hxxps://tg[.]wxiskj[.]cn/wechatbackup2/?s=1&p=1

Analysis

max time kernel
171s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tg.wxiskj.cn/wechatbackup2/?s=1&p=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
1136	msedge.exe
1136	msedge.exe
1256	identity_helper.exe
1256	identity_helper.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 3436	1136	msedge.exe	88
PID 1136 wrote to memory of 3436	1136	msedge.exe	88
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 5004	1136	msedge.exe	91
PID 1136 wrote to memory of 1596	1136	msedge.exe	90
PID 1136 wrote to memory of 1596	1136	msedge.exe	90
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92
PID 1136 wrote to memory of 2040	1136	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tg.wxiskj.cn/wechatbackup2/?s=1&p=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc090346f8,0x7ffc09034708,0x7ffc09034718
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7361795819466612575,12046174439853787750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
259KB

MD5
b3faaf043cb31f27127bbeaeaaa7f0d3

SHA1
d1b9eb0c5abbf07a50433423b273eeda4831734a

SHA256
0e1663bdcaf9e76ee96ba45108fb39c4d459293150f41b1b9db41fd11e058135

SHA512
dca74bcbeb032e953656daaaf8a510d75f51d0697cd2b0a0de04a11e205b0df9d5e544737fa7057b3a6246a6dfabf4596e83b18daad81318de43f8cdd06b0c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
aca42f0bc75b18df528be706d5fa5f52

SHA1
2bba48a6b35b7203dd499d0e47566d00f457ed54

SHA256
9d2cfd266e288df69ff677165b74951c8280fb89f60a248cb7562c22af0baa90

SHA512
8c77d4177f17c51b921323e9147b9be41e08a44c383fe9cce071676c8d240b012269889c1370a89fc2493c34f510545394136931d7baf136e1b0f32027009e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
80d987277da7dbd02bbbd919170de72b

SHA1
2a951e540dfcf2778566d9d76b27a5fae03d5c29

SHA256
59f10d27bd2c88fd690e76b76cba86010b3bc9b36a5f65131f0612dc9379a1d8

SHA512
839f6902572a47432ecc1df6c9389349f51d516f56b02bf2eaca7393d45992aa7f47c3557f8f2fdc6e51ad9fad80f17bf6d6b9d2583d863ed866da1dae9b68d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4137c06ef8aba41bfb8dc2bbef824cd

SHA1
e78f8f47855ff97648fb8daf2bb2fefe32886007

SHA256
39a515d08f8d43a3b6717c915ef233f0ae353b2f7410cd4fb4ec9d81930b6803

SHA512
7b24f5124b233437ffa28f5dc0e9e0c5adcb5a816365c14f6a65cefe70ea2005fc654da7acd20f8ca4d9c0971d360883fca264dcd101525c978e0c654a8d4a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
138936ba808a93ea625aa88389f25f3b

SHA1
05fc70dbc8f83ea3f449745a0ec90982b87332b2

SHA256
cfddd9fc1ea003082e792d596f21ae096366a74b1d531243961aa5761c4bfa85

SHA512
5e05385809e5e2e9b32d7caa0bd113617e26d2e8cac6ab5627a524a87b4f7166f1895d9782befd6fba7037c94b3ae6e499a90d83af3b235af9cbc0e210fd0419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88c78096f93b0d6d9a6072de158e2432

SHA1
8b140a7b8569fcaefe17d55242632fea730da2e0

SHA256
5fd5cf6eeb25600132ef79f0d27436848730a55480a2fd4cafe5154619dc9d88

SHA512
980a327739cdd6b54daa4470d0580d990f8fb089b0dc0d16c372361034b4fe24000c55fe79e5b0f3a089867c8377af9001ed16b1f5ef02c23028e301c28dd690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
dc7e3d8fb2f7fec7e4a8204371b3f982

SHA1
8e80d97d7f87dbffb90a64bad79991ca1b742242

SHA256
2d2e120d8d437401542967b861cbbaa26bc7735d2fb2373514b2c04bc120a464

SHA512
bca1497a44094811ab7dc7f437e9a37a54c7e5b7f029bfeb031ae1d2389425c917a1fc960abd50d7d75c6446d477f166f41e3c200cfeea449b21973f3563333c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d0a9.TMP

Filesize
204B

MD5
2f66c528d919f4101e73ae4c92b14ecc

SHA1
4684201506f699ed8a596b82a2d0f82f73778725

SHA256
41c4b820415717cfeac1165f338840cc4c70c7ea0ffcc83b8b9c5003464a5046

SHA512
2cc93617ae05e5ebc6b1347385761a4537a5b991fd781ba526a473f7061398de4ce13033205291942e3f96194d1ada01717fffb45d482343002d1315b5b6d9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
59372076c24c42f6c86cc19c707b0e3c

SHA1
c7757fcb5e7f28bfbc1c38e7ef21d13bd3553d86

SHA256
ca4cd650ebde0d88a049916228b491a24f1977fb5f6b3f2696ced28ab51e18ba

SHA512
e107258a572f04d2872a033a146a8e9382d60aafead57242320977e0d65728dc8f78dc0f49aeb92df4b06a363a6feaa9895167494a537e706fc598e6caf2d7ce

Download Submit