hxxps://816b462f[.]5880c482d0a3061180a519e9[.]workers[.]dev/?qrc=abc@test[.]com

Resubmissions

18/10/2024, 08:45

241018-knxmvazgjp 8

18/10/2024, 08:37

18/10/2024, 08:36

18/10/2024, 07:54

18/10/2024, 07:44

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
2364	msedge.exe
2364	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 900	2364	msedge.exe	84
PID 2364 wrote to memory of 900	2364	msedge.exe	84
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 1744	2364	msedge.exe	85
PID 2364 wrote to memory of 948	2364	msedge.exe	86
PID 2364 wrote to memory of 948	2364	msedge.exe	86
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87
PID 2364 wrote to memory of 3076	2364	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e4718
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12753368031512160318,12559818687837120302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b9739f5776a018d1dfea64dee3f4897

SHA1
3dcea83f53d046c24318fb0748f4d0652b213456

SHA256
a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0

SHA512
d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2c40d5d7c5e0a85321aa5a230e68a231

SHA1
c4ac788ba4da6897adc3c9ef661ca6b469fc547e

SHA256
9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384

SHA512
bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\598f85ff-36fc-416f-b0da-9f23a24143b6.tmp

Filesize
5KB

MD5
dd3e6dc495e436f615e1c9b9ddd1a330

SHA1
da29c27abb05009340dc5f50b7ecc5e3ef837f7e

SHA256
e0297d83cc455b0fabfcab23c9ca1569c105710192b7f082287fc94f158b7218

SHA512
1ae3e1fd93cea4bf8f0012c383dcae41ad0e7fdc671dfb8c018d293bc822231e774cd583061117e7ff47dce4c589cc02e3ccdd479adc35e146aecde4e501a406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
fb8d7b3330b1911e208cec8902798222

SHA1
82a8eb271af25519539704d5a1c9f10846275651

SHA256
0b06179bda1835f1a0975b520288cff26b3500aa71cb033c025c8d9b50a08bd4

SHA512
618014a289f602bb1b4228ce9107d5dadb829d9b53ec035b6a7a56d78bbd15a80900a9c0da5f914564bbccfb689ed592eb5cab2f113ca085e50428474317fa80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
eac9d8588ea5fc83b5fd3f78c3797e57

SHA1
492ba46229f16e4082f397bbabb5d7c9d3a8d8da

SHA256
45125341318d440fdb9d179261e21157683429389ff42529271ddaf842bae4ed

SHA512
a957222c7209c9dd0e8330e795475ad59729fb8f8930eacce026e43fce07c459280addb39868840054a42010b756d2de0315fe5c82bbd63506c535e670a4e65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
296B

MD5
0d0932996e14604f2bf56eaafc718dc4

SHA1
08f106474fa0c9490ee925c0e10ab8b69bcb08d8

SHA256
b13a229e246f41546cc14ecdeffd4300fd53488f2f73e0954d601a61a0aa1994

SHA512
801fd3e1d8e11deaacd5d8530a9412f9c80ee7b663ffbc9b0f9ec9c471e5981aa373f6046a3144cf094e53021d487e543a93538b8afb27c1d6663d603c433059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e93fe2546258f48b5a369047a43f0c45

SHA1
4cc4b473de5d227798f84fd15e9ce5e42d5ec6e0

SHA256
e6ffaceac535e77a75862e1368798153b0c97365f860362d23f03781d873e4d8

SHA512
3927091d1788dd5517e24678b52f991aed38a7c080fd9485d5c19290063aa7a14b4a70aa525ae43cad31280b07fa218fae5f82a05e6186b0f1a86b2746a9ce7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62fa438b48fdfb61c360e6d4fd356110

SHA1
6e54e946a5211afa1459715b9f37a18ea92cdd57

SHA256
fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798

SHA512
01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc038d097a0593c64ee017e369f2b50d

SHA1
3bef5c78d6128a0f0cd5cc82e54145f28e7ea31a

SHA256
7c7cde2463ae6f3b1f6b459dfe41b6bbcb015ed25164ba7062a9118ed85a5eaa

SHA512
6e5ae8821950bf93c0daa042868e8d6f6e7fcddd9be8c3ae57b62573a73d582cada8c91509163434ce0b85d6d703ddbb54c56b31eabdf50a19f136ddf96d2251

Download Submit