fdcb9d7508d6eb1667f022bb21adde9512d3fcd128fb3187d62eb64fc353307f

Analysis

max time kernel
146s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 17:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Growlauncher.exe.html
Size

18KB
MD5

c556087a88e583c60053db7af7364d08
SHA1

ef6601eedfcddbb50fb01ac2e67f343ea29d72b0
SHA256

fdcb9d7508d6eb1667f022bb21adde9512d3fcd128fb3187d62eb64fc353307f
SHA512

94dbc26963f7efda307028ba9289b363cf07a6f63ca518b0f7d5cff2107d4ac72740e148df49108f277061fe248fc84122138d85afd36fdfb16f2bcf78767923
SSDEEP

384:SoJFdlIn7xpYwuu504Y2eHYWUDRzhU3E8+UUKIz40qocmJKx83Mx:SoJdIn7XY20t+DRzh4E8+UUKIz40qoJI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
4408	msedge.exe
4408	msedge.exe
4976	msedge.exe
4976	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 3024	4408	msedge.exe	67
PID 4408 wrote to memory of 3024	4408	msedge.exe	67
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 3828	4408	msedge.exe	78
PID 4408 wrote to memory of 5036	4408	msedge.exe	79
PID 4408 wrote to memory of 5036	4408	msedge.exe	79
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80
PID 4408 wrote to memory of 4352	4408	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Growlauncher.exe.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffddbd43cb8,0x7ffddbd43cc8,0x7ffddbd43cd8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,7465230387206601969,10773532888996918790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bfba10fa6c480f99af59a64b6074ca5

SHA1
4c3640f96d8c6748fcd93c318168c0fdd2a9e490

SHA256
887d03cf55cc9222818b2e91d7486ccac2483ff1808617c3fdbb21f6faaa5f67

SHA512
b1cbae5e99edf05b1ba3bee9650e00747ef4e40c44fcb9a0c2c241c0130cc7697f8a62482cd231845bc130b94b398a87192915d32fb85afc0bf2a2c4572dd553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
654649337442446d83bfa5574a3879c2

SHA1
390eabea2d37fcebfe465793fe16f597572aaccd

SHA256
3518fd416ab41aab6aea0c11bcc82b056b7d2f2544e7fec10d30d0c49f118d50

SHA512
4e8d751dd1111125468fe59e4d0a387cb94053e7f5373ff24b6019ba924f0181ddfef9c2485030a1dd9cafb6e2e35d10809262a591908a1018e9b4fcfe4ac906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a7f378c3b935c73c204402a274927ac8

SHA1
5315d0c362f452f3521286d9a6671636553bedb3

SHA256
eb7056f8909394c2cf19443369776839810a5c36152eff368e9dcbfe0ff990ba

SHA512
70f1d7f4150e73a4c360266f69921e01e54e9a0693b8ca17eeab0e5d7ef07b8215078469310aa311e4535bb9a04ea6e2f9291cafb5a1f74f3e3de94bd9311533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45af9ace9634c8da94eda18a68900273

SHA1
8a3704c04e3add2c5d38088973b7f04e004f7a86

SHA256
37f70a90e5a5fad0a7f1fec41a55d51e7ae0670ddf2cac22ea247f7ba7f97ddf

SHA512
4b812b6867d6d025ded4f34b33e1a54826e7da1190d6fa85235be8dafb5efc577af09e048a4f881e5a4fe894f366d738d0bc2f5f199c720357d439a17618afc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
989c6485ee80a487569fb6e2fbc03b92

SHA1
53ac4081a4a151c9219213012e640ae62e54f9ce

SHA256
ab43543f3d884118c1b38181e32c64740af43e8b1acc8a3efa74f158a774c048

SHA512
9471d4a0072438a633287d780c6cbcdbe80ad4f0477696ec386efff0b1ea53f648103aa3801651bb4dfb934e7c6810a00b00f58834250c8614cd51ca33bab9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
6c8c2722fd9b3559b495c03a0bbe794c

SHA1
3c16a586fc9137ea47431209374a12ed5b90bc92

SHA256
fcc46c78ef645b5429c3d9b49e156eaf68aebdf3efdc5bacdc926231c99a884e

SHA512
9542bc5b6b3d1b107b15aeae51494533c1f46c6751c266e4fb2b3c05224865646ee37716983ea0f6512625bbd9e8443befc58a7cf512a1dcde9e339f940e80b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c9291b4dc213f1090f5f98c8d59fddb

SHA1
e54fdbc6d44d510b394defd176752dedc08d08df

SHA256
adfe8a2a8fcb562b2646e8b914e3be915e4f245c1c01ccd56711107001976ec9

SHA512
7bcfd70b8a449a6415887f10bfe95475ba26ee915fe8d6e74db2f0a1c64a04eeae0935d4060ffacf4be1f25146726893ea5aeb89221b3485b6edcd7f77e1b6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b5d0b88ae81e6de4b7317c2b01c0095

SHA1
a4d11ae1f095fd13138545bb0c3a242c69c5dcb5

SHA256
d8991bdef9ef675d9bbf804b89468169a8a21ce35ac6cf51d90960af329d3a6d

SHA512
f1403889b6eb4d9180c926971a626829149070e545b1a37aa4a0e4016e9d7386fc010692ff50e3416ba88a683d753a38ce317d14820d97ec0264838db3528df8

Download Submit