hxxps://www[.]virustotal[.]com/gui/url/c2d7f683ec23c611845d00b4b883a2b6b7dcb6137ac2bc850a5517a070ec46db/details

Analysis

max time kernel
328s
max time network
333s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.virustotal.com/gui/url/c2d7f683ec23c611845d00b4b883a2b6b7dcb6137ac2bc850a5517a070ec46db/details

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
2760	msedge.exe
2760	msedge.exe
4312	identity_helper.exe
4312	identity_helper.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 1344	2760	msedge.exe	81
PID 2760 wrote to memory of 1344	2760	msedge.exe	81
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4648	2760	msedge.exe	82
PID 2760 wrote to memory of 4284	2760	msedge.exe	83
PID 2760 wrote to memory of 4284	2760	msedge.exe	83
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84
PID 2760 wrote to memory of 4012	2760	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virustotal.com/gui/url/c2d7f683ec23c611845d00b4b883a2b6b7dcb6137ac2bc850a5517a070ec46db/details
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd0746f8,0x7ff8fd074708,0x7ff8fd074718
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6694670830864278372,15025186013380376359,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c7600f48eeff1394c44393d70dfe8ba3

SHA1
bc1ac259069388c0050cd0b4c7fce166fbfe39a1

SHA256
6c2ad790e81ae28aa219011ab63fb2dcdc3c05ad8e1b70416ad2e34091abb13b

SHA512
7ad45b688739fb6c752f9cbf19f6e860c41bd7d5905e17c236cdbffb60ba4f2e10d81aeb50ab3e02de98bf271f8fcc308f3a0e6987cfe8cdadf3c1403750eaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cdd584516931be7f91cf6a56ffdb8b12

SHA1
59e609e8ccb59aadf024e43e81eb5fe507f747a8

SHA256
c396cbf01130a4b758b2864326464ba38a6498465d2e378177a98ac3248109f5

SHA512
0a83cf81db8f07838e225f6cf9d6c4670b5fa0f274bfa260d11a71b9f5d24273d8f19b1c73a9dce688606559f13d1aa0c0360ded5fcfe4a5accb756cbf70a9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
669cee594f5a866db2a6709a1d2aca65

SHA1
85efffecd50d7fd664990ae90a17c0960c84077e

SHA256
0b321567a84dc0c99cb28b98bd3c5912bb14ac1d14207a832be528d352e3b8f2

SHA512
4081d019dd3f42db3b1523c1135b3019ec8d6b94115771a05873f840e3352fcb125fee6cc04601ddf985d53c2879c8e63ac9b0e05a7b6f6a66ed4d678473c47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f7b5a900cf870f2322f4f97f5c35451

SHA1
cd25af87da3f9c109a3b8fe89f1fd1a82c1f6777

SHA256
08da1b5ef5917c4bdb2047a3082d74a639df0a1cdda7aaf768d6b7fea5091e30

SHA512
2f719f7b70550e588e1f5a651d1290ca547a3c45158515ad07bf69b9505b23ec35e803d1499e1d857920fe9bba04903383c914e3dfb8ad99ed114d685dd63ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c8559931a229c9acddfc72ce86a396eb

SHA1
c7fd4e49c498df0f17edc51b8591e10b3758034e

SHA256
31eef09a2267e7dec6a5a20490b9a9e7875574b2fba439abe0eb09ff50dd699c

SHA512
18f97d50dace4a6fdb9f6ea49ae83c3c759cd12125ff6d6b99d8d8651fe29dc8dee847074916722c58c406375938a858aa95572520dbf7dd9074a17e43ba7ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ad47.TMP

Filesize
48B

MD5
b5cae5b6a8b693737ff1e558a5457cc2

SHA1
0d7dfc7c84b5921277038adbf244785ef3af68a2

SHA256
460993911c15fcb0ac0c7a78f48aed1e364cd3fa3749ffb9d1d4bbeccf384f3b

SHA512
84625d3044fd342f05f113f3671f548f010bc57e3a6e2a97a0322697c42e7394653cc5410745f433b28943d91b10a0eecfdbd594f40fdda03d9d5e5423003fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6a4771750e5a0641a68600cadf9ae05

SHA1
e9137553dd09facbf1456e80372135eef7663a23

SHA256
eec6bbb47559ddc94aea9461c732370c0b4fd0de82505946d2b2a7e101ac3ec9

SHA512
ece09e4e0d479229fadabaf6245dcb5a50c01395b9839a5d305893dd26c8cd4c9a52169e445062bdc05bd8463fbef296f6529ccf3949ad99ca852eae42fadc65

Download Submit