hxxps://datasciencelab[.]nl/

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://datasciencelab.nl/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1284	msedge.exe
1284	msedge.exe
1388	identity_helper.exe
1388	identity_helper.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 3116	1284	msedge.exe	83
PID 1284 wrote to memory of 3116	1284	msedge.exe	83
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1844	1284	msedge.exe	84
PID 1284 wrote to memory of 1112	1284	msedge.exe	85
PID 1284 wrote to memory of 1112	1284	msedge.exe	85
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86
PID 1284 wrote to memory of 4300	1284	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://datasciencelab.nl/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4068 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x2c8
1⤵
PID:4588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
de8625806f682be231a7a3bd30234d43

SHA1
55d847124e2e8399c8e105b6e4f466fd88eb4b0f

SHA256
e10c7c4b1737ce0123aa6b53fe6f3a5585fdf5fdd2df6ab0de1b6cf12e34aca8

SHA512
04a467416ec417c8536748924b62485bd5111398f3128d00be16352981d2595a0ec9821b24c7ad46f08d27fc1f49151a7b22784de87cdc0d61c30b117c8eed0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d2064bf91e5b8bd78ecc8e0c332a138c

SHA1
8e094b10b2565494d3967980d9e98a70f6a93928

SHA256
280016dcd4657c9c13dc4dcf30f436f790ebdb10083cd3541c56ec72ec7c893f

SHA512
18014d3e66a411933339fd976b421a5bb074db456ac8a5511e0fbd6bf6bf90ee9272855c1a238ef4ecabe9a126091ee17459c73351e31e7231f6aa21aa30de83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
053099f6baaf821cc4d2d0bfd1039f81

SHA1
7106a98b34039abaa550ef4941210875ee2bce86

SHA256
c37ca89ffdcc2b903465e40c098c085ba772376efe141fd319e91942f8b4a39a

SHA512
daa2827582ab703735f4fa4832a3e32d2b0a018f40c2b616ca534943acb34c9e13d2ab7e12efa798bf556ba7f62e8edbd85b2885b487677e638544da7bbe7c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
247d5804efb90caedc0d8229b01444e6

SHA1
88debd6aee092b05b194165dda6087dd1846aa78

SHA256
56df60f3b72bdb09953da032f3acb042175a80eef30b1048737240e260dccb44

SHA512
4188230d6c3a10bf79b9e2f600721899c7c31597c0827a5c082f30f0b28134aa7f6ccfdfe371d4da4b717bf1ae64c922e660acf6633bdb51b80b2bdfb603a032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3366bfb62c80ea41b3eff72db17e16c9

SHA1
b36084a77d237d076d5a23e4d63cab72a370f852

SHA256
96fdc1282d15d4d607ada3150997d96761c49543cece7394e6c6cd5072dbe97e

SHA512
d6c0858e8d34985862b6032e239dd1f002430ccf1a06bf98020ad440d359bc46d918559309df596b2386fdc6b86d86d2cd45b62233c4435c50ea2eb8c1a555d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
5d98ebee50528cbbf7f82a508a05b99c

SHA1
ae74687caa3ff18066e214baa0e12f82c386b139

SHA256
6dd835983859cf50d8213be17b0fc3eb1b53fa1421a9f8a256e386ccf14b558e

SHA512
213eabadea14d72f78322bb2139bc5f49b8f440c543ef1bea4512b8b4a1677504bd412b349b458a3b9a6d9e24042d2010ca1ebdeaeaff3f8a7e6aaabd0fa4ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f136.TMP

Filesize
706B

MD5
67d266c578be2640625e47faeb529500

SHA1
c96af532c9f706db2ccf28683fdd1e1f86d550d3

SHA256
bc62c522332966da0ccba6ccfd5aa6d2052e6ca460bd3306a69a23f51ebedc35

SHA512
fd6aa366805994a15f9d04920da601fc9de4dc91ca08304c509e01477a02d120c1752b89eae928ff5fc3929d82dff028438420b8b88e2ca21b291a8539c98b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d61c5148941987cba4db3694f753b1e3

SHA1
9125180412c6c8c981b5c26895945156acc8d807

SHA256
be70814fac984e1b5e1640bd7118aceaa78593b5483b4f0817a4e2929c790476

SHA512
54f47b70d7c1b6a9b74e59654bcd0077619f5fbdd1533b225f348b4731a3cffae1980e94e9f4bb78755e51ff58dea93a3df5ad8ac469ddee80903605dc547da8

Download Submit