hxxps://816b462f[.]5880c482d0a3061180a519e9[.]workers[.]dev/?qrc=abc@test[.]com

Resubmissions

18/10/2024, 08:45

241018-knxmvazgjp 8

18/10/2024, 08:37

18/10/2024, 08:36

18/10/2024, 07:54

18/10/2024, 07:44

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
812	msedge.exe
812	msedge.exe
1124	identity_helper.exe
1124	identity_helper.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe
812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 204	812	msedge.exe	84
PID 812 wrote to memory of 204	812	msedge.exe	84
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 1172	812	msedge.exe	85
PID 812 wrote to memory of 4760	812	msedge.exe	86
PID 812 wrote to memory of 4760	812	msedge.exe	86
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87
PID 812 wrote to memory of 1328	812	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f29246f8,0x7ff9f2924708,0x7ff9f2924718
  2⤵
  PID:204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14139678900931850032,9931703109815351472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3c515b5c3e83ace2d14d308dd832377c

SHA1
89d36d62d97e74a66018c5ac0d99c3a954aa798f

SHA256
433dab1f0b55837c2b1bb781cfe3211021fe6a0ee0572914d234ef0d43666468

SHA512
e53e803b23819f1241ee48aff71f42d84ca2a76c305b1460a56924f896ee47c0c12e722487b3d7ea4c7902701aada00b3fe159eeb929485c473846cf16e68414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ffd4de2c06731ae45322f3778dcfa178

SHA1
540e989669de3add3550fd2e3a56b16d797ea15d

SHA256
2140c0c9f6819b6a3b5d0ab325f9e357c023b04ec1cf0837b14d3cbe935681fd

SHA512
ca6d2003648a71988c5071ce433d99d2dba200da7f4b445cee985f7c071aff659780ea4d3c40d497927f5a2d6ab318691ff8e5bf0cdbcd61f247739456ea68b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
296B

MD5
0d0932996e14604f2bf56eaafc718dc4

SHA1
08f106474fa0c9490ee925c0e10ab8b69bcb08d8

SHA256
b13a229e246f41546cc14ecdeffd4300fd53488f2f73e0954d601a61a0aa1994

SHA512
801fd3e1d8e11deaacd5d8530a9412f9c80ee7b663ffbc9b0f9ec9c471e5981aa373f6046a3144cf094e53021d487e543a93538b8afb27c1d6663d603c433059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67833334922aa8a505ede1322e4b5765

SHA1
e2836e1000958650ef6ae24e43c714201986d8f7

SHA256
8fe9a90dd8124d52bb034ff624124bd281270c5f746aeae084cfe5d91adb5bc3

SHA512
8ab63760e99f095ab7fdcce7b00c6cbee5b4eba8d5ce06ea589e890e49c6578f37df3dcdc491d05c589415cb10662b390dac3a4966690536b18fbb1578a9dc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ed5a444253c7c301c38f77a1c954d71

SHA1
886c326343f38a54fc9bb8116555ca13177c9d70

SHA256
cee2d69dea021069a27477a9db685ad29ad985fa7b43d8307287bcbda8c07319

SHA512
1e34fbb46fd178b5ae5825fc502c013660678ecc61a09653a4885eedfdc57507ff50246993d81cc5c1f7eb58e3cd5f6a0e438f23e90375490af3dfc1370ef15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b0cb6fa01f7197e97db2549561474a5

SHA1
94f317f027ba60a6be5df4effc439743b7ec1fef

SHA256
38e7fc9a6d7bfebe105ad8f704c2c5b505d277da26c6d24ec2d3b832b88f62ff

SHA512
8778482270a46f6fb828498d59bb320de067384860b97a35aac99f3bdca68448ff5e3dba9edeeb4ca810659fec12825030c9295c809bba1b8cf305cfbb66fbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0d75f6f49f87f573207b754cd18b05a

SHA1
311a563999938eb750389696c2de285603634bcd

SHA256
9c7b36b0f0e87a6b593c0e6fe436956590256eba5f3717183465a79e4c4e7bc3

SHA512
0434930f90c2afa2dcb5ea9a48ddb7999b508417eab456690bdeaa393c334a569205b73dbf97b942118de6817ede6a8076868ffe5de9a14650fa27a70fe9fcde

Download Submit