e683b909867110383fbdf1196131c0ff92fa51ff9b411722a43cc643181f8a2e

Resubmissions

20/11/2024, 18:13

241120-wtw42s1flm 6

20/11/2024, 17:49

241120-wd2plavmfl 3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

e71b95bdd688909e93401814d11d5a2e
SHA1

dc93caa18b6c59a892bd54671c858c6361c0b71a
SHA256

e683b909867110383fbdf1196131c0ff92fa51ff9b411722a43cc643181f8a2e
SHA512

e8c43c54f50170bd4581a8755203e1539df226106622db6d35b87492aacebffa501ae7f8b4f7569685fb57240c109f85be6320dfc82dbc53c8c2474113d70c9d
SSDEEP

384:9tTp1ocy4I4lbGaDMvhpNDabI/jlObz6r0sZYfw1xCejiw:9Np1ocy4HEagJpNWbzbz6r0sZOaxPiw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
4564	msedge.exe
4564	msedge.exe
4324	identity_helper.exe
4324	identity_helper.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 4944	4564	msedge.exe	83
PID 4564 wrote to memory of 4944	4564	msedge.exe	83
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 2276	4564	msedge.exe	84
PID 4564 wrote to memory of 1920	4564	msedge.exe	85
PID 4564 wrote to memory of 1920	4564	msedge.exe	85
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86
PID 4564 wrote to memory of 2108	4564	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ef4b46f8,0x7ff9ef4b4708,0x7ff9ef4b4718
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6216 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16114931625904193413,17691197743509108899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
c1aaa844ffb3bba0eb544c4daa05015a

SHA1
a872551fc69ca97d251149092d88627a64f29832

SHA256
df3beb136a1eaa18382386627dde5b26fa79a41275de8613d1bce328a4eb67d0

SHA512
c5d986496bd20464916659f2db492acabfdf888213553d14ad842913f1431551f6d997fe0129a3cd2743172a72e394dfd502c5bd31fb5cba90f2a758e3c954f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
81d86224604d86998e399b704f2b9734

SHA1
bd96c4724cc562a84b33fa3de5b8a478e2440191

SHA256
f0bea2e07de504c3e648d99bf1d14aa5157965a704b9962dcf3968daf22b8d22

SHA512
fb18382e6cf896c868b5e3f3cdf9472c4141cd10ee676d6a067b901cf385b933e15b1f68945ed3e595844c206f277c4463a71e4bd064ad90e35443521a5a8eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ca83353deb87d591511fe2128ffd070c

SHA1
b37f74fde6bf8e683932b030109a1d82848baa8a

SHA256
fb6fed5d04a6be77fba9fc9f28856871e833e80ec6c056e50d09873158843e4b

SHA512
fc632a68e5f266b2a17de340861956de0c7e1beebd2d562daa4a9d92fd72308092ee051efecb21cb6dbce9889532e82cb7c5f0abb94aeba6ca01303f8fab6731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b641290b5519c2f64aa5e1cc66c3acae

SHA1
48d327c5a46fdf6cf01e15ad36904ae6167daf5d

SHA256
a756d1d35d92f7cbc8b7eb7a54871d6497137717738cba0808874c22bf81cd19

SHA512
2b30ada1456e25191cfded15a5acc71f701ad06b1f722e7b9845bb3fb9192e3a37916d5e863e68d2acedf7e3aadf193647366cc5c1d44477916b76cf554cad8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62d7200a43da4e4ae8e319ae83892caf

SHA1
c731c7da1745ab2bfbcebd1426dc152be11e6b9c

SHA256
2eac7d22f46377a689d45e7e283a56f2af344847a371eb40af4d96a52ea29be1

SHA512
e3c439c0e3f07f422297d1c217cff3f44c6cf9fd45fa0716ac4754a180b17f31a664c926b9cfb4ad3db16e6f612f677016c22102533d1d8d1b5a3216dae4f0bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba15d3fb7a6e0483ea8f1ca922783ff3

