hxxp://send[.]cm/d/P9od

Analysis

max time kernel
112s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 15:30

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://send.cm/d/P9od

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "57"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
3688	msedge.exe
3688	msedge.exe
2144	identity_helper.exe
2144	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4896	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 2168	3688	msedge.exe	43
PID 3688 wrote to memory of 2168	3688	msedge.exe	43
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 4700	3688	msedge.exe	88
PID 3688 wrote to memory of 2776	3688	msedge.exe	87
PID 3688 wrote to memory of 2776	3688	msedge.exe	87
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89
PID 3688 wrote to memory of 2628	3688	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://send.cm/d/P9od
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb276846f8,0x7ffb27684708,0x7ffb27684718
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5250230427478538344,13296033519611851254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2980

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3907855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8b523440568b6a000281376c6770f1cc

SHA1
64d67642497d8f45ab42394baaa91125a6160ca6

SHA256
dd3a1e1900e44ddfe501852034942f713a86e5e1807327ffd49d096d5707157d

SHA512
27e0eccfbcabe04f6e3f30166fb855fe693f2bc8acbb394a38ab5d1b95be270c0e549bab2ad8aa4edb981412bfde866c34773b9f3fdebd3ed8ad372aa77d0c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
a7d014a865b2bd763be925513c0a3f2a

SHA1
533ecadf1efec65e023f2a48b238ca468f427e0e

SHA256
73244ccd848feb5510dc507d67d2682f0c51494c2ddb5837d554cf62d9bfde20

SHA512
7aef08a90a368c8535b6787fa4b5b75d77cca4700f1e3292b63c520cf8000b0af87793622bc9051bcee173258d3b3d5feccfab1a09a092c77fc4b0e4619f5035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb92a0171cc291226c52ec225ed64ccd

SHA1
042e8853167acaec472204b5ecfc7c1f7894f39c

SHA256
c459f649cdf27fa56226ef4bf73307b1d941cb2d388f0c95f9edab8620c3c8c9

SHA512
674b0ac624eb6b22a40fb2bddc3aa2ceacec97c52c649e66337eb1040e081932edd14077920efdbbe5357b189779c7b0b10ed77b8ec9fad4bf692ec23453e3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f04288681c43ea4c4ac396071ec63f5

SHA1
d45b154b4349bf5ca9af53afbfb88e621edf3073

SHA256
48307255b6e8c8a73c2744591b67fb2b77bba2a893c5870eb4da86c4e0c6a445

SHA512
8dbc1d1da4b99fede532a0d64b0a7d53b430efc14fd3a95cf344b0911baa65a3ba310e343eb868183293e2e8d99897c173acdad1e20b69eb9a89fdee2f98802c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e8a9bf11-ac75-484e-9215-247c3343b7d0.tmp

Filesize
6KB

MD5
ddfd84792aa42276baae47cd174327c9

SHA1
3e425769f9e2db8cb200ec449572aa8be77b4b08

SHA256
c9c166085c4b8e7b03f1b64a76d5a8365c0b6ceb7da4f98e74e64030d3941f08

SHA512
fab07e7263a85d9a975ef7c5d15737f7c9029c480fdd8c3e5937bb5b66dc92f8a2d8e03a5579f632682623c73f0270831e900e2c255dfcc541a8e82b08be5010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fae4b66d8c67d3e106467b600840123e

SHA1
20ee289d5db211fd5e44fbbf93460c0fb6732049

SHA256
4437c511d4afdeb29a438835df2141c926d4046c06b33c87e9e971785d324bc9

SHA512
731740e7eab3969d2f040dab12f430118dc0133902b9312e59994e1e8f516a7d86c06fcd1c4722b5df760151b6ea64252bef4d16c3891d1c6592f84fe3f0c817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60b1aadb24124b78bbd01c8bd3c32175

SHA1
616be23705af5d809f9c3339746a9e295a19bc17

SHA256
e7a00e6f7c3268a30b5f3e7fefeb4bb3c3962bff55d7489a6589d4310a3153ed

SHA512
e5aefc83a0b7bb28c93a2c7c6bcc8bf9a66a84c4f098a8285eec6271959ddf82d25c6fa561816a27de59e04db0c510e05b40a99ad1309a7a31d5b8d7f751a70b

Download Submit