hxxps://www[.]wsoil[.]com[.]sg/

Resubmissions

14/11/2023, 04:34

231114-e69ggaha59 1

14/11/2023, 04:25

231114-e2dh8sha46 1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.wsoil.com.sg/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
4408	msedge.exe
4408	msedge.exe
5460	identity_helper.exe
5460	identity_helper.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 3388	4408	msedge.exe	33
PID 4408 wrote to memory of 3388	4408	msedge.exe	33
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 3684	4408	msedge.exe	90
PID 4408 wrote to memory of 736	4408	msedge.exe	91
PID 4408 wrote to memory of 736	4408	msedge.exe	91
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92
PID 4408 wrote to memory of 4452	4408	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wsoil.com.sg/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef57246f8,0x7ffef5724708,0x7ffef5724718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4966653481855786210,3527807972676115492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
6b8fd2cc58655596b12515feae7c1b08

SHA1
829115eb6be248df95b57fdf9aec9fae2c6ab772

SHA256
7b8c1bb9c89e077ab3892870e607a667551a2b7cd4c017b6ce96851c7f4c9a1d

SHA512
ead5fe4a4b13bb8a31796397f5af3f760dd5efa2465ebff1918eeb90c956335050fbe9fc03ac00063419b574729b3a50cafbfbbb32daefae630f2529741d8c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a3412e0303019285539f96bc9ebfbf1

SHA1
11bd1a9ba9b2cfa106ace47dd4b68a7138718f0c

SHA256
6dff83cf042c451583164e95ff5378c8668082bd411cd6569dede669d8fe46fe

SHA512
b35e4b1a41446be7bea2f6ed9a4aa06339564c1d446ef29cae137f7c750fc41bfebe36ecc39ad5aacb34cccbf822a5275f15846f9d41883d6410dc07105d56f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9bc50cee32f40010a976fa0e9cb73361

SHA1
a4b388beb3be48114d55361f991596ff62b77608

SHA256
015e09cd3fabf74ed856a8384ed5502c290dde0d9099bb4455cb9df5a50d103c

SHA512
386ef199cec1b408bf6f2e42e18d6e51878bff6577e0a885e85e627743ffbed079ce4244572dec91d5b8ff1610bd3745b50ad4241dc149ba8b03c741b31d9d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4679270a9577366dc9d4d87bbb416784

SHA1
53c515ea68da11a39c727558cc8d18b7c8395efc

SHA256
dad3073d6ef5818c4eeefa786a5501113d09c2d92e197586d26cea7bea6f6af4

SHA512
1f4a9e0a0da0d787089e5bef5e48acaad1c92e037224af1b7fa1ab200a86572fe436269bda0aa17e8fdb3f9a02101eaec3cae61299aaf4a3053384eb06794636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
918f6ea276ee90b1d25ccf827ffeb42c

SHA1
dc998bb637f14a22af0842a70809fd89342d7290

SHA256
26151c82272f6377906c5bce43dff7ecd6adca4fd716c4dc66d4af6270eab683

SHA512
6df01e21f3c98ced013ce2c0245ff866879100b7f2f24a7d054303b206876b0c4359ed17543ae91606fabf90d8ae6e038fb4704fd75b1b8d9449457030909fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c4b71fdad953e672bc506ae313b9de8

SHA1
40e122e4abf2e6a72530d7085a665f05eda44b7c

SHA256
3d61ceb31d6f27e112a1ddd91e7657775536c2f78fd960f26986fe46af1dfd8b

SHA512
45c69a102bcc8013d5763c5d280588cfdbc039782c5ded2ff89818e7894a99f41386cf1ea1b0f24a9223d2d1e0edcf1416fb7fdf785a45ded89e7670e9fd0429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e7e59c0e03407a8088b26dc7fdc5e9d4

SHA1
dcc64c166fa7b8efe1d1850841a66387b594040c

SHA256
c3a8d3bff3e40fa7db4cbd9f4b639b671e282142d2c04753c9ef1241e75aa235

SHA512
d9b6b315248b54b43ad5189955e914a210f39498c44498125a45c3b562f5b851207b2c5ebf14c82eeec16975844eca02253af631bbb2a5657f4fd0d6ff5a172f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9ba72919df38ea9ee6a981c17c6754da

SHA1
da8fe04346c7000df6993c8702f25c3b837bd314

SHA256
123990d276ce65279f60ebb94d27f5cd3da9e71de6522f7d359c77c3da744882

SHA512
d45ac32969363968e1ff273929ffe621745729ff553dcb1a723524168594010ce0f14c398b1eca5d7c460341bd07ab6e3f0ac6469b8918b9ecbda49a7f66976d

Download Submit