hxxp://mrsecretbeast[.]com

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mrsecretbeast.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4872	msedge.exe
4872	msedge.exe
2416	msedge.exe
2416	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1808	2416	msedge.exe	86
PID 2416 wrote to memory of 1808	2416	msedge.exe	86
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 2092	2416	msedge.exe	87
PID 2416 wrote to memory of 4872	2416	msedge.exe	88
PID 2416 wrote to memory of 4872	2416	msedge.exe	88
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89
PID 2416 wrote to memory of 4064	2416	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mrsecretbeast.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3a3346f8,0x7ffe3a334708,0x7ffe3a334718
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7761224356771263609,10139616114118693585,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\263b8feb-0251-4ed7-ad8c-13210d4027eb.tmp

Filesize
6KB

MD5
2614e954bd34bc183b9622a6edda540d

SHA1
7f77702c4c1c68ea21b10b85c9f4ffd487135d76

SHA256
ea8980e1630bef5efe6f3bbbfbbdfcb632c410ab6446f93cbf6108cede959c81

SHA512
f3a9d5da41f6cd0d9d844adc9d849fdfcab45a15d84e3ff7ed0897afc94bfd3d5fb68420e40ba9221933283b4f4ddfd3bf8359889cfd912168bfd4df7a184bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c811d65662ea051a5a7a909e3f5ab63c

SHA1
278edc336079ba461d28edc0ff30102bd7109d6c

SHA256
2774f0ef760f79b0f6df5c770bbc5a15449aa3929bd18fef15de79b3f5f1f92b

SHA512
a30be4b3e7fa84a265750d5052367c841de40b4d0a8132428df1a9dec197db4d241f26ed0a29eb4ac0af25a8f44867d8603e500eb632aff749fe748e9006fe09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
751ab202c26367f193a2dab37e34d8f1

SHA1
2c90fc3ac003319b433c08819fc8602c249eb224

SHA256
d982638c26e3111abf5effa4c74d10024082a349291b2aef166fcb92cc4bdf3e

SHA512
12142945663904c914b0d979c27838ee92b7d527c406513525ad24cb32c567d9413cd408d49f39226b0f34d5ac20e612710a56de2efda788f2a3500e2f1c8611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b696d3328396cd9f1a12d1afc1e62b6d

SHA1
f7c80aa574c271a114d91122776f64c720fb62b9

SHA256
80ce096802c9a0b1ee0789d051bffe31f178b6a8008c514d84da26666343f766

SHA512
45e30464f327aa00250f5db93fbdae99aecc9e9ae585de1a23e7e1c61727738835f3e0d8efdebed1e9901705829244a4059033114293b61948472a468c7f4a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a286db8face04d3427a54a1da225247

SHA1
d8325ccd0f8a7cc5a14487080ef3cef251f126db

SHA256
775cbb2677ed96f1c2d4143be35ffe282400d747734e5a79cae9468af1fdf86f

SHA512
923f6997b18efc2b88c0d5456c75087192433f031b36697202ce5333529406355607a5cf71080457b4fa86158e7ac90c574522e08873576a1682ee902a7949a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99dfea8c517beb189d9f751d8024e00f

SHA1
335505f9962f23bea06c650b3836e079cdadc35c

SHA256
76a48241fbcef09ea2dd9ea31aaf8a32fffb4f4149b6d0505ae0a27fd293c471

SHA512
fce0ecb66ac92bcdd36fbe64d66247412c83134fbb5f62321b1c02b649138d2979ddf8d55c1eac641d51f8e4408f47bbb24112b8bee3a95ccf514024a6b15c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
914d3c99578512b1ad8420da12f30478

SHA1
2c234a63b6c33e5107f7503df078fa24b9a796bc

SHA256
8698ca53d12228be725772a14d92b40eb78de4ec4c7d66d0019a649e487d4ac4

SHA512
a67af6b63f5cefb134fae7325796723eb04ce6ba8f4e1750766a2b8fc327407eb4cc6d75a066cd35a0614ee9bfa9bf70ffab533eff19382da032385981cf3838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f83b.TMP

Filesize
370B

MD5
7a1db5c159f96a48f424855aff1dff93

SHA1
a5c697993a0283a722bc8944659fc7661a774d44

SHA256
865098f0d3685478455e67c2c8a3d573cf91e7fdba9483b48e7d87c15aa2c1d3

SHA512
916db26f525ae8b19111cc4b2edd48fc0c7acd19761a7bcb9276c3e6d24242f5fe2000340f0d26c5e8d9703966eb56bcb9b119a1132b98ea9cc5ff99bdadc64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f34628d61d35b6370af2d8fffe6caae

SHA1
bcb714043d756b5d755318141fa9a2463b26e667

SHA256
2257d5a7a7b169e89ec6ac913b566c53f581e871323bdb37e18fe2f443a271b2

SHA512
ef3d3ddac1d5716f809aa4237e555f23112e1d939b217fff8c41c0228fcd3d7b0525d3411ad0643f0e4cf7baab17a22a155f046a259cf4bcb05e9353894322c0

Download Submit