hxxps://onedrive[.]live[.]com/edit[.]aspx?resid=60AAAC9E9FC3B6D1!643&cid=60aaac9e9fc3b6d1&CT=1697035966156&OR=ItemsView

Analysis

max time kernel
216s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onedrive.live.com/edit.aspx?resid=60AAAC9E9FC3B6D1!643&cid=60aaac9e9fc3b6d1&CT=1697035966156&OR=ItemsView

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
1280	msedge.exe
1280	msedge.exe
216	identity_helper.exe
216	identity_helper.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe
1280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 4584	1280	msedge.exe	87
PID 1280 wrote to memory of 4584	1280	msedge.exe	87
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 64	1280	msedge.exe	89
PID 1280 wrote to memory of 4424	1280	msedge.exe	88
PID 1280 wrote to memory of 4424	1280	msedge.exe	88
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90
PID 1280 wrote to memory of 2748	1280	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://onedrive.live.com/edit.aspx?resid=60AAAC9E9FC3B6D1!643&cid=60aaac9e9fc3b6d1&CT=1697035966156&OR=ItemsView
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffffb2446f8,0x7ffffb244708,0x7ffffb244718
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1691257945065990969,8490702304388034482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5a70c7133100aa4876959348de9deee2

SHA1
4728235a88a224d6c1e33c148599bc58dca45c92

SHA256
703f16c192975926518eea61c461a5ac38e197679a01150699a5caa3460d18db

SHA512
af0366367798a20217345d7d43b351f9445346dfbb235c173b7ea0935bf7b7f5a352243ebc60e3e746cae96a011932059adcd3b1ff1c7b0b1e8215024434ea43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17a96d14bba0473e474a6a7049eaf2f0

SHA1
27f2d1cecacbd7f29b01b7dbb61346ff23cd5a5a

SHA256
5613f0dcb2e549b2942b181f419b1b0234fd77bc7d4784c9139647e640e5a333

SHA512
92c688a9c80777493cd3950f6641986d1b40543b883620646bc88ce932d7e28dabb6423103d10284b3fee2521475a965f9be9360cc3a759eb68fef274753603f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a09193ac76ac72c56aaf4d1fa9efe00

SHA1
668b97472204ff995b8e5f690ec85d099efd72cd

SHA256
c59dbd7fff064a8a69b07bd56bd8be13190124fa59060107aed80aa9f5a218c0

SHA512
72087524adee5af169bf930f4965f6ed8ae9685482dbad515da0df361cda8310ee67b4dc619cb039403890a3c21a239d90b0b0d47413e0d59b4010c28bc6bf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b2ecc2a81c6f59472296b598b5c4177f

SHA1
4a4515739179089441d99048732cd12d546a4c3b

SHA256
43201d948493431c5fe82f8ccb2352a6f319d3b8c2323137172bf36d5d76b11b

SHA512
dd1e0294cf18d53c826a62bddf5d8c09b07de485c3c5b10f5b904e56500ad58deaf91cf3fea0a5d32d4bf01dfa57b355a9e6361155ec4a702d8d5d17f832c33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
41b9f8b57090ffcc99c8810b61849512

SHA1
0fb01a4e49e4049d421c4d5b8a5349d30a4f3014

SHA256
8ae197dc9472f1695365b1a8f4d64c5a7c610b0f1acfa28b5e4ea10cb8412bef

SHA512
ef16105a20601adbba92ca4bb7041196e325ca84c1a4741837431e5bbe19a2f18e56bba3150aec814367774355e8d4384a4369cf92c7aa97f044855d1e3e364c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a806c.TMP

Filesize
204B

MD5
2ba851de12d810a4ef294610bfbf7d8b

SHA1
2934f11fdf0205b7112db3c60a31338e62df99e7

SHA256
064942abeac313103bfb38a817afc0acab135424c041f837dde2aac86f0d5a3a

SHA512
e13d2648ca5ed700a9cb2771aece8b1d6568621ddc5b51a76155af1a17e7bf75dbd44dbb0a0edbbaf6059025674983a29d6c9758be9a633326c9629ce89747de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
0751f79e76eb942518d12264ef1997b0

SHA1
28a299ea844a8901a69f2419ae2987344f8d82f6

SHA256
e067c4946dd3856146dcbad2ede4312e01519f2e487975b9160350f3d5196b93

SHA512
3f37432b7664d7a3aea7ce40e9f77f2f2bddd0431e30e9692edf80b33368f3286538c902e352bad7ddc7f20e35cd47f6ed1da53649b33dc56c42f1b1ca1ed8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
68e047fa9c492f2d2ed541c27cca47a3

SHA1
a88be8359a5b23ce147e420b4f0d467d525bd6b2

SHA256
8b0a7f26bbf447caed289100100d17b7b6e82f7d4522863006b35cdbb99b52b0

SHA512
416010665aa9b54fe8dfaa31a06f4ba33dd66e3df502b21fd728217e58c02cff5ff1a1891cc432dbacf87575a131ec597d143554df3ac273b3aa1e1d3bd1a517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d530b33ea607d8b0591bb45aaa22c7a

SHA1
c098bdc6b44228cdf1926c197f39161af2026fb3

SHA256
26d3444eb2f1d7757231632b1aff150b84707723650e64e5b9f98bb392c7e343

SHA512
3606270a63869a2197e67541dcdd603d9b5646f0e944156f1402b8a0abaec42dd646303981af14ab444a47e42a18a4c9fb99bbb8df0f959310a8a542cd179748

Download Submit