hxxps://192[.]168[.]22[.]107/acc_MOG#/login

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2023, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://192.168.22.107/acc_MOG#/login

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
1380	msedge.exe
1380	msedge.exe
1428	identity_helper.exe
1428	identity_helper.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 3504	1380	msedge.exe	81
PID 1380 wrote to memory of 3504	1380	msedge.exe	81
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 1972	1380	msedge.exe	84
PID 1380 wrote to memory of 928	1380	msedge.exe	83
PID 1380 wrote to memory of 928	1380	msedge.exe	83
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85
PID 1380 wrote to memory of 2232	1380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://192.168.22.107/acc_MOG#/login
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff789846f8,0x7fff78984708,0x7fff78984718
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12557082981125691068,15691423431258531480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c706030427e38412162a68b5d00396b

SHA1
f914d79a81bb81f646651ed4882610d2c795466a

SHA256
8bf889ad6a91937895809e598c2857eb98a4dcc86c62a2fe1cb6439c28615b9a

SHA512
852f96c36f445759f512a9850706e873f2007f7109263fe73fdafb488a9a13b76680f9be320a0fbf092810522491e13d86836dab35e18a3de6a16e2c7be3b86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5abddcfd5820a012f66c893fb089158b

SHA1
28aa5f417a1260a2b96555827934533b0cb492e8

SHA256
eb816880e4809eec3c18a46e0f744169798c3ca8ab43f95725070d1491524486

SHA512
8c75b717bf88516a30cb1b600c0e04ae9f4f01305be2e2710646d347eb7374c38d74eaf27e6085c0eb56fae251e4d0d8e5c5c46023583f64cdecbf46b5e6dfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a40673f2c0df2c1d6e433a9269204762

SHA1
e14b10440fdb4185979b9d48f588931b44727ca0

SHA256
17db944b625b71308b16e0b968a53c3519e376284c2a36c20baf509919841770

SHA512
3d4c0d4dde470e053e9ac54436b4847a9e6309cdc98291306d9e74c1fe771beee198f1ebb12ad09e78025643dec874cbe55261fd65a7a26cc232e74ec509752b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
1ec7090a5740c76544fc8f119760a2ab

SHA1
9c98fed731f9f4df49bd7ca77c90e91074745ce4

SHA256
23d23b01542109a05769fac3f7262a56ee197fd18d76e87d42798282441f2997

SHA512
d18cebc6d4ffba2f5adf7c28dcfa0ec72b7bb6b4d1eae8a9144fd11a8ba13777513ff23e404d721dc7161182e2e5c0fc38664c4a34b00235e40168e2608dc201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
a743b38113ed3932bcd54ee11918ac81

SHA1
2fcfd4f6dfa2c0a8f7c5eece048e9c9e51423c76

SHA256
c650266ac3b6c97213cc9ee9c2eec1f6d5922b691a805a3e2fec1145c8c7ce14

SHA512
aafde2fe4bd65dc3916b42f2607aa415725d817bf27965104c9f4e4d3117f393bde31afd712a2bcb3f2e3c0557a5a044a40a76624cff5dc9573fd24a596017a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
6df92ee0321749db58592fb6ec007be9

SHA1
79e01536ef9db0598b472a72288d40ecf75181ff

SHA256
1ac49757b6f2c90d7d92f8b46e561abbbcae3cea2cc0f9da10041ff1653485ea

SHA512
3d2302a4a3cbd25eeb71cb1e0182fec2daafef73233129709867e72ff1a98cc86e975b15691672ac232b97652b77f7ad4c0ae7930cbe0caa809a648f1f3cbedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
e3e81595158863565197a0bd247c2abe

SHA1
8d8738709764745886add988bb2ee49b5e0bfba4

SHA256
f808f9f3a26234d0648112e7e916b3bbbaf9c830fab5c1c350343fb8d7ee32d5

SHA512
6659bd76fd9a7b2fdd8b428b5d27c2509f21720d93fc3ab68fb60b3b2ea6acddeedc0d593e2e910a8011dd6f5ee8d319cecee2936282acea31ea1a2595a21ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
d168945bb710bed35f23acaeee3e8462

SHA1
f2ff0de4ee790181ea62b693141a9153207549bf

SHA256
bdd75a121aad34633636214f35055415e7a59e739686b094c97ed04052f2f012

SHA512
f2659e4d05311842e7d752c59ddd74aaecfa47f352ab2311bffa725a617f2c7550b16ded1cca675d9a655a16df37c483dae11144b6bf99dc48fa1f1e67f9cb92

Download Submit