hxxps://download1648[.]mediafire[.]com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen[.]zip

Resubmissions

19/07/2024, 20:40

240719-zfx1zasdph 5

19/07/2024, 20:40

240719-zfv7dasdpe 1

19/07/2024, 20:37

240719-zd9lzsycrn 1

19/07/2024, 20:33

240719-zb32esscjc 1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
632	msedge.exe
632	msedge.exe
4508	identity_helper.exe
4508	identity_helper.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 4408	632	msedge.exe	86
PID 632 wrote to memory of 4408	632	msedge.exe	86
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 3112	632	msedge.exe	87
PID 632 wrote to memory of 2744	632	msedge.exe	88
PID 632 wrote to memory of 2744	632	msedge.exe	88
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89
PID 632 wrote to memory of 336	632	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download1648.mediafire.com/x4lw8p3316ugR2u52XkMiF3mLXmyAHMDPwKY8NfbCGOAz4xQFHxw8QE20WvIPIE8EPzy1BEFL3slKqTGxUZRQ8xVQe7tByQq5ipm-bgmBJio8o13pWQK9KzsTTU915X-9y5YgYbQIKFMwX4A0ajUgJB9MGKcppTD4wo1KF1iYr3B-w/vehz5gm393ydtoz/nitrogen.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0d146f8,0x7ffcd0d14708,0x7ffcd0d14718
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11751050648651793336,12246210409209718631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8d4d2d3d388b445c6a631daff08340ee

SHA1
23863c2cb176db1a993ff6aa15678ecb857d7b48

SHA256
71dcc7084621a1eaaa46db42192377deff22c95d66207122cd6e4deccfda77a0

SHA512
5f016b91263c14c2560702bc3eee745976e0004b6109bca6bf399c8b796657027ac88174a58dbeeb75f575126aaed016dce902a0d69a5cddb2309a398a000c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f4edbc9f9d152997f665b7b7ece22874

SHA1
3cc9264c825a7b04725d552ffdc46a2680aee163

SHA256
e807c6ac51f14500bbf4127b4cc44bf5ed381b57fe7b1d394c18514347946c4b

SHA512
43d8b58645127317fd5a8d2348862d71dd7a6c6f980f21263eb9fc26debf0079b51f6268e271fc96219ef40a35d5397d52f75ee2ec7b1f7a1efeaca126446115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d629a459d5d89d7e696cbac913ba287d

SHA1
321dc674179afb4a613dd4ef531c21e23cc7a143

SHA256
4e774c208ce83f0c14387b96a687e72b58fc1e7e7d572a4d8ef6bc27aa5f1016

SHA512
ca1b4f393c2024a5ddf4302ed574a15fa62d52e77f6281befe52163f8a6947e7aa0d16fd3ea59e8ef00a6784e06fe97164f4a61fd7e3f3fc2b898388a19d7fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a305427fb7bcd52ededc8c891622201b

SHA1
51d5dfb6b79a9063898872ddcc3bfd2ff19f878e

SHA256
3f0305c1a643053c531f0b2498d3ba377c22b9168b8e9dfa2cc9efbe4be71ca7

SHA512
fa6a0d37fb560c3254452036961fd944d093ee072f99d0f12739bfefc310ebdd12f978050ddab32efca166450abd8e9d3a00cf340d7b4f3f8ce2b307d0592479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d4a77cf69211079b5711c4702e17466

SHA1
ba59bd24935fb711cf7795e5fc544cf420fd87de

SHA256
9f4038d9e85902bddb26575d0866de14ccbee7a83baac31a87ea60020ce0822f

SHA512
f6edcfef83268183404b43cd32b5175757ad9bbc49ad67d7fb06924ab4c9afcb6a8712278d2178eed2aaf6c3e333d10e8a6d8832507f9bbc5883ea4bb6235d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1d08a2b7e77eb71a32d673712305f2c0

SHA1
c2bb94de66c4e222785c51f782c0e138712cff15

SHA256
2c36aa79bdeb698a9aa8080bc923363cdec80a3ded1311d3ca775d97185546ec

SHA512
2097be98bf6cc62f1e62ff369c4c29ea862fa9a334bf01449476f930c49bdf3dbcd03429ed58902e3b89fa2000f8cbb47dc927d67218d857341d531c14f4883c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6f5.TMP

Filesize
706B

MD5
3790527d9f6c585e55cf39aa4d211166

SHA1
824a73648dcb76a7d821e81f9e990d5f86c05458

SHA256
5ee4e124b5639974ef4151c3aee4e1915b88d086cb1d029cace40cbe4e85e91b

SHA512
b9ce4322b3873b42bca33996d0e80e0a610f2070fb579ed1554a8f926025b84ca40800c3e62b2ae741f0e4ef04f044e591c5357e8833a462a899eed95f04bf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78495aa0bc2d2f297d0911748df4fc16

SHA1
ab7fddcc67b9ddae7be09fea19e47f14845a9f7b

SHA256
df9e66436e3d42dd10432738f49fa42ccd85fb1358b324a2d05af97c301aa8e1

SHA512
3e147a406094c91e369d87823a67026a0b360b8e9854279e66af0ab7ef14a027784b502ae9756dd948e6e7a0a33c207ccb57f91af15ef6202ed47231eae846bb

Download Submit