hxxps://www[.]linkedin[.]com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D

Resubmissions

22/04/2024, 00:48

240422-a5zhnadb74 1

22/04/2024, 00:47

240422-a5gb3sde2x 4

22/04/2024, 00:46

240422-a4pl3add9z 1

22/04/2024, 00:44

240422-a3hr5add8w 1

Analysis

max time kernel
66s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22/04/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
2792	msedge.exe
2792	msedge.exe
3988	msedge.exe
3988	msedge.exe
936	identity_helper.exe
936	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 4024	2792	msedge.exe	78
PID 2792 wrote to memory of 4024	2792	msedge.exe	78
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 2964	2792	msedge.exe	79
PID 2792 wrote to memory of 844	2792	msedge.exe	80
PID 2792 wrote to memory of 844	2792	msedge.exe	80
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81
PID 2792 wrote to memory of 1688	2792	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffd35eb3cb8,0x7ffd35eb3cc8,0x7ffd35eb3cd8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17661489984791119030,4582756202312209378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54caf18c2cda579e0dad6a9fc5179562

SHA1
357d25de14903392900d034e37f5918b522e17c9

SHA256
28d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b

SHA512
88da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
696ffba7b83ecf008523e96918f200d9

SHA1
970d90e22c8b3674fc33cdd1913c51ef28514255

SHA256
dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34

SHA512
f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
bc82b4b967b145743da955160575d163

SHA1
c5e8113a19999b35a2bd1b5ffd8e92cfde2e7a86

SHA256
41d6fdb1406639bfa936eae3eb066554cff4538b4aae4b9b3cc9391eaef4ffaf

SHA512
51dd2bade95d20347065cb9319d7c0bb1bc9f88ef1d345421345098849add19c13f7a33b2c8bcdae9dc7b486f077763ba703b75437b6cbfc54dbb51b2c4ff234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
baa66dc63d31e335eff124dfef123350

SHA1
cf900b8573b80fcc3ae4f597782cb659b641b0a1

SHA256
be148884c8185f4b5266f53ae37826d0d8a243f724dc7f415c4334f87b99fb1d

SHA512
1e7be1c3830bf4303d0b946a28d34fb3490f1bcc11b0ec38257dab497d5b3ee4651852a33a75f35db38cb7f3633600a87209032dce107648b7c71b245888342c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c9a18bbd0d94be6b676f8eb582a0868

SHA1
52fb2463335d91b972933ec1d659cd01b1294c1e

SHA256
d6bd42ea338490790a93dc791fa3da6e9e186e5fda408dfd60aaf868b39fdfe0

SHA512
d8dd5aa0de84c78056460bce381913833a4bb349b74a61a6c108f9005ce86a528683128435f7af0f00578b865f1c2443f15ccdbbc2e79b245fb289f3556549e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4014b67dfba9bdaa7f3168f8892d1d1e

SHA1
23c71d68a816fed94b00f12312f0142d6ddf7b42

SHA256
40af0b055280e3c863ff6c371e94b8a34a639d1e510b05be13a3a823c065aa35

SHA512
189a0cd177d132a6104b3bda3a3eaf7b8f0a58b5eaccd405c57c599b16f61397647dcef3e10ca1393cef17575e7936f9fca2b3945b184ee0f9e713eb7d79dee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61e10e4687759e8a4404c87d47aa324f

SHA1
a33135b11606181c0ba2981982ebf943122ea6e1

SHA256
77cd47309acf503ade09bdf23666888d292a92589b501f8a29ad3144ce5b20b6

SHA512
5bc9a3861f8bf7ceeccf7cd674db8c4e6f75135febabedf377af17c4132beecf446e949554dd9dcdfdbc684b2e19aa35837e48b6f6c84c8ce6d692578b05c323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a4db.TMP

Filesize
372B

MD5
11cbab52df87a56714537768369809ce

SHA1
68eefea8e4ea1e6cc5eccbfee474dd08bd2e6a58

SHA256
43633ad885eb9e714743891035c2f0cdac139780457b15f07bfdaecbde9a3522

SHA512
b656d5bdcae3e03bc513d25ea439d38f9dc54e621d7b29d44f154d946f4bcc305e04ed70e99047531465232ab31947ed6c63125a32b5f2f6aaef689c2f6b4d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
98ddecb401aa8bd09eb9bba926f8a6e2

SHA1
612738b8344698394e236f937d9d3707083e0a40

SHA256
a534eaf6d53da2bb80e459f8b47a14415ba04c81bf96f2e8c05d2fb696897132

SHA512
d64e8e30bb6ada1b03aff2e1d178bde0554ffc90e6e9612a79b904d78be4e965dcda3ae78ca8689845ebe2130500f448d8cf601eb1a47623cba7c63ec58855fe

Download Submit