4aff974db2413e19562609cfa92f7a0c22a1f392c6b44fc0305740f79f323e9d

Analysis

max time kernel
153s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Funshion/SoftwareDown.url
Size

67B
MD5

a050daf469174fd816ca3df488a72400
SHA1

f681e601e196d9f0dab7733d753fb920db35fe08
SHA256

66891825360b4e2c2501918947ad0b1c772da0f22de62096b39a62d1cb8a63de
SHA512

5234711ddca05ed479bc59f1fa601fe50d49409c92facce6319ae1eeef8ed5abc1c60e98ee1ed670d7b3e2ae12372d28e10e61cf78595b33f620e83449746089

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
2480	msedge.exe
2480	msedge.exe
996	identity_helper.exe
996	identity_helper.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe
3832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 2480	3804	rundll32.exe	83
PID 3804 wrote to memory of 2480	3804	rundll32.exe	83
PID 2480 wrote to memory of 3876	2480	msedge.exe	85
PID 2480 wrote to memory of 3876	2480	msedge.exe	85
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 3428	2480	msedge.exe	87
PID 2480 wrote to memory of 1672	2480	msedge.exe	86
PID 2480 wrote to memory of 1672	2480	msedge.exe	86
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88
PID 2480 wrote to memory of 1740	2480	msedge.exe	88

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Funshion\SoftwareDown.url
1⤵
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://movie.funshion.com/download/assist
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9e0846f8,0x7fff9e084708,0x7fff9e084718
    3⤵
    PID:3876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:1740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
    3⤵
    PID:1676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
    3⤵
    PID:3684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
    3⤵
    PID:3364
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
    3⤵
    PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,772782137867249427,14757432062009294636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a48921aeaf38cdc2cba900209393408a

SHA1
57c4ecf6d92081e5b9e2ce1c9b9171c4ad154045

SHA256
2ae1045957a97906739c1bb72dd93cadf4ab5218d4f6fa622693a71f7f35d58b

SHA512
d4aa28f5cb8e82c4184bfde5118a0dd498e46277b7945584fef7922fb92faec6edbc3b91221f420ffe2c5cc69631ebfd9aa61b1435c1d61368692e97240242a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8cd8301ce4069e1c393fefc78cb0c057

SHA1
47606a3e5a06603f12e8afc81d7533a2a03b1805

SHA256
38d7fa55096868e250204b2ead398f27150c6beee8884d4884cf76849063aafd

SHA512
f799b457bc43872e53011d225bbfd7422e6fa5fd0776d3a454c1a1d21c63b6ab65aef356b002e6b0c0a8d14e1ad777657e0986f11544bb4631880a0aab4f20dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb8399df44f5623fe0cea3fbad26c53e

SHA1
1886c913cf57ec1225a36313637f7a83a018c685

SHA256
3f063561bf14c11ae57f947f4ac592ba4099314298d62c06eec6646fa783ac78

SHA512
394343673015278ec6ed3855f16c6ba9e2d3fe874266e45d9b31efde24e4d43ebb4a41bb23a0cc974f327c6e9d4aa6982fc4f4117bdb8d71c3e701d1d6d6cff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d6ce624d2ecd5f95fe9fb20a3b2f688

SHA1
678d58272c8de228c22c6b50964be291cee67644

SHA256
b468a4fcd925bd92017b97f8c8ab49102a4a6ef501aeb756d0b4836fd9f89358

SHA512
5533669649db0c3d7e180e106afb8a56dd13408745b886d15465adb6d9424bcf716d7ceecf3b5e41bbfdc78ad21ae3335a13b593e0353b7b931d53a4aa4f5eb8

Download Submit