hxxp://itunes[.]com

Analysis

max time kernel
82s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
17/09/2023, 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itunes.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
2536	msedge.exe
2536	msedge.exe
4504	identity_helper.exe
4504	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe
2536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 4524	2536	msedge.exe	60
PID 2536 wrote to memory of 4524	2536	msedge.exe	60
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 4704	2536	msedge.exe	85
PID 2536 wrote to memory of 1712	2536	msedge.exe	84
PID 2536 wrote to memory of 1712	2536	msedge.exe	84
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86
PID 2536 wrote to memory of 3104	2536	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://itunes.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa72c646f8,0x7ffa72c64708,0x7ffa72c64718
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,13901040904469729044,2992934968601200399,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
500b463ca604ad6d789286b4b67a76ca

SHA1
6bcae50b9e0846519b013be554464e1c85ceeb38

SHA256
0c5aa473a993599c324890cf58309b397eb26d42a4df5bb87dc027f06b0b8861

SHA512
01d2a69131b8ec5d066bb4442ffc47ef44cca2e9de9a10f3d4d77831cb4f1b901b0f59c91669c8c4b76f164d88724412a9c699863b1a0332bd65e9160e9243e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
262B

MD5
808017d695c937a710d1c94840b3aef9

SHA1
5cc387d7e725acd75b6a2004e249a30dfde1585e

SHA256
fbff5deb982bf3f07741a1c1c0b19e7ff906dc32dfe104fcedadfd1e96ab8fef

SHA512
d18aac44f611c42fbb177d91ba19cd3142144ae43de76208d53349d64731e4da3b947cfa27266074bfd95bcbb58f78b6bed648eb00c5c12526f3cebcd2c734ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c54ed54704e84edf9de226f5638280bc

SHA1
69f190e31de8c5583486f784ec55321d8dd92b12

SHA256
8af7aac9d20a401accef5a7751f762ac63c0fb79b8b0d990ff61df3c5719c5f4

SHA512
9360a05dd9a02ebfb49ae58863e78b2ffde80d2f42e688663e6b004a0735cf68f299dffcabca7a0a74cd413343db61d96cffd7024af8d0bc8c39ee51b65072ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
604d68878ed3f4240b847b37e0853bae

SHA1
b2a6de24f52d4eedc7ee6132a3ff4a78e639fd15

SHA256
14b802894561251463b0a1e7bb3f1b8d4a230d92d8d71de79a95b2a46a11ab61

SHA512
858288e797aabb1cfa0920910f3c244e02148a3ec583b27092cf61cf110251b1ee52950307ac4057bb8e9a94afe9eddb73fb552012aef6d8974c7213262673ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bafb1a7e81919652039994b1052cd31

SHA1
070d6829374e7f65081670c324fe9e38a9de58ee

SHA256
c6796464a29ab6f683a449852cb4135a2af101bdf397f240aa5220c8ec190f9b

SHA512
96dd2dc3a71cb2b0cc08708700e960a84517efa2223cf37cf6dd356afadc224c0d9c3cb5ebef865a079e421e51fb30bb9ad9f39548754230485c5c66e60822fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
954ce3d7b126b348be98dff4b4b77031

SHA1
e0c056301bc02295ab67a35a13e2d951c90bfeaa

SHA256
09011a23ae0d88dc6ad337151c0931924234a1781f96274e0c2d6d7484a4468a

SHA512
cb6695dde2a872f07b121858d94224f60b17af0ed512aa8d4df9748c17de3dd447e2ae85b3d4a48991160c8caeaf812dbdc08306599c80fb452437c55d3fde3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b71b46ec1b8342a878ec386394a99e92

SHA1
e54e098ac61162982628b922271b56b131c7336c

SHA256
6d8083076ccfef2351d5da6f38cdbd3ca7e51f3bd3f0db4f8d903e72ba1d359a

SHA512
0c6dfb4efee1902a0f2cca17359e6cd71b4aefeda7785c135611224f1c4ade8a61aa1aadae074add5b6c0beb679edace4d4a328d21f3059a72f0bef4079e6045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
0a4d7172d14767f346d99d531bd915ab

SHA1
d54d539fb01b36960eb82d2a0f098c46bc34c881

SHA256
d7aa515e3f146fb554a142492342a7a7af09a79fce34b5b8f706ce8263ab410d

SHA512
bf7139e71ee2c249016f5f21f1d8de565223821b43055f3e79d5c37d2ba79b09fe73b5bd0134d5d2ad759ee6dfdd18ff3b3c9b6e40932c85070b01d7105700ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589798.TMP

Filesize
366B

MD5
a89447969bb2ce6afc610c31ff4f501b

SHA1
6267312ed62f3626860333ae430899a93c1b06d2

SHA256
b49f1327ea6f6fae634b567b7eafec040b613896dbdb0c3e30033e26cda0e9c7

SHA512
3b7d762ee36e575718e0fc7338fcfad423eaba7eac3c3e530042625c88b290dee31daf1e9caf5b451e1be47cf83bb56b249d3c1204cf87944660fece60ec5af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6dad27bffbf88e097d98144f23cd016

SHA1
f3ed7452799935c58195b882695dc64d93343277

SHA256
703d368319e403d5d60486ed99fb97273b646ca05ba72b65910d3ff053de784c

SHA512
c712ea42f0b432bd38fdcce0bf066af83ea53573880c8879a80fef5ccaeb4b34722af0ba72347d210651da3df19712fa94eb2ef5814a40f3ceb1e437134373a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a10fb5d7-67ea-43e9-9929-24428e81fc53.tmp

Filesize
11KB

MD5
a5580d179d5da88e8a0ba70a308df56a

SHA1
56acce1047c5ce9c05fcd41781f75705ee455994

SHA256
1a5bf1d3eecbb0f5349f89690f85790de5eeb090c9b201645e169027da916938

SHA512
7173832e1f352dd8c98519eb9cb608ff2d7fa735b10223813372ad3062a89d7182484ee36118aaeb1b6d1bb2183238f0e0017c55420042567aa3f182efda87b5

Download Submit