hxxps://pape[.]sharefile[.]com/mail/14dcb264-32c2-431e-961e-2880e8422ee9/0980111927ec0463

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pape.sharefile.com/mail/14dcb264-32c2-431e-961e-2880e8422ee9/0980111927ec0463

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
3172	msedge.exe
3172	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 3360	3172	msedge.exe	87
PID 3172 wrote to memory of 3360	3172	msedge.exe	87
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 2424	3172	msedge.exe	88
PID 3172 wrote to memory of 772	3172	msedge.exe	89
PID 3172 wrote to memory of 772	3172	msedge.exe	89
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90
PID 3172 wrote to memory of 4628	3172	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pape.sharefile.com/mail/14dcb264-32c2-431e-961e-2880e8422ee9/0980111927ec0463
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b73146f8,0x7ff9b7314708,0x7ff9b7314718
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,315972093901705832,16423548063993216184,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
148KB

MD5
29ef820a19ddb602d6124b11a7ba4194

SHA1
6c20109666a8529903efe48ee1d07052bb226996

SHA256
32d81a424abab185672031b869338398382dfa7e75db3cc920eddc24e1bf7c0a

SHA512
17070e0b8ef771b95a04b8f646ee09341f64c982dd01d1ea1bbff9fb42e1f2895d7b28437455924accb0a1d0686f4fea0ff53e88bd024f99a914d035c382eb74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
777ad5d97643935c19c0f452a0310787

SHA1
9dd6a006fc229874bc8d2064b6476f3fb5fa644a

SHA256
984564500cbe2ace28f3fb8b366a6354ddca22e2b73e2c689695aa3398f76c01

SHA512
4bdf51fddda9d8d4a00fe8ae3300265ade32f809448a6caf35698d0285182ab955c008429b95b05d10e37a5464ed51e1c9e06aefcc447ff5c56dcd56aab06dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
51d049f086792604ec8565928eee3f28

SHA1
4a6370df53b51733079a580a9e395d3d06e70047

SHA256
dee28eed622c7caf68e32c1eafd573362bbc530c0f4a5b370e189bf9603bd9ba

SHA512
471ffeb3f44de550167088172d613f83221e930284a319de1ccd240806c6ab3862a32bfcb94e293fc0660c57640a4872a58e7428e30c6d19d22d05aad3392d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a61e5e68d8b8bc8719454311d71a6eb7

SHA1
477a53ba49ab8a3ca4bf1f25764380772763f63a

SHA256
37b2cd8ba03830903593e24609759ecbaf8c05c551e92d9dcfdfd90a7c971ac0

SHA512
e7c6a8b37c15063b2cee60d820bae58e8407a6f09118ee83d3e2ef0610e335799463815dfcdaf5b027a88becb486aa4d4f5add161638b68c654b4b847ef082a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30e7a63910e060200fe81e820a0a782a

SHA1
effcb774acf9f796d8e4118ce66806fb006e871b

SHA256
86ce65760bd7c85c9846b961eaa42b597763d07a51a99d9a02d0f979e359a1e5

SHA512
ab978b93105107775becc18f4fe403061a75ba055040014f0bf5c6adc59215323ae42a228a7f87f579ea65ef3f3cc1b5b6737cb02c341c96237e8bd3407a9dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76a3a334c3f4c56b561dbd2619d16a7a

SHA1
2836597428b51a9cc3c947dd5faf252570ab4935

SHA256
d3d238bae13adbf87c53bfef4cac22cf70f05820029be077b4d589a2de5b6e1d

SHA512
eada00dd8e4f559b3d301250e199039fcca77266d6d88c271d5a173cb837e4ec125ac66ff59a2130316d1f550bd4fca161d189ba595bb3896238461c41c48872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
df9ccab938593968ba96897616c90e74

SHA1
38b537380ba96c22d8121946dc7b58d2143db0f4

SHA256
702a4a8899176059ab5c918430b9ff43de7ed16a8947788876ed0a0167e199d5

SHA512
6bf17ef3382ce9166d7cc742138f6a5c97c1c3dd37f072f51430e995c11ad2fc88a86c1dad8f13a9ccbd8f026d060ff1f2c6fb8939ab2cd4cff660500b0c3d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584ce3.TMP

Filesize
702B

MD5
4f7667e307e3a02a722404657f23adbd

SHA1
0b9fa4198db975800448042c81885e4e67eaf6d9

SHA256
f0c07355fa6f09b5ef0ff215d77d4e1f6e52fa43877b28a962e047cb90bb3edb

SHA512
59da01aa4eca08043d37bd85dd5a35d8c62e7e3129a04ffe95acb415f4e0cfa770e37acb856b5bf8c322253e6cd9b6071c87621f93b4b0a241136f8d2ec7bd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af6f6d22af2d6913e7d7b2693bcc2917

SHA1
989f3c855547fc9d5e96d44327f0574649af923f

SHA256
6634439388b62594bffec9fe0bfb56102c2322adc8590bf674e7648504dadfd9

SHA512
a1785c4bbb35542f7023ac6ec69e749e4781f4d69c5b8d26bad20b3963e93bc48194cd921fc1f03d04c5493f80924c5ac478a0dd2c70c28d0d56692c663e1cc3

Download Submit