hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqazBuaTh5cnFGVjJOVC1ubkVzOERlUjdBckFUUXxBQ3Jtc0tuN3VhUlNlZHYzeVZWUFk1ZWNMekNMNFhzVEphajlCRk05MkItWmxDdFh5eVZfSWUxOW80WWdpUE1UTjV5Y0cxOGZrdTMybTZCZE9NbjFKN0xwSW8ycnFscDd0cGdBdWk2bTdNdVk0ZGc5VlQ1OFBZaw&q=https%3A%2F%2Fspdmteam[.]com%2F

Analysis

max time kernel
73s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazBuaTh5cnFGVjJOVC1ubkVzOERlUjdBckFUUXxBQ3Jtc0tuN3VhUlNlZHYzeVZWUFk1ZWNMekNMNFhzVEphajlCRk05MkItWmxDdFh5eVZfSWUxOW80WWdpUE1UTjV5Y0cxOGZrdTMybTZCZE9NbjFKN0xwSW8ycnFscDd0cGdBdWk2bTdNdVk0ZGc5VlQ1OFBZaw&q=https%3A%2F%2Fspdmteam.com%2F

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
4116	msedge.exe
4116	msedge.exe
3804	identity_helper.exe
3804	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3248	4116	msedge.exe	83
PID 4116 wrote to memory of 3248	4116	msedge.exe	83
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 3764	4116	msedge.exe	85
PID 4116 wrote to memory of 2072	4116	msedge.exe	86
PID 4116 wrote to memory of 2072	4116	msedge.exe	86
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87
PID 4116 wrote to memory of 5004	4116	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqazBuaTh5cnFGVjJOVC1ubkVzOERlUjdBckFUUXxBQ3Jtc0tuN3VhUlNlZHYzeVZWUFk1ZWNMekNMNFhzVEphajlCRk05MkItWmxDdFh5eVZfSWUxOW80WWdpUE1UTjV5Y0cxOGZrdTMybTZCZE9NbjFKN0xwSW8ycnFscDd0cGdBdWk2bTdNdVk0ZGc5VlQ1OFBZaw&q=https%3A%2F%2Fspdmteam.com%2F
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc603146f8,0x7ffc60314708,0x7ffc60314718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7049129770188017656,7693412923646428518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dccb774054ad4993dca71027a45b34af

SHA1
2657a19ab3efd9219b5941fbe400607a379c5c9f

SHA256
56c9c8074f148925ceb0f3092e6d09930ceff52b8d886072aa66cef4c53ad364

SHA512
7278806b8ebd4b63ae0ed63115692641c6b674436f0bfdd739f907759e55d09aeaadc3dd35621a47c9ace2be8a7f1d496acff1c3e969c557da878db26a51ac81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7770d41a4db5723488d7c98b25c5b587

SHA1
36ebf61be153e048edd63d408e0ef7ae0d1f6558

SHA256
3eda81469a37959f97905d35df723b3d99b6f653c3731b7dc392c2a31a90f53a

SHA512
d5ef7d44881cee430211c9c1bb9aea95c982825b228169d6d3fef794d4d9f039c74011d14ec3d7cbc7fcaabffe7c1db4d28304441bffdc48d5395ef892478f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
042461d915e9e7f07a01fc022b71b897

SHA1
a5d17e2f16cbc72508307aec372bd0c4cd2a4b6c

SHA256
24b0437aae8cdb2f8b573b0a6d00a67973c36a8da91aae1ff1fbaee0ef72efe7

SHA512
ce15553dc6769283fb5497d6b78873bd40b5c08d1d8c375b7f2b415fb8cd21de85e0853cc57b94afe410cbe063175f09f7e0445c18e04ef08ac3d2935247bb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e417c9d6dd6b885409f60743955aa119

SHA1
6c130ef775a459ab3c7299fca21c9f649d2a7893

SHA256
e93b36390331a30b36024040012207f31a9d099a7bda55ee912bd57394effeae

SHA512
ae355d69cca445f6343dd5675c4eb08a04ab9a17c07d7dec1b9fa00f4cc2b4155f27a514568fded7a6ff0a3468a9ffe244889ff18f7c3e4e5ad4e091ca983b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
602bd208518c69aa401219e447b8a8ee

SHA1
6b7afff669e5cd7bdd653b341601b7b4fd3c96bf

SHA256
3d78480eb8abd0f13925bd665b75b744238d5f7951f1c3bbe31640088032c38c

SHA512
887e0f5cb5426861e3565a12213861cca479768eabfc85b1447aee0efc4a04b4a65e985438ff09e9eeb397f2c19c7306fda3f51fda9e44545defd2f9c0465723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585dfa.TMP

Filesize
204B

MD5
a7cbb31638ba1f1ae1ad1908e2d7781f

SHA1
b97659a1ff65c3b0316c3987af7dc28c1d3315d1

SHA256
1159617ecd564ff9c373cb12314cda74be5b8938427ac044f90d51c2915091c3

SHA512
ee5fdc5bddacf381f2db9bbf83b865e9aea1bcab7fb74465d6b7bbd6decb128c8c25226e1597babc19d182071ace71c6742efb83a1687dd48b458dee6795ceef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e100b53dcab4b9cbc9d941b4f7dccfe2

SHA1
6a30036f9775ca3f8b51a602d60e9be81a53a4bf

SHA256
9afae561d1d5d61e4f58b49e90e63d9d53c6983edd3c6eab7eae08a357fe52dd

SHA512
261d0f131e075af82ac4c919763d74c4fcb36c6cced50c16ca382b65203aad9056e5274f798cca6734b00345bd342b71e4baca3af31749a3d2f7557cf7643c0a

Download Submit