hxxps://www[.]oversight[.]com/cash-leakage-estimator?hsCtaTracking=deb6e519-6047-411c-aefd-b52812dc897a%7Cb8435f3a-43e2-4239-8c43-9377ae701c4c

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2023 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.oversight.com/cash-leakage-estimator?hsCtaTracking=deb6e519-6047-411c-aefd-b52812dc897a%7Cb8435f3a-43e2-4239-8c43-9377ae701c4c

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
552	msedge.exe
552	msedge.exe
1896	identity_helper.exe
1896	identity_helper.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 2480	552	msedge.exe	33
PID 552 wrote to memory of 2480	552	msedge.exe	33
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 3580	552	msedge.exe	83
PID 552 wrote to memory of 2764	552	msedge.exe	84
PID 552 wrote to memory of 2764	552	msedge.exe	84
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85
PID 552 wrote to memory of 684	552	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oversight.com/cash-leakage-estimator?hsCtaTracking=deb6e519-6047-411c-aefd-b52812dc897a%7Cb8435f3a-43e2-4239-8c43-9377ae701c4c
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffba65146f8,0x7ffba6514708,0x7ffba6514718
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9851016124208042488,3535568914568960229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
c5a0389cb60f71bbafc0e35a8bb9230f

SHA1
9473d1fc49380cc2224275873b1d04083858068b

SHA256
459e6225a41f5abcd4d9e6aba8fb6f388b1e8416590148200fb0342c896c6497

SHA512
edd737e346fafc72191de4412c553baf90dc66cddd99cb1d340953e9afada011a5b9263f44058b8c58a724d63df6621ae93168146ba7c51e23899e0866ba4fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e17df3d175f2b12e6f249f23883a06d1

SHA1
02784c8aaaae2320197533dba0142cf528feb308

SHA256
1fb9d6ec1501f8a4af17aa98afa2bb3fbf8bc8342243dcb1c4b9b73e9721904f

SHA512
b8df0fa4e9d2da6352682e54350845187e2a06fdf239810b2e269d2ac8be3dff0339d09952c3dafe5c605a0b08d6ae1ea8751ffad73db604eb0328cd200496b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9685e5eb130b3affe45328575adb3a07

SHA1
f1d0c3c8c3edb3a2f1b12c8b8c90b278681d6719

SHA256
9161d72ac7691a775fcfbf2156cd9f3b4acfed409fae77930de87909966ce94b

SHA512
04e2f98962c2331c2a8f5063966209fe8ec9dc3850b36df7f8a391e6e8a1aeecbadaa6a521a9ac9a2eb0dabc21177aeddcd66219609737c2d648d85bb3c6041d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1acb390bf2a386c48038062ee513178e

SHA1
de5fe5bd0cb6ace1c4cc5c1f445a359dbdad5714

SHA256
fb06df4f71ee63786c5a3c884207c07eb3d8e60f55b8e64c62acbd495dcb109e

SHA512
b25d42d5f40bd6d5ab8cc012c22b99f580c318c57161b003b08123188bcc8fe359faa972f6c52290195d1155039eb51c7b97193cd2ab0cb36a0d4eb748c776dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
759c9e6e3a75e06b4f1a0cd42b98cd47

SHA1
b3521afca2b9f75fcb99c85e869ada949f27a4d8

SHA256
981dd4af3a6c3d3653bfa8ed2785a93be79ace2a0330f88c5156d348d2e58985

SHA512
6d27b1e5faf264c92c6910fdefa9b22ceaa86971471356a7f8b0dc0d231b08bc3ad2696afd71cf3d9bb9827ba81d0b2ead3c1edaabed5e8886d84adff164baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bda7d4350e91b68f344e5f6309916561

SHA1
3a9a4d8e7f387996b498fcf7f534d4b9456da952

SHA256
d002eace22cdcc7e8d9a434c1daf79a02e345ba3c63fe37f5e0fc68d5400e50e

SHA512
9d09149c76ec5e4fb78f13577fd07558040ecc8e468074e8b26b6187c86e6539ddd40ad0302284723dab650411653475560e09fb64908522e74c46f879fd4573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581681.TMP

Filesize
2KB

MD5
4881f39c595161b29b481536dae220d5

SHA1
868a077120480a47a2ce05728bf40445e35207d7

SHA256
83eb3fc22e224335d0570adbb2ef5ec6d949a5d181088f4da9798444ee47d002

SHA512
b187932158c063e8b30f03646e2fc4ad65d7df885cf34acf5e5864fbbb312f9da7d492269e1be1d443e0f95225bdf8c368933d0bc0d3ffcc07051cf73c38b141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d46ebbb1-1067-4b67-b455-44d269537a54.tmp

Filesize
2KB

MD5
153677f3b6592aa230e6b7211cdd490f

SHA1
73dd7dc79180f41da3cd1ee17e73311a94f767d6

SHA256
12a35f903db0db539edbda35f733438822225030c91ed8effa4a01f362a28715

SHA512
dbdbae882187e80950337d1550bfddc98641220d2848e6a8b381e0a0db3a0c659879954afaff37d208cbfe8231321f55ab73eee6e158bfc2cbded047c2b332c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dec97135435c17782312cbca00d3ba72

SHA1
0ee527acea08441910a72e3ff92063ceb65f0e7c

SHA256
05c3913adb957be91fb05b7a99642a96cb884dd8d52b5d948d0a77433c21c365

SHA512
8363fe6831f108664cc1a9b69a501e5dfa88c455a7ffcf71dff38aa52a4be6adedaede24967bb5101b0d6c72a496a278bb9e2486f4a2bf12fcf8d3a487d8126f

Download Submit