hxxp://zx | Triage

Analysis

max time kernel
573s
max time network
485s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
02/02/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://zx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
1164	msedge.exe
1164	msedge.exe
3024	msedge.exe
3024	msedge.exe
3772	identity_helper.exe
3772	identity_helper.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 4336	1164	msedge.exe	77
PID 1164 wrote to memory of 4336	1164	msedge.exe	77
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 2152	1164	msedge.exe	78
PID 1164 wrote to memory of 4880	1164	msedge.exe	79
PID 1164 wrote to memory of 4880	1164	msedge.exe	79
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80
PID 1164 wrote to memory of 2608	1164	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://zx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a90f3cb8,0x7ff8a90f3cc8,0x7ff8a90f3cd8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,17248125153844001913,10416460776310145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5cabc17286e25c0ade7a7f050b6e92a6

SHA1
c25ab09177ad0da9ee6caf78310236bdc2cba319

SHA256
0e75f9140c154297d8f741aea07b90fc1be1b8deb79c3f204148471800e322b6

SHA512
0cc35eda0168f51e5e719ba0bfb226c9f5293a6056d47190a23377deb98244f42c62b8416696cdd13b2db6228c1c8a2513cdf6dbb1d4b59f0c1c889d1acee6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\229d93ce-833d-475c-8a40-7c2bfe001374.tmp

Filesize
25KB

MD5
68fe6f34e7d6603a3d2f4c95919f8408

SHA1
c7be30582f94d46f05338cc39726f72c9e2fa4cf

SHA256
8cba909149b2d3fc45315cf63cdb8fbe42a4b7c614347171ba00aaf859639c1a

SHA512
48eac2f55675b01ebeb28680ed9af6dcb9c558f76fd647cf05f8a7e1fa04ee57f7a8c70bc0ea882bdbca48b29d62ea7af74b76a03b09c19762e4c93118929be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
33cd4d72b2e383025776d5560e215a0d

SHA1
74cdd3d2fc03b0c2e4bb8b7ebff6549b86b2fd75

SHA256
495ff5439e7628ad8b266abb1ee13496df8f635f57ee93c2926f02900123e510

SHA512
4a7fa150750d6d6f3c9333c73fe8217e442ea3de12e086c28a8a61629601608b469e3dc308d0d7d629538ea0c38f153a29451d7545b488c27dfad18072628758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f05c7b3d3c5374a51b0e26d4f2b0ccb9

SHA1
ae11eb335afa38653fe6a008e5e0d99cdc8e8de8

SHA256
172b765e2d61d1e695b18011af2ff0c328914c44588c8246e0090443e39caa0c

SHA512
6440564dcd8eca7b2a2e7a590df5751ad1aeb349df68736ca21d7840f7710fbd734a60639510f16b2ec18c40a69bb5a59c7477ebdb81aabb0c9a77dff371d46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2438d6c575324907ed325d9934ba4b80

SHA1
6a8528f31bf0f62d3646f9c1ba530ef7b848b234

SHA256
ee3d3911ff6dd885ddaa546e46af87a4a7bbb0735c7757eaf8f1a94bf156930c

SHA512
17ec96aeefd2fb68ea6c074fdacbe188b693736a6f18bf0b8bcee6da1b9c19824f4c76decfbd7a63bb4f9fd09acc6f660fd7c62f573e4c2ea2240f06ec30ebe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0847ae321d42a1b69c4104845e23b1bb

SHA1
f41a0415e23940f1d4f5bcf041098db8f17ab8a6

SHA256
54a679a601ca526ec4f228eb5c5f10a0dccd9aee9cd09468d91bd6f0f75d4e1a

SHA512
9a48ba520e4ff4a7156767171a6826a97839c594ac12e13cffe875896751fcf0bac02c348362c5db2f8000eaf784c055f628addd16316ffc70f85e46c2abbcd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba9f6592a2f9325b83b20a0b5ea9b312

SHA1
7fb6d835c6d50163faf18cf01195ab7ce16eee06

SHA256
004eef1fd5b34de9d16c26993e755072e10e74e4dd59cdaad35dfabdf3b88653

SHA512
835926015ac974e651644fa665d22bf683e6ccfdf77674003ad5fceb9d9775673ac7a36e7398437f44c5c6f0aac965e7d99c7726c541f84a11f75208dd73339f

Download Submit