hxxp://domclickext[.]xyz

Resubmissions

22/09/2023, 11:31

230922-nm4xbahf32 1

22/09/2023, 11:04

230922-m59pvahe59 1

22/09/2023, 10:55

230922-mz7y3aff5x 1

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://domclickext.xyz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1732	msedge.exe
1732	msedge.exe
1572	msedge.exe
1572	msedge.exe
3808	identity_helper.exe
3808	identity_helper.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 4952	1572	msedge.exe	75
PID 1572 wrote to memory of 4952	1572	msedge.exe	75
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 4908	1572	msedge.exe	86
PID 1572 wrote to memory of 1732	1572	msedge.exe	85
PID 1572 wrote to memory of 1732	1572	msedge.exe	85
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87
PID 1572 wrote to memory of 4636	1572	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://domclickext.xyz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaab4446f8,0x7ffaab444708,0x7ffaab444718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16205865286063449745,3423569971254161381,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
37c951325cf64c2c2f7a1cd332d4c295

SHA1
147c1ef3f6b0bcd4566736b47164bb4cc24692a9

SHA256
8b0d436dca01affe7873b471eef507f679d94495763b4c65216ef1ab7d51faba

SHA512
5e50c85c6001cd30ff5b270590d49ba2d0a620248a7064ae6d5731b546ac63295a9b0e522e33f32c3960a7a93adf3c800a1f554061137fcf747315926d846db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
932B

MD5
2671e28e2b4f8362bc6ebcecdb5a8e97

SHA1
7822bbbbf33e0978dd35cb15f0e32708bdb72d54

SHA256
a14ca383a51ea653feaeac9f4910e55c5e68f531e320ed167abccbc63619e330

SHA512
ae45e5c88617cc36f407585a95e1874e72e62b21b966256636116f54c9ab8b133982f0a0254bb2734417d2807570bde01d5252f18ce85f94e46349dfa1fc3b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab8d5e5fece2274c9428b93ab8f5ed31

SHA1
dbc9b861cb9a868e1968600d0ab5bd49358ef844

SHA256
c663fb18d33f105fb68c80a655bc7c0ea1b929daf0b97d17a6e9a876cf8defd4

SHA512
e8c5354c9c33bb2ecd36e8fdc7c53ade55e2effce50a5cfb05d3098d54b3f08275934bb5b51ec8f0c82cb7b718b4cc7f77e52444f4973268bdded6fb5ba935cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c96e248929bab87b00e2fbaa89306e4

SHA1
e3ee3817449783ce099ba8f20c859bee2a87392a

SHA256
53d6c05f2f1960973960cd300390b0dd0850b368e7749b5fabd35b1204aa6590

SHA512
9c9e684e471b2b3a556f3228fc86f556cdea7dc4fbc43163e9e591e2ad7ce65bbd49b2fcdbe89b057f2146499b6799895421738558dac0254adcc9ef919a5ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
15ad31a14e9a92d2937174141e80c28d

SHA1
b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

SHA256
bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

SHA512
ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
316731954c704b8852eca19583fd7a48

SHA1
e93ca20edf537652313d629c7e7be9cb8bedbf88

SHA256
ce636fae6c6e508c1c6fb382e80817db482f4fb3479df351acbd40088664744c

SHA512
5bd1a98318beceb0ed1d3b8188ac942ebfc2579d91c39154d2e6b0ffb347a7e8c1488da51cc3fe1010666e7bd7aa281ceeabf6fa972a8020c7d927f05c75bac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57efce.TMP

Filesize
1KB

MD5
a6027fde9e3de0317e809327920cedc4

SHA1
452db2b848168cfde10ad99d90b67efbb8370e80

SHA256
c15043a53e5d83cf82797bb887c20c8c7dd43d6ab48e3e4459131441deafbc51

SHA512
12ef96a9d8a62c654495b2dbad3495c45b002aca0712f078a13707a73639a85b457e237aac5dc4043628cb5f599f416b877f1fb19537a75c76eefcb4970e7d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b14ed3ea6a0ad153a513aaa543c299f1

SHA1
3a1f3d86c838c62f5fb4c480d634cf051fa422ab

SHA256
42a13c0e57918da8dd8ff047a94f986b157eb49bbb035fb86b91c445afd2c0ca

SHA512
45d4d3bdc93e2d66cdb7ac2ed5be2a7d0093958f4b0cd4ed73a9b7d3f439fd87647b2461d0c12aff46e65bf06be4895fe7981a361d28e77f482d21c3f810a982

Download Submit