hxxps://banruralvirtualgt[.]biz[.]site/

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
05/11/2023, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://banruralvirtualgt.biz.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
1460	msedge.exe
1460	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 3208	1460	msedge.exe	86
PID 1460 wrote to memory of 3208	1460	msedge.exe	86
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4320	1460	msedge.exe	88
PID 1460 wrote to memory of 4432	1460	msedge.exe	87
PID 1460 wrote to memory of 4432	1460	msedge.exe	87
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89
PID 1460 wrote to memory of 2016	1460	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://banruralvirtualgt.biz.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9013146f8,0x7ff901314708,0x7ff901314718
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,9798560148761455448,4213830862127869480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ac4b47dbf99137ac3fecea04d5ac6d96

SHA1
57cf68037a4f2f7973b7cccd628f8e5f374b8ff6

SHA256
4bd465108669e4a7c933f51a0fc45889f9ffeb3509b3e8515b86b6b1bd704599

SHA512
46bb9a2888f0c9ca1eb67c200561f0b49e4f66ce29baa0fc936347d710da12d5feaecb14171a7446770ce9faeaf4ccb653974403ccdd2ba988a373682109cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
510fbe3319692c626e84c497ee87dde7

SHA1
5d17c6ffb95063dce802cc02e909b0d4f9e56aad

SHA256
0106153f40a439bc1c82161ec8976a740f6f22b8c59e22cdcd754486a92bc6e9

SHA512
fa1af63a16cc1ff3c5b535edac080c13ecbb1632d053ff0cb8d1177bb650c9704a33cb285426c9222d2f1dca0989e466bb7ea6f8c377df203ab9b4198d46842d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2fcee414e49442293cd9705a8cafc12

SHA1
fc474bcd747b9dc0e7bc14b0f4d0e5e23091c0fc

SHA256
f93aaa69bc5d9fe63e8efa9f9c8601a0f1214c891669c8ef0e68cdd73139fc32

SHA512
5416abd9c7729977e15df7309a5b458d2f4a8c330d3a717f0eb706dbd5089c6a8abc4f4abfd4d65dde7c69de627a10393eef0f275cb58030d1e68a2035664031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b256464b469017bde5f281536baf9fe9

SHA1
a237e4e8670c7d81b94d933819be912407cdb177

SHA256
b5806e8c56ce863402b72c8f5ced03ae58755e6d8439d6938eff2e88b187bf94

SHA512
a3919d7936e6f1c3046ce84094f4969040bf193a4ccaa8f80bfcff1c2ce008912a8bcb9974d1f9c986a148f1b8e23830c5104175860b1edb24b00ff5516c90f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
72e41da2f6cafeb2b7cd93577b7a71ab

SHA1
149314ec35eccc8056f762bdd33ce953b6d2942c

SHA256
4d0fb34a569be781692a8755bada989e47bf6a82fe5e767fad9c7d01aa7bf61b

SHA512
c122d84d773ef6aa90983e81853d95a732d640919d08aaf447babe8aa2b770422fd505aa72ea81e5a7382279f9f9686fb4fa29df34871b1500ffb62117b77645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
c4428759895f20c9c1ce36d20a60ba65

SHA1
2decb5485407823bb796dd3e84c87e7dbf9c64d0

SHA256
e847367eda33cc3158153bef1d812b91dbfc59c0fae27233b9b02c04bc1cbf1a

SHA512
8ea729657085e8404300b351017820879edb7fd6a63293e845b7f35e08c0084b9a205fa6d09d6fc9f38563fee7980963eb4f84fe85c2b42894a960c0f25bd511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
802a1433ff9082654ecb4bac78efc3a9

SHA1
89cda98373191caf65c67b9b757319b2c4c8b44c

SHA256
516475eafd528abcb0d0335702a57b12ce8101696c73b5f9c3b59dfe290b5929

SHA512
fcca753d34855e9bc7421cfee94e0607ea961c516554e21911ab8245f1b828647d2c12c0676929ac4a1679fa42ce5a5bd75a3830b6b1a753c4af5087a69eb363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583841.TMP

Filesize
372B

MD5
529cfa2f7a4293fb78c9ed7ceb74c865

SHA1
2b49aab2824e966a1162336bd7747e9f0dfbeee8

SHA256
e1413e2f4a45fc2ce141d451ce017ca1c564286f206b42692552f4527fe261a9

SHA512
65d67522ebf9c13839d8098f7965ed7db53e7111257c27c050487cf0e949cb80f7cd4f5d333a526f1fd5bc58d232f4287893a7f61642dab8bacd65d5f55d6061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b6057187d73bce326212dc670fc8b403

SHA1
b76ce91f135712822c8083fef75bf58abec686ee

SHA256
7046b0d801400fb53cc3584749d9c03e90756daccea4c14ce41a1678e68a64da

SHA512
af81015e7fca59ac368714cde142e07a2aac01f4062385123d7ada5f3ee6f146f66df3908ff3acd1437aa6c385b3196b27d5aa94e0ef575df09394e75eaa4613

Download Submit