hxxps://mandrillapp[.]com/track/click/30342135/domex-online[.]iplus[.]com[.]do?p=eyJzIjoiRlIwVkVtc1RRYTVlT1JkOUF2VldUVmN2dUJrIiwidiI6MSwicCI6IntcInVcIjozMDM0MjEzNSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvbWV4LW9ubGluZS5pcGx1cy5jb20uZG9cXFwvbGctZXNcXFwvdXRcXFwvbWVtYnJlc2lhYWN0aXZhY2lvbi5hc3B4P2NhPTE1RDVGMDdCOEJCMTQ0NzBBRUE5RUE3RDYxMTZFNzc3RUU1NTBCNEI1NDNCNEMyN0E1XCIsXCJpZFwiOlwiNjA0ODYzYWE2NzAzNGY2YzlhYzZjMTk3ZDMzZDVhZGRcIixcInVybF9pZHNcIjpbXCI2MGIyMWYwMDU2ZmU3YThjOGZiMWVhNGM3ODc5ZDg4NTYyZDViMzliXCJdfSJ9

Analysis

max time kernel
51s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 14:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mandrillapp.com/track/click/30342135/domex-online.iplus.com.do?p=eyJzIjoiRlIwVkVtc1RRYTVlT1JkOUF2VldUVmN2dUJrIiwidiI6MSwicCI6IntcInVcIjozMDM0MjEzNSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvbWV4LW9ubGluZS5pcGx1cy5jb20uZG9cXFwvbGctZXNcXFwvdXRcXFwvbWVtYnJlc2lhYWN0aXZhY2lvbi5hc3B4P2NhPTE1RDVGMDdCOEJCMTQ0NzBBRUE5RUE3RDYxMTZFNzc3RUU1NTBCNEI1NDNCNEMyN0E1XCIsXCJpZFwiOlwiNjA0ODYzYWE2NzAzNGY2YzlhYzZjMTk3ZDMzZDVhZGRcIixcInVybF9pZHNcIjpbXCI2MGIyMWYwMDU2ZmU3YThjOGZiMWVhNGM3ODc5ZDg4NTYyZDViMzliXCJdfSJ9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
3796	msedge.exe
3796	msedge.exe
4240	identity_helper.exe
4240	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 4044	3796	msedge.exe	14
PID 3796 wrote to memory of 4044	3796	msedge.exe	14
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 4576	3796	msedge.exe	89
PID 3796 wrote to memory of 5104	3796	msedge.exe	88
PID 3796 wrote to memory of 5104	3796	msedge.exe	88
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90
PID 3796 wrote to memory of 4612	3796	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mandrillapp.com/track/click/30342135/domex-online.iplus.com.do?p=eyJzIjoiRlIwVkVtc1RRYTVlT1JkOUF2VldUVmN2dUJrIiwidiI6MSwicCI6IntcInVcIjozMDM0MjEzNSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvbWV4LW9ubGluZS5pcGx1cy5jb20uZG9cXFwvbGctZXNcXFwvdXRcXFwvbWVtYnJlc2lhYWN0aXZhY2lvbi5hc3B4P2NhPTE1RDVGMDdCOEJCMTQ0NzBBRUE5RUE3RDYxMTZFNzc3RUU1NTBCNEI1NDNCNEMyN0E1XCIsXCJpZFwiOlwiNjA0ODYzYWE2NzAzNGY2YzlhYzZjMTk3ZDMzZDVhZGRcIixcInVybF9pZHNcIjpbXCI2MGIyMWYwMDU2ZmU3YThjOGZiMWVhNGM3ODc5ZDg4NTYyZDViMzliXCJdfSJ9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc160746f8,0x7ffc16074708,0x7ffc16074718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,11177254388025277692,12754598782395142287,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e1040b78d255bc35d2ce251ebd39f57a

SHA1
c5430e9014834642395005ee0bf228e66c2fca12

SHA256
824ffc8a675192144f0cef60702e428c223c56b8dbc210b9706eb5fb6ea9dbb2

SHA512
82319b0de6257a8b94dccce8c655932968de5982bc2939f359006cf988d360a58d10ee594e44de18d843b40aaadd3315b66a8575096916445e0a1092bfb701e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39679d2f75304ded1a096222d5854462

SHA1
e6e88fb7b50a351707037b7896ffc6b8ad4b30b2

SHA256
d285be6af044dd57ac759c3feb2cdac8c56bb5d8bc9ece886536877bed86e87b

SHA512
4f4de2e81dc1e001b1ee5680b0a034173aaf93820f5a2864f4e4d819a03f4e04022db6a7581b2e9c1b30ebb9be5c500b6beb726af3589e04de6402fde7cff031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d32a79ca75945905c5da734f428d6dc5

SHA1
891075eefd3fb1812341e1a5e46c18351eb1265a

SHA256
dfd027519ea98e195994cad2407ffcb405379a2001299f6fa82a1aee520c21d2

SHA512
e42a28e9a9e41bfd8850688ff007db56b425d7d733963a20177b8c6fc641d7d00a2e0567cec861cdb1b2a441a3e8a6973cd88873b433a8cfd4b108f3701d7a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2c1e3d9aedbd8905d7c760b7a92ebdf

SHA1
c9e84652beae3f1b6ebf173778cd4e6171cd0c6c

SHA256
c0fa8c451dfcc94855d90f82820f11edb9ea46acfe5b96f4a7a1e564a7c32947

SHA512
4d39415b6bebc78286999923d8c05a51faedf4cdbaee45d72e3f868699f5f8cbf0f55c50e8b4c285e0968e8b34de77ba5411e7a628a84ac150a41bc351e28bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e17893c478e8d7c0536f3049fb8a804a

SHA1
7472d6ff0f58ea75e9c287e358d3b150ceaabfce

SHA256
02fde8547f2808db12f2cf9bf716a2d089fcbbcd836984de70b3760e034b2dc9

SHA512
aa7a5068dade329a778479b0a05398ff4fba3f8fa5919d11d2f8ddd5555a97d4e310735c93bc806f96a4fab63efc155138035ce1bccc31aa0006cab13a9a4c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0aa886d6e17ed4d0a04f8cb6b125cfe4

SHA1
76f2377b1a9c1d9131e126215138b035ac3b9e09

SHA256
394108e1c5d55637642b22409cfa57ba8f091e5af570bea5cf34d89d6450619d

SHA512
54e5701d7eec68c248af41b9bd534424713f98faed5a10ce3203970b589f51926e4c1c28dc0c41ed19b1d84a94c5a4c371cc2e6a2a022cdbf5f197116d6634f3

Download Submit