hxxps://gohealthuc[.]storage[.]office[.]com/OUTLOOK/Gohealthuc

Analysis

max time kernel
209s
max time network
251s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06-10-2023 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gohealthuc.storage.office.com/OUTLOOK/Gohealthuc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
1148	msedge.exe
1148	msedge.exe
320	identity_helper.exe
320	identity_helper.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 3664	1148	msedge.exe	87
PID 1148 wrote to memory of 3664	1148	msedge.exe	87
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 448	1148	msedge.exe	89
PID 1148 wrote to memory of 3984	1148	msedge.exe	88
PID 1148 wrote to memory of 3984	1148	msedge.exe	88
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90
PID 1148 wrote to memory of 756	1148	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gohealthuc.storage.office.com/OUTLOOK/Gohealthuc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2c3346f8,0x7ffa2c334708,0x7ffa2c334718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4172543178958658888,2995939048323728445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a9212ac37c6d359c327a68993fbd4a9

SHA1
88049e895a7e2d795b3ad1f31e3d51e09677f298

SHA256
bfe556e518ed2b94c90de08b6547f0b6d37684d2a0e0bf425826e7d4c8ae834b

SHA512
2314ebd795454b697d3cf6886b2a03f5f7ab11057d92e904d1cb741e07a023b1c17808d2673af191f20a53bf172e8b58899ef69c5b37591a2e0ba2f4189bd997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
35c78642261fc4146ff08689c20ae18c

SHA1
545ef6f54b67e16451fc24f1c6328d20a9ed4fad

SHA256
e9f36aff2afb45ee5f00c5d07f03c195748a480dc2424e681a15420d7f3917a1

SHA512
a90825778397b3bbfffa4bda9bb597fa024622b905b890fc2471b23d28d2c29cc27592af38d939979b8716c5099b27c76fe901222004ebf29abbfdb128775267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c5f7f7b0f4922b0b148276287ae6b31

SHA1
a10e4d5f3d3301d1fa883f41c18961ec92bc9150

SHA256
684cbf13b96bba5b4435bc06c021d8b4353f14d8c3b5ec945a8fd59eac7c386e

SHA512
fe47624fefef828d50632f4fe6f67d3a90e3d47fc668cbe303426ec81fa706fc06d74c20a263836a220c9071e8957a449f0f59f605859cca856d4490590e79b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dfe481b2d6acf989274a15a97eb91c00

SHA1
535cd018a511fc25b82b89ff5401c4fe941501ab

SHA256
1b6404bfc52e8bdceab10daa20617d4655d0d57e76be3db5568f8e0e9af64c40

SHA512
6206faf0d138d1b535fa5b6249f5dc5acc1291cce751f80ffb127019ca5c972212a95fcf4b6f342bfc5dd1db0e5bbc7f5a449614b84891ea0b9e1afa064d4f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e59aa0a3ca237956a285f2d690eee07b

SHA1
30d01b0b60c240c2af2b82b19584a310fb9c30ae

SHA256
cfa01ba330d8ee8995d00613359a0b624b52a46873821fba947bf8350c4f85a1

SHA512
d03f7cdc19ac2db0ff86f598d35290b03a847916b5502fee6217068da093a8d5f2ac7c79ce9a1e60b76a0d51bfd25385c476e5ea4e580e61d1be0933eb125614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b0a5117aa1bf2ee5198830954f4340d9

SHA1
710ac7bf554922b619ac7f96b05f9692bcdb3e69

SHA256
5f5b913252409339612466bae8381438a7e042f55b678a87fe8f16a81225c823

SHA512
fb57e41d25205898f5ae860f4826d9a680e5b3863fbce6667b7cd2deff36c93f896d5da22cb05b653226cdd64687bf494cc9e30d1821f1583a53e54fe35909a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
dbe32b2d6369512976f954baf04b0b31

SHA1
3ec9edaedac8680e357820b997bcbbdb8c7f79ee

SHA256
9ffa9a05aaab2dbde2d81aadfb6fc1d51b40a6e6dc7559cb2bfb27be0bb346b7

SHA512
cd697736ab6b3b227a06e4a1ca7d14be67dc2e500d486f6a0cf626e0b8248bf74f4338b07c954c20c9d5af5d1347b344e57cf820a33ad076477fdb7421edb17b

Download Submit