91b199a88dbe1e7e31f371aef

SHA512
7208ec5413ef89aaedbe6fc4eed467d9feced8616ea8987448ba868df6f70fb3d1b9b364e9f8280cd8440d50b82b983487dd31330bb2fa29aba730e7a1875f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a79b58835a02f0ae4a5dce8568c2a66b

SHA1
76dc2df4425e9e72a5c1fbc9e8c44feaf237ee5d

SHA256
5a38bbdd2d25f112607ad1bba003dfd635b1e6619fa35e8d684324445587e097

SHA512
cb86782c340e0390f1dd0da61ba2d909353e76766054e6cf9dbcd385bfc48eba7500a5e32abec76cbd9dcca7c2911bbfd7f6ae867097832d4d47608ba6a1515a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8e8da66a2151667fece18fd0fa1862c

SHA1
afc861d2856189d3dc67428e71b8b4b241714c74

SHA256
c216ae02fad0fbf31e1fd0670de1b0fdbf9257722e349d8e4945d3a406d97f2f

SHA512
917164f7c0fdd0e6cd951d7d8250268c1302871167ab4bcbc7f37fb1b11c4629219a22d854d4e988e724f873f28123ca4466ce96070be0f226b381e86deeea18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d0cadce8339f0e8b3dccfa6579860b4a

SHA1
e69a60b03c5998db9c9ee4e6c8a38e9bc503ef52

SHA256
6856d1c7d8cfe1ef215ffb3e93dc950fcd6c7ad535518fad7d0f1a5a0d8e256a

SHA512
8159f393c639523a74bd059ab814c5e2093942028546fa55e2f9b6b3fcdef86a1fe3f777f1862eef947ba89e14b880a07e3bcafa34e6eeea46264862ba882901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0bce3a1e8976fb1b84bb4e8754de54ca

SHA1
0e75703dff116d62eca5c534fcbbf4b1ec847f07

SHA256
f6e1b1ec462fd202f2785fe4f5090726c4e3f2ddb7ca001fd2cbc71d2dd196b1

SHA512
a797478d26bcc4255358d75615c3e63db240212d72b88c635a7bde575316d232e4d6300df43dc094aab736390649d13338c364e1d1d6cf13bd4a7368f73f50b6

Download Submit