hxxp://vibeaccount[.]com

Analysis

max time kernel
1721s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25/08/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vibeaccount.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
3552	msedge.exe
3552	msedge.exe
2040	msedge.exe
2040	msedge.exe
4976	identity_helper.exe
4976	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 3252	3552	msedge.exe	82
PID 3552 wrote to memory of 3252	3552	msedge.exe	82
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 4892	3552	msedge.exe	83
PID 3552 wrote to memory of 2068	3552	msedge.exe	84
PID 3552 wrote to memory of 2068	3552	msedge.exe	84
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85
PID 3552 wrote to memory of 3544	3552	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vibeaccount.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe565b3cb8,0x7ffe565b3cc8,0x7ffe565b3cd8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11753153798252053651,3844199778644161372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
7feebe278d59039c4295b765662610cd

SHA1
cfbcc534b0a926231ced560ccf3f179907c0e40f

SHA256
724d0b24303ae7b2ca8bb655c362f0fde398582ae6daa027c6586edf2ef4cfae

SHA512
d341fbe620a6bffe043fd5be333ea2cc039d57744bdecbf461207dd03c14c37efcaadc69ccc962484d0610142bc039828d18712ac6da08eaadcc856ae5173e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0b1f4dccb3b294b60f09fa38c4f2886c

SHA1
d2e5c9d5c1826a6a213912b0869e5506478ad495

SHA256
683f0c34540f353b580f47f2c6e318fa980cfe9cd1b99cd8734bef18e2666f0a

SHA512
1186e59b7cd6c1f3c11e5491fdce930f385d8c5f3a467462ca40fd9c393613aa6149aeb7275c28b2c9b181eb668b5a2137e053401be7d0ff40f290bf0d79ed8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe93c1e0d588bdc2c6aee13572d13c02

SHA1
1dbaec6fb145920a91122a099f75faadf13fdab4

SHA256
6edc0a92255f157a8c39c71fcdccc5de52c5d655e77e55f607b8bfaa74671981

SHA512
ce43830d6059951a8478a58a510b6ddb73aeb887727fcc25ab9a73f7ec4cb1b2a5d49036763c1634877e16a351e806504f745293ee86f26a266ce81eedaf5bf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c440f578e1a11cbc843148ee2f8c843

SHA1
499a1395a29ee8ccef64c47ecfddb78d8341e135

SHA256
09c584b32e32a29f35d6f124d8627b712eb3db1a08cb9cb152f2f6f90bd74acb

SHA512
f27f76444c2db2750e6eceb0f2c9b8cc943fb86594aacfa4e036050743183048788ea5ef5baa64d7d5b7757bacaa021195f6789d9ada55d6e124870b721672fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85d14672ece5d49828186a786bba2f6c

SHA1
da568576a8728df6c58291b464cf043bcb06213e

SHA256
da121e5505acc12def8b8f0c64cb92f502de1b195ad344803a428aaf52f28c8d

SHA512
59406915a72be351a546e40426e3773489129c22f14566f96402132f5a452479444a5318e38829a684594f635124f83e464424f5c34f2da8ab2ea9a387b32580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc95.TMP

Filesize
537B

MD5
6cb19b709790a24c31c90d33665b0902

SHA1
8cd7b9dacafe0aaf13c5935505430198e7a57499

SHA256
b8b57c1f02ab1edcec75419dbd76e9999c4b9d4880109bca11967e92af85ba9f

SHA512
8ddc076d439abf538f01d8bd3a19f64728cddd0a3afb7d342eb2e1fcaea968e0c81ff82343cb6b3bd090012d9d74b34dab06cd15fed172436e93b47ff6bda008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e08490b5-9d5f-49a8-866d-872cf2cb0c20.tmp

Filesize
871B

MD5
d72ef2e1ebc5b20474ac355628c4ceaa

SHA1
30bb82fcb0cb7d3f30a0b55dc5b540c7b786a225

SHA256
fdc82a0ee784ad56e470b71d207ba258b7244fa044fffb0a655cf1b47105a90a

SHA512
47aa8d4c290943695264b7ee1feaaccd71563a9b7f6f9694d29ab3275c4521b24d9f8d310e9fea98d7049966219e3901137fc48b328ac0fdde6c0521d4f1da6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c54e10f249f0505f808407412d7fd14

SHA1
4926cc7d0eebaa6580bbe6b40bcfbe73ed1e12a5

SHA256
7cc618cbf3be9b136ae8e907ca834fa7bbb8825767c40969acc4a105e11bf84b

SHA512
d8abf424b1e012f79486b98c46285b801dae434f0cf81abf92567445ecc37b2ad598e59bd2ebd1968ddde932b4ed4acb4631614891e93a1470450066fcc8c668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aa1e9bc2bcd276c7989127ac5a1f7378

SHA1
beee23f3a1a2bd18d079f895676a322decdc25e8

SHA256
eed0f1d3afabee6cd5ceb2e0f3e564c6e5a50355e46f3aef66549e279942f26b

SHA512
acb53fba3f39cd3ac69d882c1af9fa4baa57ff83c31a7c7a309df67bce8832921703dde57b3354fc885eb54224fc4ac43b7d15c99ab2227752725ebfcf4804b0

Download Submit