hxxp://r[.]ci[.]montepiedad[.]com[.]mx

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://r.ci.montepiedad.com.mx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
4388	msedge.exe
4388	msedge.exe
4816	identity_helper.exe
4816	identity_helper.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4692	4388	msedge.exe	83
PID 4388 wrote to memory of 4692	4388	msedge.exe	83
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 660	4388	msedge.exe	84
PID 4388 wrote to memory of 3968	4388	msedge.exe	85
PID 4388 wrote to memory of 3968	4388	msedge.exe	85
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86
PID 4388 wrote to memory of 3916	4388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://r.ci.montepiedad.com.mx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff7d446f8,0x7ffff7d44708,0x7ffff7d44718
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15399019670955234371,4976893851605672131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
22937868dd72ac8a4b9fd5d915cf7345

SHA1
3b4a992853d9a17add4519e96b41b895c4e69a9a

SHA256
14bcc9a2cbb98fa9168b4c42b10ebf34551d6b103dd9f4a156c5c5b5fbc5e8dd

SHA512
b608abfdd5697d63bd681a8eb85d86de180770bb555edec6bb1b75fe966175a8a44454db12f7f034a2943cd754c8831f71ff747376bed86916c356742befb93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
066599ec2cba205109d55ba52c0ac83a

SHA1
446d61310354d79ac46a13f68d3ebb98ca05fcfa

SHA256
1151d561d60623183cf6357b3a59589a175719494f6d52c624c9a9df85e46351

SHA512
f1c7ebff51d19b95beb826cd67e455f83ea121fe1cf979b1cadb47890e59443d94799cbe8149e488b51397f9fd31f495509840015c99df840a880edd3c9ce5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d41e96dbb3a75eb777454e829ac69cec

SHA1
f7256bfd5543f20942a33685cbfdc06827f4052e

SHA256
5570a5d56d913f9a82fecdff4dcfcaca5992115bb6baa8d20b696f1bb9b40bb9

SHA512
3249e3c05c9ed5d55b75491903a03b3d0dbf79277279c878bc6821a02468f34e414733df1cbb13cd5a7eedc57879311ed92ea8771b1f5f1a1394f21b7b5c10a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2abf4dbca37ae21c262b69732ad7bd90

SHA1
9e2d36d3e1a3abebe14e8d9a28b1700dc60c4eba

SHA256
5bdc3117bd89d55d6e687d938c710ca38441d072d56c6fa7f2f4bd8561516f01

SHA512
a93362de564586354d6651c7f800dcb89b6abac8a789069817c1d90769454a46d7be3ba107f17f6f09c19fad36e9c23bf5330c741e828cee50e3673d56f97970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
322450881df2735c2b3e104469e52b22

SHA1
c46baa88f0b8a41aad6289596879ebb348a76662

SHA256
f9f466af7a2f9af047a9966db4a87d364fa37a57a1449bc3b7504216a2ac35cf

SHA512
97904ccdcd2719602be6ec5fffc99e6eada1b1c3fc123327bbc3503b5708499c5ba7319ec93ddb0620f5ea6578e2731a1064ee6d70651e2e67ca85b4982c419f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33c772a57e0a015129a57f7c48450aed

SHA1
cf85864d7127a593fc68b8b16a89e3df14024188

SHA256
b2a9aff1cf05a19037ba62dcaaab489b767402657c506b91b1bc07ee5bb3bcc3

SHA512
46e9a48e4d195d576b8f893c39afbc2b73091f0cd6b02ecf869165b474fe18a097b2c5101a4dfcc268ad16c04eac14659985ae7b3d4d34cff2c1631c3fc9c48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bbf8.TMP

Filesize
1KB

MD5
bc95fa54487dc1ed1d0fc39e72ff53a3

SHA1
b0b192539c1cc4a04947520b69f0c9bdb5f5d38f

SHA256
37317cf64081c16bc1f4da28302ac8979688401d90f4ef4388f2cabf3c8a1d48

SHA512
d91b8ba6899baf540415ad1e63c5c36a7e536758887634ec6db73b0bfbfda3addaf341dc5fe9cadcf3644543c5e05e914f0cfbe6ff3ec657c0503e50a9cb0173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eec78585f2d5b22d0a57c9262e97219b

SHA1
050ed98e74f2f9da3689ee7e4f58ac3130d2baa8

SHA256
1caf7415f2651373b458a18698395211d54f957579d6272c1c693e022ab1c4d4

SHA512
503f1a96d4c127df28865e2d48caa2f00d3dd944e97a122ec610020c8741bbee5e46775c9d2dd9b39f3fd9ceecb452b520a3fbbed3f2185e7969c98fcec3c0b0

Download Submit