hxxp://venkatramacalendar[.]com

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://venkatramacalendar.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
1072	msedge.exe
1072	msedge.exe
2028	identity_helper.exe
2028	identity_helper.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe
1072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 3244	1072	msedge.exe	84
PID 1072 wrote to memory of 3244	1072	msedge.exe	84
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 212	1072	msedge.exe	86
PID 1072 wrote to memory of 3168	1072	msedge.exe	87
PID 1072 wrote to memory of 3168	1072	msedge.exe	87
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88
PID 1072 wrote to memory of 2040	1072	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://venkatramacalendar.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a4718
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
9c2ecbb414e83e2f973417088bf26995

SHA1
5cd6c958047f801dfd31247e8012443985387352

SHA256
a653367ae9b0fc57ae188bd6b5276222db9c3f4a084aa6ef48d20bfe0f2ba2e9

SHA512
bfc77b8e7f3c62bac4d0261f3b8781b61cee91922cc029708d49af31c70f35bf471987fae93d266aac6475b3fdbafebe27392c6f83a1493cef86990165202632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e493314b705e6cb6b8365428ed98c814

SHA1
f62b04280dc6783b8cbd2c6cced5a93ac73db370

SHA256
5ac4588d38776a6214464568fed24e25398383cdf529d7472ba3aeedd8619379

SHA512
1f639e8d32c945dd68b54569d8dbdcc9b1a09e495d7622481bc86e55ee0ff514a8c5d01291bb5d95673a90f8617c71929d528228a4046c374b3bc049d1fd17a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03bd76c6c893a1e368062dd2f2a3196e

SHA1
834be1dd0164d2f552914a9b4505fa2b10cc6d51

SHA256
f63363a186358427be1aafd8756d02f4588feac4ca8e3e2883a3dc4d2b7da7d1

SHA512
a157ec80789af6cca6af5b037c619963fea0aa723c316dfe10b88aac18e4e1cf722925f87e0215676acecb8c72acf1481018cc6f718a571bd4cd72a7f23d2e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c292ed5f424f9280541734722c6a369f

SHA1
a16573726888fd30abb3d041cf59904fcf9987b2

SHA256
1d3df7644985cc7b86e1497326ae6b01a59f3004651534785150a0176c11999b

SHA512
0d48e2b4694bf9ef22b586e9d11461e6e93a091c0abe75c496947f2d515a896c0879699bd027bd770cb2ca532aaf6a8780adbbd17c4e345ee4d8759e09913332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0821f66a82d646fe6d96ca586884dc21

SHA1
cfdbdbed2af242aecc7a8c5d84c31495e74789d2

SHA256
a650e744c248806ceeb2be89d67bcb5ac6682ce9691297c6e3e7784d0afd3de0

SHA512
87ff1e31eb2a7f9a800a2bfc191a31c4be3b0258458fe642330619954fe98bcd573cac3d60ded5a89058881cc4848150d58a2b702af2ca76382df4f621eaf3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c736737422f6451f04e458f3f2219c26

SHA1
7538c9a0753d993e07586bd6e0eb4e960a5891c7

SHA256
0c559ae854f011bef399f8d149891161e5d13fd87fe819d4392cc416da4e6e58

SHA512
57431d4120e26dd7c37eb6944adb708b2f3481663b1425b42fdf21627d57b3c00624f9636eb44b379ab5ce62ca9173abbaeb63ff6a5a6177b7dca480a663b57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581807.TMP

Filesize
48B

MD5
a7ef1f5b20f23f90e9a158609e1c05ae

SHA1
38a7205b7ef1284f08c29213aba9729377627683

SHA256
a6f75750a367e454d8001e77d49d8375a763e9a228488c89ffe46adb0b12f2f8

SHA512
f46ebd437870ba6bf7f3c8f9fea39049a40b4b0fd92c9c2d2140ec961256193d00b4c9fe32ebd5776389e54b693f571c823e1de1d8ae2640605ed4e3246ee380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
380875d687ba4b161ede2bc7c6958f5b

SHA1
6e87aa48e448d83c139395a3e501e54f0c76ddca

SHA256
4bbf0f78f002791215dbb55e3dc81dca4257530d1bb97251bc3bb235a75b958f

SHA512
acb4e60d7176c3b9b26acc953d5025874f2a0994e25d4310aadcb5895bb4dda0c5c77128264eb2e9bebf6c4abe03629c763c4eb22c6750e41851b570643cd6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75effc49d65b29f10458f05d10014827

SHA1
cf1717dcee28da705b4b6802d1c796c04ef68ed3

SHA256
937130c7ec8466fa3d35e2dd3e500a7e498a9863f1b267c59e61750ee2c9e54b

SHA512
5de41bfdf892fb71bdb98e17ea31687f84732c8b3fb3d6d928143428348d74075a3a79fef778635deb1f312249c45a402bc2529da6866e7d1d3b6223872386d5

Download Submit