hxxps://encurtador[.]com[.]br/sFZ18

Resubmissions

02/11/2023, 08:35

231102-kgzhvsbe69 1

02/11/2023, 08:32

231102-ke9wtabe45 1

Analysis

max time kernel
82s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://encurtador.com.br/sFZ18

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
3220	msedge.exe
3220	msedge.exe
1908	identity_helper.exe
1908	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 3704	3220	msedge.exe	34
PID 3220 wrote to memory of 3704	3220	msedge.exe	34
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 116	3220	msedge.exe	88
PID 3220 wrote to memory of 1128	3220	msedge.exe	87
PID 3220 wrote to memory of 1128	3220	msedge.exe	87
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89
PID 3220 wrote to memory of 1900	3220	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://encurtador.com.br/sFZ18
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f8f46f8,0x7ffb7f8f4708,0x7ffb7f8f4718
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,15642020236428677238,8615346214853259046,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1720 /prefetch:8
  2⤵
  PID:5316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4a3f8fbfd86184d9420568e94847202e

SHA1
16f02e21f9dfc9e265f0e6151c8e22a10767bdd4

SHA256
5c31e80b81eb44b3dff0c7dbe0b541cce5a67420bcaa564a54af0c31195a0dfb

SHA512
aef2a1f24b674738bd689b173b8d75ad021dbe6c5b294c5693d6f6414a71e1705b125e751e71e6b70cf38d7892d5dc2241ddbc649689e76b923a72a51e008df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
499B

MD5
f5b46e6cd6b20f2498c2aca7526eab73

SHA1
a2fa73bba5c24b8efdfbd6d972b62765b04e84fc

SHA256
db8f97300e3b58fb96f733b1f57c4762ad28a3add0ebf2e610e220b5a2952589

SHA512
58e1d5ead1877e675fd407fe945e8da5684cc75e997838b1e10f02234097862ffeed86a6203d8549691286195a60d891df3ef64d258fcfed81ae8cb67afa6f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
820824ab8841a5374f0f4ebe08ba14cc

SHA1
cce04c6d4eba9a04e7a1b01e86414ab171c31843

SHA256
9ddede6dc8c3f41871539660f681ae89cfb44a0cca7c5a1b8de4e172ee228de1

SHA512
fa8fd3228a85c01be78afce8e8a4feba1435f6f5b9729e51df554b6fb6879df568b4864666082b961f7a4e18310d9d0d84275875bd91440f49364cf5e18fc94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e60924e48748da5d34bb28d69b81576

SHA1
20402f5573e291c5e091b91895b5a61f1aaeb5d9

SHA256
2a2666a6b1567f92061e319a2e73da9674a734345853f1f88cc049b24739d34e

SHA512
d42c418335bac28553e969c58c4bd0218385168e87b6bc7fee8d941d703ae849354ab5d9432d0da0c3154c1a237a6fdab347f18a9b84bf0eededf3b3d58a88fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb030c924c3f321ffa03aabce3acaebe

SHA1
aefca40ca4e2e9e2bef433f425a5ea3d9ca5223f

SHA256
497758c545773e1c3b468cb9f37c334124d19dc74764a9529b31c54e7a866686

SHA512
96099c87e5a4eb3826a54be7a2d9cb6ba05f114ed20d6995f21910d3606f85d0f808318e059bf1ca20e54f8f23339f89c41a0cfef4de94db4c188e648f8fc0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51d81453d2de9d3279b10d844cbc65df

SHA1
8b46f488d26bbe68f9ddaa06ca521f1a9e7ff8f7

SHA256
7eb793cfc4356af5f97671ae8c95c25acc0f22f1e985bad95ab37f8a40760901

SHA512
84754194c9002e7ae319710f3e5e111b642f11961172963dfdc26eab985119fc9ea74d3fa6c34c6b8ed381c6c83785ee5ec556ab4c40016efa17e1e0790f723c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80105df8234bd81d4f542991554b9142

SHA1
afa88855f821db50f422b1ab4cc9539a0406e4a5

SHA256
d37c978aa400911c26dfeac9d1573615122fd048eae6c138611c7b41329a4469

SHA512
60e31a307de65c92a4548334e9d6eef270e37a35f61ee354aeee7ef550be8644eddac954fd79f78e0417992003a41181a461785800c4095567396402ad5978cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581095.TMP

Filesize
1KB

MD5
0b8c58ce1ab9bc104b71bff57f04a391

SHA1
c946312287ebf0576871e85b37ecab20e619645d

SHA256
6d4031c01ca980ab6e5632a7343e9b166a1058cf8ca4550418262ea903b955e1

SHA512
e582a82979e2ef460e0e1562d472a703590e5816d70ebf9de7db6c2d9930355cb73b690919fa7cbc569239b0e4620bea06d418949a3d647190632951194d75af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57d6696cd0af1ef42fd6a973e3c8b7c0

SHA1
316dc424c370ed02061d857c0d4df5f03ce4c538

SHA256
858dd12c5569ed9759585f04085ea5b1c5c45c2a3919b96ef8b4d7eda5d158b5

SHA512
2261ede9bcd1b2a3d4ea90de44ba0ee877f7cdd2bff1a418f3360c1a096e39a4c44be067b1ef38dcf9639583cafdf3a67cef364ff2d352750c08e79d830c4af5

Download Submit