hxxps://calendly[.]com/winpeo-vincent-cuypers/phone-meeting-presentation?month=2024-01

Analysis

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
29/01/2024, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://calendly.com/winpeo-vincent-cuypers/phone-meeting-presentation?month=2024-01

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
4532	msedge.exe
4532	msedge.exe
3276	msedge.exe
3276	msedge.exe
4756	identity_helper.exe
4756	identity_helper.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4996	4532	msedge.exe	76
PID 4532 wrote to memory of 4996	4532	msedge.exe	76
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 5968	4532	msedge.exe	77
PID 4532 wrote to memory of 1088	4532	msedge.exe	78
PID 4532 wrote to memory of 1088	4532	msedge.exe	78
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80
PID 4532 wrote to memory of 2128	4532	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://calendly.com/winpeo-vincent-cuypers/phone-meeting-presentation?month=2024-01
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff9b4c33cb8,0x7ff9b4c33cc8,0x7ff9b4c33cd8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12692862798790827513,690080174419245861,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0307d75488a9def144d0373178e421da

SHA1
1e4351dd4a29b6340913848163b4df62628ad06c

SHA256
9e1bd506806510408dcb9d5e1eab6672d905780282361f2b9974ab9a9ed1ab9e

SHA512
993dbb0491352352ca89542922df735fc7b3cc0d14a4790f106c25ee9fd616d0722151d05e045ed5863e56b128c3308a561b958bbf5fe3bb87498e8a6d12a50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
192KB

MD5
5036f7c363373f5d9cc2b6519806feae

SHA1
3caf2148a2eb7c82f9aff0f3a2f4594ee70327bf

SHA256
715c5d3e3839c1b47c3008e8a89f929e60858ee379724a20775003c692e9fd6c

SHA512
4661cd6fb02dccc48a42fe127b1e88f7e794cd4eb1d8a5a8f5075f772dad63211efa349bab579c5bb81bfb2c4b1be201c6725a56f617f8913a2235e3565fe645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
7c7a7664a80fefce2768be4352cd5e62

SHA1
544621d266da90188a8b761e538fce842bdd3f2c

SHA256
88d379fc4e6c1714f1cebc2e1c965c0fcb9e545c218c35d8a726e0cf939e30a5

SHA512
3a3156762220835156e6efb043e4ad3d3b1e0e27f0c6bf711b2cab236c88a956d9388d4496b4fbbfb6b536d2f70f74f37ae730082fc80f430b320795daf05b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc7dffac6043b32ba9167f2169a284a0

SHA1
294797f3e72308e018d3a4edfcc6d31f1d6f94ee

SHA256
f2cd8b5ac5352de3b7b10533b596236e54bd6de6988928871b71ba14155f7c49

SHA512
c136cddc5fce6c8124a425bbf520940c9aee22df7823eb6bccac4e13439c175c0980d31c0ffcfdd9190cd310d31f1905f980be8ff9262b43b3588978a1ca372c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
bef04b69bc23e75ffac3439d19bb7ff5

SHA1
5ced40efbeb5770b587e88c68e6d293b670c1f46

SHA256
6d98037e46bf93af37fccb794518564161f810b30837a15c8cdbb11a88d238e3

SHA512
ad44fcce99b874e26421f93d7520b9259027e881665e38ab1427f6f415617910c4a47158f289966dd8d25a5ad4e5b542cf5b3b750ae8c60ecd54801debab2089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f59e1eec4c12dde3733a3b4be891683

SHA1
a81106200985d50bf68a380498cc6d5bcdac792a

SHA256
0584129b9798de0d028860e2d79e084cf353c40eb6a368f7f7d8fabff08e3585

SHA512
47ae135c1bab8ff0c031800f35cf1c32464779c1db507e1839f580665eebaeaaf7d0ef25042082d5b2e5d82d612dc21029ce2ff4ce8c1930546166c1b8572de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ace84d2f56d99d6b3318537be8d125b

SHA1
7af20fccd1505637d77a87fec53a4fd8a6f4583b

SHA256
db39a394c432581c6cf5b2d164407cb27af4d998bdf437ca43be05714dd95aa6

SHA512
4317898393123fde58a8604cf19d1156c21e67af8fb152c05a41ac10ae6e26dfd88b856c058a64f57d47be023d7530980f7caeb359e7ffd60a59b83fb3ab0a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c28c0c78ccbd8bdd42a1c5baabc092cd

SHA1
38fc60a0584df6a89eb8a7abdd69fd30362c50a8

SHA256
c67abe13a7e68773c922ca713f3ce7e6f01039990842f27e1735e224a005e42d

SHA512
770affc20a1a7d05ed697fc7459b953a1b30f93c99611f91d3abccff373abad407610ea5636d911111dd6a796c006e737bbfe562ed9190f4d0d00be7e272e562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d294c946f05a3680454a3a3851a7366

SHA1
aecfd8877619f52c9f9f2aabad908911cc92048f

SHA256
1885d399cfb5af71e271abfa77b52638cb2c04401cb71e51966eec6001f8cb80

SHA512
eb7e0408b8c36b6e75871512f103594b44d81ca15ee0eab04c67ae3fcd2ed5350fb7a7199f6ceb398755671e1f5db6098165e272423f5c472de9f2e62e3e6915

Download Submit