3e0bcf830d26e2c63a8a1d93e381cbbeb6186135956b1444d8189acf82083b00

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

100KB
MD5

6e77bfb3a7d77bab20b4af97d24eb196
SHA1

ff2737104796d34c3f445379df33e64a795f7d56
SHA256

3e0bcf830d26e2c63a8a1d93e381cbbeb6186135956b1444d8189acf82083b00
SHA512

a39895f9d9b3821a5e3612a55d860dcb9a9432daf87295f6fc8032b660382dab07f1b3fdfc417fd17726304b5c7da0e21a188c417a6cb7416d8962beaaac40e2
SSDEEP

1536:DQMieDocvNpQ4ijC5syx7rDeavhN6/JoGhcIZR2KL3X:DieDo5y97r67/JoGhcM2KL3X

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
4624	msedge.exe
4624	msedge.exe
1028	identity_helper.exe
1028	identity_helper.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 2884	4624	msedge.exe	85
PID 4624 wrote to memory of 2884	4624	msedge.exe	85
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 4680	4624	msedge.exe	86
PID 4624 wrote to memory of 60	4624	msedge.exe	87
PID 4624 wrote to memory of 60	4624	msedge.exe	87
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88
PID 4624 wrote to memory of 3068	4624	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dbd546f8,0x7ff9dbd54708,0x7ff9dbd54718
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14791051713082690611,13527999234960996716,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebd667e8db80b0ab07f02f3dc844252

SHA1
461bade20eebf59e30e8c3620640d6df6db79249

SHA256
d04531e41d70e7832898e797081335b3f0314b09141a01de921ff679dba41b0f

SHA512
75f92d1f4ab942c3fdd3b70542956ea246f718aa8808a53f33d52278505f4f783e4c0458e5093ea4f459e72faea431f926373883eed2ec7da1109bd7efc6fb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f621c7614503377ba83f2fcfca1c303b

SHA1
c7ec737f8e0262052e038691e5b38db37bdfe56e

SHA256
c2d2e04acc5e2cd129dd3211f73b498043051b74a2f661c1199224b37b681b26

SHA512
203e5e582007efb7d11b0442e85d4e37a4cc1332bd6367cd74b0d4b9de0d0df85757bdc66474f62309bf530841ab7a5e4c0d43c95aa416b7175129e2e2b36c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
50671d4dcbd7e1c28fa1550c35fa811b

SHA1
bb64e8a5d43a46149ad6d94e0a3aca4bdd13ba86

SHA256
3d1aa1ecd122e0d60048dcb9a60a96d458eac01f21d75bf81d0f6c26539e974b

SHA512
17e998e9351eaea13be801ba7ca4ae1e6ee454fe3a05188129f43988f615a5923425ff44b406189bf728a0d7344cbd96e643d02b61e157b3e65ecf3ca5a58686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
22e2412e495568af1042dcd4400b9427

SHA1
041be7f985e847f1a3037d591bf50ccadf6687b2

SHA256
ab95cdd96568df5dd32f736cb0d88a230cc7d61cf784d282579efbdca3d7d928

SHA512
b47e28644f0e5aacaae4061b0f2d3ccf2dd8c120989210741de661bfb54fcf17b5dd2b79d811ee91f3cc937697b80a184bccffeb2de54e11dea675638f111c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c855fb65e34240530ec1e1551fbb25be

SHA1
10b1d405fa629e324f0ec22d26026d8bc8e5369a

SHA256
12cda5c89c4af4b1a61ece10011380afb0eca4c006ecce1c3e1edab3a0954878

SHA512
f3f85a519a5ead551f1c0c5889c3daafb2b7da8497fe95c941c77c1619a861175b30823bd6e4cf3def7d16cc6a434cef4e9a3e135a55da21148861c28b2eebe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
584f20574fb1541a0bd09bb750d29952

SHA1
4bf0dadd68802f4ae9ae6f8c7dc7f521dd2b0525

SHA256
f0a1cb93957af91c2d8291d5752a91e98efcf83667e76064f229879f9ce3927d

SHA512
e77724c7d5067472b0e9f669b478699a0f42f5691e1c3c27e8e08c53f97872138e9592b24388ec37492b37f804d8815e63ed9d18646d6b720a15ad5741caa285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c78c9155e6636f00f9f066d44b855e71

SHA1
4116bc59bff697ba2a20ecb2542db7c965e89d89

SHA256
1f09775b8610b2f1af9716d7f7748c7afdabb6fce65415383d3c71a34f5961f3

SHA512
0c15d012353e70741146116cc2025f6fee4c50c7aaa495fa9d1af937d6f2a6459f9c35c9e0268d3345e03ddc0c62d97b77c91938795f60cb783b504bea05573e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0aee41cb473389974cfc65265da6370c

SHA1
8a4a0bf8812b2c6ad4604da81cb203e2dfdcfa99

SHA256
0620fb261272641e6d1968154f74b91ada22095fca793b519dbe53794c0e7f31

SHA512
fe379fc843a5785e2a3c5cf6b55011b55394a9b8839c9cbc8e58b046c90b1c862290602b745b5eb68edffb2576670f2f9543a30511c6499b002be255338c2f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d89304dae5248ce2e1ef4bee40590a0

SHA1
ad678496f84c350467e915d39799fbf8423deba9

SHA256
1ba232500d4566b9f5028680dac663d9c3d0e18f4b3ea1aa441b547f341941f4

SHA512
f10763f885bb95c890b601bedec80d0f713581264f90403577d8695553a286963958ae917c7f2f67d39c5f9de99b54c35238d8e0a1008a51a7ae5da370cfce4f

Download Submit