hxxps://openguessr[.]netlify[.]app/

Analysis

max time kernel
1800s
max time network
1684s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://openguessr.netlify.app/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	discord.com
23	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
1100	msedge.exe
1100	msedge.exe
4684	identity_helper.exe
4684	identity_helper.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1664	1100	msedge.exe	83
PID 1100 wrote to memory of 1664	1100	msedge.exe	83
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 2024	1100	msedge.exe	84
PID 1100 wrote to memory of 4752	1100	msedge.exe	85
PID 1100 wrote to memory of 4752	1100	msedge.exe	85
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86
PID 1100 wrote to memory of 748	1100	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://openguessr.netlify.app/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff371246f8,0x7fff37124708,0x7fff37124718
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16241974879039396527,16200009766036374920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
cbd7f9cacc2af842f19ed5e8b0675391

SHA1
f40d67396f83c92ee2aff526521284f548fc0909

SHA256
7d7a61c6ba92a2d018e2ec0234640e2809b092b33c604f155b74069dbada15d6

SHA512
eec6da7b96304b3ae31e1ffafe6b5d6e1b34033836e36126739f991d429579a2c6b7f3eff558aabd6d4d513cf5d1ca240140d7a03eee83fb258dbd011fb4c339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
7a1b548d01471b59cfe0c7c94523ea48

SHA1
a21751b7397a3c1a5c445e09d0390d795774738e

SHA256
51a9d2d631443f88ceaaa1d82f644ae5419730487a370e42d786287188402691

SHA512
ce4789f1458d98b694784f0602f4ce458207d8c5684628f3b0158332b4dc386086e57626fdd1d241e1901a7b69f11d8a0f123b5aee2e953eff05fce4d6d9f658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1162b2f7d8d98388df06c15de00097c7

SHA1
767b67c496c1b5bba611172f6401d771145a3916

SHA256
c6445c3e538f57bf1d6ab528a4a90502827d97ea14ea7aca7cc2a7fe52b20c26

SHA512
9560bc8a4cbb0286651d2acdbab3e9566635b994f8959267a7f9270c140bc35555015f03492b4471f55252cfeaab5022f769c6fde0f2a7e57f19e240f322f741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52d0f5bc3b3ed041c522979633d18d6c

SHA1
8a69aede6edfa0a1cf5fe56991eac0d263b63ade

SHA256
856f1915a0221bfb8818507c5aad3efb4acac8d7ad7db4adb1adb8c03fb55d0a

SHA512
69fca3f795c86388c1fa8ac681dff4d75a9beb920e408ca3327c040d2708ec3e9dba4f09a827548d556a60472033230de21ce747c366fedb7cb8d30e225c9e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07a73af8f416435925c7d474a26eb9a3

SHA1
5410045b6f4ff109d2c77a3d4cf118bf2ffeef75

SHA256
87a9cb5ae43248b6a144d37a50ee892fd6ce7c7e3f89ee707d483606eb5cc115

SHA512
9308382d3b56ee5f4a81611d6174659e57c7e7f0820001b95d636f895bd3b3ce4a65a80ac8e9177f0018216bf3306bb9e4772d68aae17dfe3269246bf7449431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c54c0c70cb35ffc4efa7b8e8a5c5372b

SHA1
34c36e60d11beb21c58f444d5352a6686f91cc8a

SHA256
3543a20b6dce2f09aed5fdd93416459cd01db01c92f03b472b0b70333327eab5

SHA512
aa0694955a1597b687324f87a559ae64509a2b40cce29ac619102e70da0e9c76a254e62251f8f3d8eac4a170877309df656f64af631aa48c6a6b2485509e05f6

Download Submit