hxxp://www[.]flyingstartluton[.]com

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.flyingstartluton.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
2928	msedge.exe
2928	msedge.exe
3080	identity_helper.exe
3080	identity_helper.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2604	2928	msedge.exe	84
PID 2928 wrote to memory of 2604	2928	msedge.exe	84
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 4672	2928	msedge.exe	86
PID 2928 wrote to memory of 3160	2928	msedge.exe	85
PID 2928 wrote to memory of 3160	2928	msedge.exe	85
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87
PID 2928 wrote to memory of 4068	2928	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.flyingstartluton.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ff815b546f8,0x7ff815b54708,0x7ff815b54718
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5779763195822301850,10643276684859111855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b538abdf13eb59916a2503b7336a5319

SHA1
8199a954deef3b911951f946c5e79a13ad6c09e1

SHA256
b1fcddcbcb306117940dd939e3c26794eb8f0dbbcf1dd5bafda2cca2d6775582

SHA512
64bf7eefe5f28e30529ce853804e145252e6296b9cb2518bce8408053e6080219750649ea5aaa624f366177280126b0bef90fdc3ff1b6e02d6c83e380d34b861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61f7711e8a6c7bc7fded3a08f7d73506

SHA1
a432c1718a6ffcb5dbb71f0a4c0b1002e6b27478

SHA256
b70fe8b7da2ee309c56bd4380506b6c967b18e2b7de2b21b68d778975183a7d8

SHA512
d9fb7406fb44e75d35fe920f4140fe412121dcb57b20a6d2c97f95f527d7261cd04e8164219f738fbc0f1d4b9b4c9a40fc606b63a832bbf67c2e77615ee95eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19084b32213be4ff657f8d040bfc49f5

SHA1
45c083d6cd3a12d1151ee02e2a930fa39ae3e3f5

SHA256
a2be752c31c2ad0b8147fe70ef94ee00b802058f731617077b01c8c8a30dce26

SHA512
37b3bc8417bbb3c27b66bb6902ce9ba4ae64329364fe42186b704424e4d16005fd506442a34aa3f8ecf2c3bd747473b13b0f56c31741958b91bbdd971e8a261c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8eda82374a78e765359aad437ddae5d5

SHA1
2ec64453c14a64142fd915719e9057a8d2b02228

SHA256
029415f00075ea024100a237ba9408e1650fa9c2b7cbc7b8c29f63c9953de85d

SHA512
40452af66413da381c7e90953b5e075bf72c8b25c30f14b01bb4cf943d220449c9248dbf0c4d867f2c3afeb1a984b1b063e8b436faf12d09a7a16d44cc663bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7a4e10a402cec26a929a635db9d9efc5

SHA1
e0ffe2602696e96594d20aba1bc24fc6ed0381d9

SHA256
6b73cb4eccf4c56e3d829a45d2555555c78f5c2a3ac2462d5111edf82f12e74c

SHA512
e97fe3bb8cbb0aebe5fea912814e98af03e1acc43227df77a2bc4c5fb80e0b134bbdb466c511a7d4f307972a80faee42c15cf0bdd798cf97f89da4bb860d2b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7c09ce267fb3a6cd6e71a07f97378274

SHA1
c66cdf05c04a29a701a71c121427441a4c505526

SHA256
dce972371d150a904d2cb22a134c552f0f4abefcfa065ec7ad3f0465402c669c

SHA512
55838c944c22a039a8e0fe39ebe58ee3abf7e0d20f2873de1a00ebda529ad24f49b625a188063cb8207fc326de46922881e678ad56e81df0ee264ab74914f78f

Download Submit