hxxps://txdot[.]my[.]salesforce[.]com/?c=W9xj5ufn2QQdt39AxBG02Tvrs9CB6zdw6x6W5GGmKOGqztPLwv[.]jSnA8zHGNnakILZyv2jLeebgB1gi8uLm_Nuua_2mq_qSTrI_MA4t0l90jWhPsz3nNAcE5Cjlo8SpqAPL3Jcft

Analysis

max time kernel
73s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 13:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://txdot.my.salesforce.com/?c=W9xj5ufn2QQdt39AxBG02Tvrs9CB6zdw6x6W5GGmKOGqztPLwv.jSnA8zHGNnakILZyv2jLeebgB1gi8uLm_Nuua_2mq_qSTrI_MA4t0l90jWhPsz3nNAcE5Cjlo8SpqAPL3Jcft

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-618519468-4027732583-1827558364-1000\{A54C1462-B7C8-4B98-B9C3-9458D2322F6D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
1664	msedge.exe
1664	msedge.exe
2544	msedge.exe
2544	msedge.exe
4540	identity_helper.exe
4540	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 3936	3504	msedge.exe	88
PID 3504 wrote to memory of 3936	3504	msedge.exe	88
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 5092	3504	msedge.exe	90
PID 3504 wrote to memory of 1664	3504	msedge.exe	89
PID 3504 wrote to memory of 1664	3504	msedge.exe	89
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91
PID 3504 wrote to memory of 4588	3504	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://txdot.my.salesforce.com/?c=W9xj5ufn2QQdt39AxBG02Tvrs9CB6zdw6x6W5GGmKOGqztPLwv.jSnA8zHGNnakILZyv2jLeebgB1gi8uLm_Nuua_2mq_qSTrI_MA4t0l90jWhPsz3nNAcE5Cjlo8SpqAPL3Jcft
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b73d46f8,0x7ff9b73d4708,0x7ff9b73d4718
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3397737613680813803,7157376517446345784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
  2⤵
  PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
e0a2303916321088700d53dff6ae2a40

SHA1
7ed700b5cbbbe862a7ac71aad29e4d03bd76676d

SHA256
6862db4c7473753d4a0761fac8bead35cc80af64dce788c6e0b6cb1220f0216d

SHA512
bf7b27333493966f9fe6ef946aeb60f5c31e7055294105065d4cf368d557b51c0ae4c6af10513332ebcd45a11cb62175c6f4552eb1e7a5714f8723306f831e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93dbc6164cf0f915b8b38e3e9ace7df6

SHA1
5e3df93c59dbf88a5a6c058d0d1436af534c715b

SHA256
f6c654315e7c1186575acd446ff8ee9ec2f9b0596eea279a95c22cd4729d4728

SHA512
d09f7966accd83f82bcf09b3a49d5b888dd04dae638356f831867672fe713afbcd2672550708a8b3b6dd60749a2177b305795bd0b0206c2745711eaf358ba07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d423cc30545a5c10a639da5d5a76e8f

SHA1
0172fcd06997524befa771a91fc5580d987df86b

SHA256
4bd18f04d26ca96b484473674134fd17035875acaa0e10b45ff085039f6544df

SHA512
d4dd310fa050dececb98d9e5e11e9677b1b9862386e5bfa0146b87715bfa3d763fdd4ab08cd03266eca58bfc114490b9427425535b95d7286b90fa420ef70dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61a542e2fbc95b56ecb35fb2fd7cbcca

SHA1
138ba379494f5e82e3f427a3acf8fe4068553b45

SHA256
e3cd0faa44e1bbedde82ebe5659a2c6294dd6aeda7184176c20eebe038035304

SHA512
d345facbbe14417ea6784cdd5c5108f638d6d68a2d9a44d070d01ac5a9dd0714160c41bb9a17a73b3828fa4dba012dcf585db37ca0bcb355363f976870a43ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0bfe4e73d4cdc236671679a8d5b817a

SHA1
23ce79d37aa41a8b4d98f29ab9fa13041eb7b7fd

SHA256
7b05069ea7723916d3d55415cefea45d8dfddf30d3af22d9468ed2e23d731d73

SHA512
9c62d4c4942a95fab8242b414709f21abc57b8eafe6f834aeae2bbd6c81d24f00966e1eab508e6dc40b9b7b45ed709457aa93e939376e2a1a4a121e1d1738568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58561a.TMP

Filesize
1KB

MD5
60d77e091cdacd052c27c40d19155513

SHA1
cd311fd077f5464bafbc3e418fd7e831f3e43984

SHA256
4a6b500bc8249132802fe05cfd719c48774c677e586c2e9f5919f2460fb71abc

SHA512
fde1ac4ec4301f7a925ca6cd1f6740f4f8357d15c08c4fe1f2d219c90d25fd5cde284e283f99f427b0c1d91a68e3f60835fb0e83d9e8c83cac354cd445fb124f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6030feb454b89ce0a30e1ab33ea93d09

SHA1
946182d668116f3308012e7852ce9921fb582e13

SHA256
b79632c79f0412bdf7eda0d40e71c02eff669f43dcd738aa6837751cc1aafd5e

SHA512
86d97f6cf0c15baa43240eddf02e85121664c33ebb856c97e3de27e7cc9cf481fccb35ee3b0986cd97ea03d212972a96f940cd283ea9f0cece36ad6f66fc4b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e9839667b83553834db9568d435134d1

SHA1
f38aa11c78c5c53369507f7c74ab8b9d6d02798f

SHA256
ac7c2795a5de92fdaa5cd9a90ed2dce7c36046aba567b476aa233967bcd1332c

SHA512
6c9dcd24626ecc1ae38fce73e5e5e8ce6a22e1449e74b15bafe7e43607c3e70c966e6ac99ece12e3959ea4e6a1f4d3b60261c0d8ff38bd084633cd964e7804c8

Download Submit