hxxp://hotm[.]art/atualizacaobolsa

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://hotm.art/atualizacaobolsa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
2184	msedge.exe
2184	msedge.exe
2648	identity_helper.exe
2648	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4160	2184	msedge.exe	89
PID 2184 wrote to memory of 4160	2184	msedge.exe	89
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 4628	2184	msedge.exe	91
PID 2184 wrote to memory of 3332	2184	msedge.exe	92
PID 2184 wrote to memory of 3332	2184	msedge.exe	92
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93
PID 2184 wrote to memory of 2864	2184	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hotm.art/atualizacaobolsa
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdc1e46f8,0x7ffbdc1e4708,0x7ffbdc1e4718
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8331314843212708418,7059924416500230261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\616d63d9-cec7-47d8-873a-5bd729fd0c49.tmp

Filesize
6KB

MD5
e65fb320ac656cb2a50d254336d0ed27

SHA1
9504e59044d25d2f06d484016c0ad9ebbbbf34a7

SHA256
994168e290e3e432c5f0f3e8dec1fe23f57c551ed131859363d457b40fda2654

SHA512
8af71924fab47e0c714538cd2e52f70f58f4f5d6d5ce9144b8822269e29b76cfc73ee77feaa87dda9fcc2c98e399b92578427bccdfce931563f91ada88e6e5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
fff86a5ea45b95ae0d3b2c85c6fe9266

SHA1
c5b0795166dd67ba0a56d317c499b0312d7ea02a

SHA256
8936aeb8ce67b9e082ad9094626d813652acda372b86cfdfe17518076b69f947

SHA512
6ab53b867358aba879556183d72290f3f14684aded39d175e7212f4075b1a86ed8adf6c7b9fb902957fea665e93447c32b473e5f7ce01511ee54ab489116f697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4386fb663d5c5d6700e3b0ac2ad7e042

SHA1
f734fab17f69ba882e8d5d7d9a92ebfc2bd79ada

SHA256
644225f7000e40d7930d89d77ee49d7a38c77cc39ea851328c62866ed8023c18

SHA512
edfe1a9539ed181810402e85973f338e9a2db9ab89661c6f721677073a2e0113547a1e6f7099fc427039c779fe9b9d03191eb25d30a854b230e62357d332e2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
899b250805a3a75a6c1afc1d76428363

SHA1
1207c9191ee02edfa6cc679ae0bcf2c037e8d2a0

SHA256
8c9f29362852a26ad8cd568055e5d6f53397ea31552e70f19436a388879b9873

SHA512
bf485328173ae179be11797fc27af592d346d47dff56762d2b259bf20dbbdcbdb9f3e38237c0ca2160266ac8a010b4f0751239519315de6ddabdfadd1d7dbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3c8c8e815b6a072103855fe49668536

SHA1
cb234c404c84987557ae5839200492ee2f4c5c80

SHA256
0048f98319bcd23594136e8f458599c3f794f5d30407a12142f171f7fc0c80d3

SHA512
6b7079e2dd87dd43000cc2771a3c75a28eb54ef87b64f222b3368466c3e99d90d2e78d93ffb2b3621373ab7b6a5aebad6bd0555e76319c4f6bf13827f551f1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d58aa170edaae5520beed2b78b2af1ac

SHA1
94ec99efc7c0dfcf0b935a2be1a9ed122839fd0a

SHA256
791b13b3b595152af2d17f37be947472a6248fd8df136c2f7676659ade8ab815

SHA512
f6223bd68d8b42e4aaecc8fc8596f43d0e57a23f2d30c7f9e4b734407dce2a01954e18e38cd473aa1f7f8e1020388a922fa4507bf67bbff7dc6a02312efebab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6eff69142a892eeee51d89d9582c4b7

SHA1
b6eee95808b049f2e19a14a30ff7944b27d2c1c1

SHA256
acbfc7261f224fbea86754d52db8195c583a9a9a861af8a4ed676b56c40cf040

SHA512
e8e0ca5d7015be90480e02dabed1bd29be2d4b76c2a24347726586e8e4abf8f2a7740c95d2225497a5ecf5636b29dc73b9dc8700f42dc60109ff2c9a367e8660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1b048cd137197469b64fcca47cf0f3c

SHA1
b958c2c9741a108d5cf3e73c7d23ba848ba8eb3a

SHA256
ee343b321720c7af232d15ae6e0314a5c1417a98f349c9e4e33acd3ab027b537

SHA512
36fd25da53e4ecf2f1ff1728d49313c7da86c5499b4e21800d81f00b09d05e040c658d47809d4e614d5568d6b263b0f2ae23e49d2a717ad2dc6fe549f65198ab

Download Submit