70dabd28c39071fb7ec71ef07a604d8a7388af14a23f1ed7a14868986fb2d70d

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SG9uZXlwb3Q.exe
Size

1.9MB
MD5

4068c0803b559c904b34b910d8d9ef86
SHA1

e2cc27330b08ccf77a2affb4d60866d8fc3e3f9b
SHA256

70dabd28c39071fb7ec71ef07a604d8a7388af14a23f1ed7a14868986fb2d70d
SHA512

87d9907a284202b0cf3383810593ed66775fd695aa43793a185e1e23ce611336e9936b27a4b387b36a47c8659c75d4a217a7f2d4498b1e42170d0109292825c7
SSDEEP

24576:Y5lYe0j3Z6o2GEr8RgE9QRhAmnjtVLFFAVWtOwjV3SFDFnN65qsyHiPOMXB8sN/w:REoTgYyU1zaCXDXFWGebMYZzCvpp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe
3656	SG9uZXlwb3Q.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 5096	2232	msedge.exe	100
PID 2232 wrote to memory of 5096	2232	msedge.exe	100
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2620	2232	msedge.exe	101
PID 2232 wrote to memory of 2412	2232	msedge.exe	102
PID 2232 wrote to memory of 2412	2232	msedge.exe	102
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103
PID 2232 wrote to memory of 2848	2232	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe
"C:\Users\Admin\AppData\Local\Temp\SG9uZXlwb3Q.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffac63846f8,0x7ffac6384708,0x7ffac6384718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8307719737684677479,10284950517437001091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2
  2⤵
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6563209d4dc2258edd632361c6da98e8

SHA1
b6337da40ed96d27b00e7393d684a337d9676f4a

SHA256
e7485f48714410df2a7db9493fa43045e9d74ead8e494c41b19f0d91d6733f88

SHA512
9b7d48d5e76c27c132045f700eab70e21e802cc73f0e68b8143c996771aaa797e1dcd9baeeca1b449515ac8131f656ca159e65889146edf1c4613a4f4c449fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e32e1e097837d7c56917447f88dc1b7

SHA1
e233ffcbc5b14dff49583da586bd7eaaf1ffc4c0

SHA256
927f613d65314e94c2e293616fbfa55060ef76361d803e46bb04dcb46923d1a5

SHA512
480abef44248fb89b0e9e71b7c6dd4ded48b632f5317c4993ee679792514e5c9cb32b9b213a49913c563197b1da89bb3742e894941ff2a45dfdcfc33b8bdd81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
161dbb8cc8cbfc2a936d9356a1e6527a

SHA1
0935630581cf066d2375b733b20dde8445a1fbf0

SHA256
7598b9aa66f99f8d25a16bb772c168bb6823a786959e7c4572d68e3a0c5730f4

SHA512
5f0ea034f040f6a6a11c694c5bdd26ada0b697e3c05fe103ed2310b8328e02815376ff8cc14ad4856cc37fcdadbf0657cf76f8945ddf481eafb0a63b88028e9e

Download Submit