hxxps://mega[.]nz/file/4ztGzDZa#rNCSHGdRn6JiN-RLsFqoCzBfXz-gJCnHjZquirr5NvA

Analysis

max time kernel
1771s
max time network
1774s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
08/03/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/4ztGzDZa#rNCSHGdRn6JiN-RLsFqoCzBfXz-gJCnHjZquirr5NvA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
1736	msedge.exe
1736	msedge.exe
3168	msedge.exe
3168	msedge.exe
1896	identity_helper.exe
1896	identity_helper.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 4912	1736	msedge.exe	77
PID 1736 wrote to memory of 4912	1736	msedge.exe	77
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2092	1736	msedge.exe	78
PID 1736 wrote to memory of 2276	1736	msedge.exe	79
PID 1736 wrote to memory of 2276	1736	msedge.exe	79
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80
PID 1736 wrote to memory of 3868	1736	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/4ztGzDZa#rNCSHGdRn6JiN-RLsFqoCzBfXz-gJCnHjZquirr5NvA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe7fe13cb8,0x7ffe7fe13cc8,0x7ffe7fe13cd8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7794384643612841832,11083016944206280527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\13c63da2-65f3-4690-a01a-8878eca38759.tmp

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c4e19c5d9a5b9c986703f65ce589d7bc

SHA1
56c97c2397316f460ec1705993da2c98e646d4ee

SHA256
6ec541740b47c08f058521cacc7bbc4be44c043889a134699d512dc7fbbe1947

SHA512
ff0ad62e0be1df1c0a532574098a3e505b3bcf416a4251454995796d522b35bac2f9fa25356a2874cc219196d385124149e64d14a89839eb06dcf3ba0a0c25d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
95119d11fa7eeca2db904b5fcdbf7389

SHA1
4e34be1a14fc313b4cae701780f17b6d6e91c258

SHA256
a8f17b36504c68e17aaa0b1c82e4a38cf8b186b88a580e3f934a8965df59ad7d

SHA512
d77866a0de07b5041e32da9a62abdda3d04bbce2627083de57edb23c605d057243b87e6ad97a6f68cf17408663bfb280b2a959576f0131842cadbdd5330a4d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e5f5749352131a023698e35125e5d49

SHA1
cee2f89f8631669f306773e77c89ab951e55b33b

SHA256
aab492c279ca7f85bf5ff6c8525edbd42103b1459e20f6b05a90d328af49c06a

SHA512
b82070d687ee8bc9545f6219777c7796b7e20d742b57c3ada7d439a83b8fcba7f6215fb6e496ec2427682d488bceff7888ce59ec2be28ce6be48edcdce7353d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bba627aade73efcb2025531b10e5504c

SHA1
232e079e041b371a577f634ffbe42a79fd1d6e79

SHA256
fb0de729704386f88e6e1552498b6c7644842908973013447ceb02da9f6c2a8b

SHA512
66766098a5afd9d57746def45d869c17357ae135509e6ad6824e40a48880700c6ce10538073fed34120119a26dfdb9fdadc7e8ffafcbd0088e916af00debe249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fb58.TMP

Filesize
48B

MD5
1d77d1b06418665d8e30b497f8867dd1

SHA1
f09280ad100dbfdd50b46bec666cce73b77479ef

SHA256
4493341f77f168c6bf44285bd8a34c21ab2b66608ff9598c0479129eb87d6d8c

SHA512
2c2829e9b24f431f39a371407e702f3d522c78e9d7b3b2875a2781964247114598853df5cc5ebe7dc82c4211b456e5854368638e3ff4578f54806e64e511fd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
1b3c95c272d818337ff9ff5fd613c495

SHA1
11825b1c1c12b89cbcf73a2568e560015ea23f42

SHA256
b89187a39237b870a05d9dd1ae6eccad0e979ab25868c0c61cb28c57195da0f2

SHA512
df1c4f8bb9adc33c8a7eb96d9a8df66e8d144781323b090633df6c0583be1acac47aa16f828178498a7507f5deddc4dd095407940815e543e9b4ec7e1c972858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8893787d9b9e9bf878777642e42681dc

SHA1
b23fec2f1b057bac5c6b519f041d2ab1abb8da1d

SHA256
3388741b39fc5e91b731e3d24e429d81d94a3aa9d817225c1784243a4d8de632

SHA512
9707e75ff144fe0229f05fd63af38c979e7501081e4cdb23d8d50416bb49b00e1b248702d9afed7bae7a2e5cc4ed2bb3e7444ad4f19f1d0eef49ac3d02290653

Download Submit