hxxp://elan[.]blogsite[.]xyz

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://elan.blogsite.xyz

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
1976	msedge.exe
1976	msedge.exe
2028	identity_helper.exe
2028	identity_helper.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 3776	1976	msedge.exe	83
PID 1976 wrote to memory of 3776	1976	msedge.exe	83
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2836	1976	msedge.exe	84
PID 1976 wrote to memory of 2332	1976	msedge.exe	86
PID 1976 wrote to memory of 2332	1976	msedge.exe	86
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85
PID 1976 wrote to memory of 1616	1976	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://elan.blogsite.xyz
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaf5346f8,0x7ffeaf534708,0x7ffeaf534718
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16667227133611779193,10200931924246646844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
1f145c904af3a608bd80b4f609bde1a7

SHA1
2bdfee2150d8852ccf017b538b6b79ded00ac4cb

SHA256
4e38881944c615e6a79b15959ca7b6f68442a34b9d7ec7d3e5b36366ff6051ef

SHA512
035e3a176337b4c29ce9e897df0e30aa2ceeaa2d853bc39c65469a989921b859fa6c65f567821c402a28979ab171b1ce4459791ed5987f1a8ecdd8dfd566cddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ff9c1a392679dd72e972f1789f179b8c

SHA1
b1325020759a757b1a5f2a869d7065e48edab866

SHA256
c688e2eefe03c7bdd2d6326042f4c142e9efdb71e53bedbbf10db7cb4e05e70b

SHA512
7c186b769be427f5d0cded4ad1635c421494ad6b8548859d29da1d877350d6ec27e3b987a5ce6928dc198c8ec328893f376b9e6d94d304f34a27ac36b9d9299c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed040de9af5a2f35a5bfab93ebfd0637

SHA1
fac8418b9a5a0abddeb40fbccf23f17c5a97fc5f

SHA256
620a161f9720c92ed82a18e0c969926d41dd30e32f728ad5cdbf29620ea26488

SHA512
bd6f978b20f110979006e99f904a90f6aeabc0c11ab02d0b710a2ddda0e994bc3f1a9e9dc53af74b793ffe4ca5903b4e6a4910af1e0b6013e2f222ac953f28e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b90930f6f8af5ba523c053433a5b9928

SHA1
d1f8a61c16941dc88e1c674db62453aba6f4770f

SHA256
ec9802f14ba3d714d9f9dbbc0fbfa311618af31c1179091811e6f3b2f01a3a3f

SHA512
fbedc573e7b6a9b4e7660f47c639399c7179d418ddc04256e2e40758ee523c11f5ee017328d14c415db94a3619922d97a781ab7ecce8ff5dc0e1e60282c2e5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ce3126b4bad210936f32c924681777b

SHA1
0d410652afd3371422daecdec7d99d4e9fb49dba

SHA256
7c424a8597fdebb1617ecb08b51810caab618ade7f75f370f1334efa43e22c20

SHA512
9ecb1d8cf5b8e6ee53567a17096db1217df08b839875b7e27dd62f036959a59e490f9b28071ec9fdafd4c43cbf0a698b34e398a8ed0cb17c4c5e4dfb866dcae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfc1.TMP

Filesize
1KB

MD5
0773a6c25ecc4ec63e8588db16815ad3

SHA1
05bdff4ead4179a727a0c8e9a210dc5673870263

SHA256
a7af601168e7d322c21f05099f8284f6041d8c60f6c05b23b5594dd04ec574c9

SHA512
f42f05bae0fa4e9e1ee97328c9519bd14f8262e696c0b56e65ae6e2029dcc7a0f2a56c5caf5722329d74b4eedc67efd6f7c89dcc306d2b91841c681a000facf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
44e16c9bff0d329946542b09c60e589c

SHA1
b201b5086bb9af6fa91a503f0be808108abdc51e

SHA256
6812561ab430daf3bbe9d936d04df4dff2d8db158eb7db52dbeb52076d2c9212

SHA512
8408254bc40a24ccafe468f276ee931eac640c1d48385684d2fc13e6b151e825a5dd53335f6e6d370e53484077b60f960938b49e5af0ec3fd7acf7d131cca19a

Download Submit