hxxps://google[.]com/#a2F0cmluLnJlbnRzY2hsZXJAcnRsLmNvbQ==

Resubmissions

18/07/2023, 11:54

230718-n2xrjsaf2w 8

Analysis

max time kernel
73s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/#a2F0cmluLnJlbnRzY2hsZXJAcnRsLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
4448	msedge.exe
4448	msedge.exe
2960	identity_helper.exe
2960	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 3080	4448	msedge.exe	83
PID 4448 wrote to memory of 3080	4448	msedge.exe	83
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 4112	4448	msedge.exe	84
PID 4448 wrote to memory of 3208	4448	msedge.exe	85
PID 4448 wrote to memory of 3208	4448	msedge.exe	85
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87
PID 4448 wrote to memory of 3252	4448	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com/#a2F0cmluLnJlbnRzY2hsZXJAcnRsLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2a4b46f8,0x7ffa2a4b4708,0x7ffa2a4b4718
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17837320947548011049,6662848598479207671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8151f376-9939-43d5-a335-5ee33b0117ec.tmp

Filesize
2KB

MD5
1c99d3731fed3c8b09382d8cdb193eb3

SHA1
303d00cf665e0fe712a94bcaf5024464e18915a0

SHA256
29d51acbcedf4828090b5f25a3765e502bd167aa649a08b4a8f4459cf93b0976

SHA512
6f53d3abb79837030a8792027c19dfdddaba47512417ed6244179902a609c1021a786a35907190fc142a3601141223ebcb7cbc98e8b7ca651744473c2ca5ad41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7519f23f7d89a1d2efccd6fc75595d2d

SHA1
b377023964f01b1aaf1c83945a419ae9f2f8eb5f

SHA256
cc526b5c7cdd916103c0f09762bdbc84680021743d31d80ca97697e7d168ceb8

SHA512
eb9db52a0eb8e424518a1af4948db47a812ed68a82728952df44150a9ae1af6656743fd98f41af0bd70729b9c42e1b8d0162623f16e3f944512eae934e4f1708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
28426d0ee4e106506d4911ad5203e46a

SHA1
b584aa7c504b98cb5eb4226236a5a8cf7fca715b

SHA256
b1f890ec93dfb1c94bf7cc9a03e38695b57503f408f789b3cef65c8324de1985

SHA512
cb914bbdf1b512d98c4c5fec38e9a57c82e424c506bdfc4d72dd519d8ecbbddac53f0f660e6d9dcd717d96a08a6b0aa3083504c854a8e2b20bfae2bc87f1fa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa90ebd9cb931fef5808c534faceb078

SHA1
76b8fd43eb37024907673b5a191f65ad2ceb54d6

SHA256
7e1590496ccbca648a2db3d84f713d089374393845701bed712f73d2717d9452

SHA512
9cbdaf74d1d5ce449ab9a3a747149e81f486dcff8e1fe3e09d7240979db32f489b6541607e0cde05de02036ecb0526800a85377aea26634f0bcb9d1477f2dfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbce01d34118967592a43c6d10788d55

SHA1
7a6dde40a7027231c8e873d1370f2388f11e7e5c

SHA256
a2c16328fcd0a147926d6e2e4595893535f9bd945c2cce506eb0e95fda1b8f15

SHA512
330ba3d8fcdcff658f286e02239fdd0581c68e9dcf4c4e11efa73b881eca77639060801ca97d3068841343216eab4b0246a33e7ac30bac3fbdd47c71f5ddbc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2de27580c2cdbd73fd2a90e8a4d24569

SHA1
4a507f6dfa94d1a9e0a219d0f132c9a94bbb94de

SHA256
febcfa5704d85c1fb42c8bd23017ca4f743333493938c24bbe82a668afd6b3e8

SHA512
38218c5ae5a6549acbc7f131265e21b3ce7ec2f6b5b7adcf4bc9473558e1773b87060d15cfe19584cbd2614b6f4fa482a2ffe7fa1f366e4bd8377101b99567d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
623a01496646a206e3242863defac5b9

SHA1
bbe0298398554cd5f1f757c02748c0a1fe96d066

SHA256
809edffe521dc3041d8c5a882d5c45ea6548138798b29864705c00ee07ee7b85

SHA512
d3f43126d26ca4f3acc1aae7b2a54648bb56474e855a51b0c011c03b8c5626f9bf53a29b9fd91e991afb814af77916b2709a25cf5edd56d8dbdbd751314854c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
fe5183d3f70b96c55607cae8cf8218ff

SHA1
5e704a6c658299c5234b1dea75bd432140cb9562

SHA256
0bd40a202ce5691df651bcb5559840583fc5a28b8ed764bd0750c9ef322fcd9c

SHA512
4292fd05eee58d1622590a69908e5a1be0cb2b897dfe45aea8fa06a717c18288dfc53b9b1dd422f049288d441f3899f1edb12f60095018b06b4eb6f93cb60ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dcee.TMP

Filesize
372B

MD5
65630df6fe6e7cf952f8806cfab9c215

SHA1
e2c82a7d0ffb1c0c2716269f3be5f866efb4b60b

SHA256
0ef919339d0fdb949d7f23a9769218c774bd9b3f36ec64781d30d80089c15be4

SHA512
dc3a018778a949c01d41d15f15c1247f8ae109bebf4270de6bdd424a2f7e88f1bdcc8e917bb5264eb7537dc018d7ecbc39b91490e60b1049009c5a7303aa6647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
592db3d9826c0d83630c3cf35ee3d0a2

SHA1
e61894619d7493f42dac62fdbe77709410b8a561

SHA256
a4414db969407db8b0837a9164bbb1c302f40ac665aebd40341f9dd99620a60a

SHA512
d3ae4cc8eebbe7880df16b15133f689d20633a672954ba3af970919091d84054dc9918ba70b748a63791776085fc6d455de570f87cfea339deac74256f7ee76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2ecfdd33d24c77ec53c73ccad3fdec54

SHA1
3715c9ef2f69696a053ba7b7aa430134127e5c20

SHA256
3e9d03c0a65b94ae9b72d9e7c4e73470eabf4bf9b47e8ec5246243c82e879f93

SHA512
40cc620833061eb1a594d91f43d8b8d011c39c1b59ed1dcb8f698b61922584208916a24cc913049665c9b554a315abdabaf0c23ed44a0ba392c22746877c1e66

Download Submit