a1d303b353df28ed366a8fc944d93cacf25f328d63e2b95c30b188410a6894df

Resubmissions

12/01/2024, 05:35

240112-gactqsgcf6 7

12/01/2024, 05:30

240112-f7lx8sfdbm 7

12/01/2024, 05:25

240112-f4aqssfcej 7

Analysis

max time kernel
153s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/01/2024, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

huiziyuan.net.url
Size

125B
MD5

c5c2781c90eb13703b02246f554e4467
SHA1

e36784119e6555bf3c9bb8794fdeb1d2de2a2963
SHA256

e20696365d2876ba2aa7abdca6e0830c5e183121105a8b68cf412c4ec427ad77
SHA512

7fd1703843c9fd55ab08b681ad8e9ee8d6796eee54438ce7a8b16f042b11822032f9e2d69f658a043792f41436366542d0c08d31e802299385647abf862fe716

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
3472	msedge.exe
3472	msedge.exe
3792	identity_helper.exe
3792	identity_helper.exe
5980	msedge.exe
5980	msedge.exe
5980	msedge.exe
5980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3472	3008	rundll32.exe	89
PID 3008 wrote to memory of 3472	3008	rundll32.exe	89
PID 3472 wrote to memory of 692	3472	msedge.exe	91
PID 3472 wrote to memory of 692	3472	msedge.exe	91
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 4792	3472	msedge.exe	94
PID 3472 wrote to memory of 1864	3472	msedge.exe	93
PID 3472 wrote to memory of 1864	3472	msedge.exe	93
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95
PID 3472 wrote to memory of 1048	3472	msedge.exe	95

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\huiziyuan.net.url
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.huiziyuan.net/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffca78146f8,0x7ffca7814708,0x7ffca7814718
    3⤵
    PID:692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
    3⤵
    PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:3532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8880064613379282658,569348226003802467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
062f2039d2560bbbc651ca056354115b

SHA1
e50d7d707bba752294096ebead2bf46468615a6c

SHA256
21fffd129ff1f87c9e241368c7a79b75fa17743bb895ad4b26287d5b85a2d81c

SHA512
b25b000db807e7c19045b3801fd13c3f0e42e7da1311132e230f9dd671c745d7c9233ca2e26bd0a705bcb1f24bfbaa4b6ffde0f0164f78fb8efd440d437474aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
399B

MD5
1b3947f34b7453af7ba024c65e3137f3

SHA1
7a3dd3111f52f0f833a7834efaa8cdb877751365

SHA256
9303f6078e9da2f4a1c94255947d5097b8e72b9f3ad0266693dda0edbf4eacad

SHA512
4cd2ed91b7ac3c8c2275b50cb54c1359c7dd7bfd4ff140378a3f2c9f6c88df398e36a7cc8016ce54b20f185f12a672794c8ac50f86aa870907a677e9a6381de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5d8afe379d083dcac63a17ee1bbff20

SHA1
a94eccb010377f91665a43d9e522f93464635203

SHA256
09904c0902618253f96672c5abf4cf6f051f6bb88970e14332483cd4501c0b6f

SHA512
22d1a434bbdbb4a678f917fdd9468d8393731633be2c0ec32e871cdad18d03f78f91ba814620b432733cbe951c016c6017f2d79e07bbf138b982446b8aa9cc0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39c1d96f62816c53cb3e2e89602e57f3

SHA1
357e7b549d800ca07429e19320d2951f5e507816

SHA256
aaaa5ece59a873355e54ec2ad039015ab29f4dbb30b506af8abb2b96e171307a

SHA512
1d8f41c0dcd9f028ea0ac94609b0c877e66231daeeb88578843d10f774231a4abcf943aeda139f52b5effac5ed317b97f7d188fffe354dce3711bb34d1e1d423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe1d748546e0d2f24db19d6399568aa4

SHA1
af68ea68487b9ec79db0741ef601f9a59af4bfe5

SHA256
c77038615201c66d25813a7bd0bfb4e7a474dff77f77d09b8eeec001d458c61d

SHA512
aacb8f0a19fc59e6a6889d4b7d60cf0fd9ddc05592ad0f68c20ea37b3e0373738b3bab0a9d421288712e5a09f1c1821a87cb65567dc0e81232fb097198f4fd46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
ad06733434b53a6bc81f9e6066f2ff79

SHA1
a8f164a47d4787699b0763147cc45216bf31701d

SHA256
ec23de3724a5fc402641a2fe733fb1c1f770139f99a7a342946bb61cd98f0c29

SHA512
2614c25709902d94a37504ee29c033df061dd906d0a141aeb9f1a118abb26b6dc9a9c153813c383a044abdbc85c9a658eee96122523b3a198e48855c0ec186ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea41.TMP

Filesize
538B

MD5
8bb1337369978f251bcbc6923a8385fa

SHA1
0aa04276eb59f629d3ba9a54cba70531c3f63437

SHA256
6610860ac0b4bf9b18d73de89ee596d4482f375e24c11235f138e8751b7f33fd

SHA512
c5a4bb7314e4af800f89643dd7407c8bb2e9331d8728dc39a4f7909f8e191f2da7db489daf8a4a49b4804431ed1c6fd83ee48514868907e85653a413f16aa847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b706a4385613b5ad8d2e5359faff7866

SHA1
2c00e44f12a065f61b27624e6a525bc7451fddff

SHA256
c246cfb713b659bf9b0216c5e76bdb94b2e23986975b0827839bdf4352736e38

SHA512
eb8586f3d2a13a4fbfb60a4bfb409a509e326f5aac94e77e3567288317c69658603ace08709c6624c8e28fe1f52420591f0ba5402029d2f2e085906ece2a9d1d

Download Submit