SHA1
16efd50442ae623366a78b3adf5221beea3bccad

SHA256
53aa353e44ce6908d72dc91fa6efbe01a07187bb4285a18fa66306e7ddfdac31

SHA512
bda56438b51f4be907643abb5cfeba4f0723e3dacbe358648ac64c7800e40c2c8305663b00cd8c0dabba0780b50346fb0250866c26385693b61dd2f76c659bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8723448e0a6a87032fc61e6c88d714ba

SHA1
93ac29917d8ca78b1bc2ffe814ba507fa59fdd05

SHA256
eaa623ffb3a3f9680d8e79fdc5c49612c3973b1e3e6d016f5794a2a9d0d3e88f

SHA512
7a0a0a60aa229e5b901493fc512c5b7c96f2f285945bb6031ad01460d9ca7a2d915295675d1ad422b65f799a80888a66811e6e86692ae218630d0abb2c9defff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e2a826bd09eba93877428ca7f511ca29

SHA1
2c19912bc24a323f99d5a923b01d664965bb4a3c

SHA256
f472ea95bd154bc70aa286cdf82051be7d6cf7792a95d4b643491f10123c8e01

SHA512
1134cbc65f6ae195c3728bade1d64fb1d55434c6e8587e64e4af50af723de832acb08dd94b062c0a5df44c6d9b2af3e14d822fc888c37acd156c9d2d4fbc6fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
128426b4d1c68def8db6339c3d0bd349

SHA1
9a66e6585aca9d0315d4559ebfd959a97c98a264

SHA256
260f85a18ba562e38eafd38791967f0dbb7e430adb7546f6bd780cc0fed94727

SHA512
db6717c7fdf0a444e700dc04dfe6a87828f8866348473c8557c02939ecfef547b929e716a4dff48f87becd2463a7f8738c02bb2deced265d579afa656311a25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ecab49dd36f0c489cba8a389fc7bb51

SHA1
cfb96c54eeceb04b54015699b661553d0472b0d6

SHA256
166a51c92376c49cee62acfc8518f3d7745c67f1c8812b4fa2481bb84bfc30d5

SHA512
dc64bca528c7fb518e86fc718c0bd94f69958bd9e42ec76516b5e6f6ce447b185e47879ea740b45c1a92a9be4b2acfa03dc247e64fcd70e5086fa63440795829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4583b635d4fcd4fbfdae3e5582047c19

SHA1
00dd148fa144c0601b9b2bc18043d7ff372ed6d4

SHA256
b1a1c53e1783f76ab3184d99397da1e2e2736b04e0f1f75472b6e1e15048da4b

SHA512
cec26e3d549c381baa209c9884d47e1068dba59619453e5a0347331410f856558c1935e67e3d50ed57ba8fd5395693c00d8764c07f08586f35e06d7818806df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0ed9cdbd9bf90c1715f984862a335e7

SHA1
d4b7e2c2931f12927603560d369d5e3b6a6881e4

SHA256
df96d2cc37a44be5481cb415c1a4763b89c46dcd0020deac6ff1f64b80e941c7

SHA512
7a44d87a13b0ba7f3773a87b24c571d83c5b9c695de22ac9d9f388370f88e45f04fdd7122effcf3145df2f36c1715d336d1295db446c3ebd74b67d2afa22e946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c2f1435d15dba68f6857cd18fbb9c4b2

SHA1
0a54c7b6f85fceb88fd81c3233a963ab018380ef

SHA256
63d629d80209e68e1c3f10ec8205f6bf5e3125aa763352f08807c8b7a3dd55d8

SHA512
0f53e267b5f1cfb9d7d4f07153ac7680e1912c8c748b907d82e9c8bb1e7c0e5ddb3d81b1fc0483729aa55675a045b5e36916662bf616c8c9a5df03da8bfb7995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58addf.TMP

Filesize
48B

MD5
a7fd85265f6fa59de79048707564bfbd

SHA1
a092c90ca95b2c91f424a258a1d5bb7bba98a79d

SHA256
e337fb1e97fecd5e7bc6528551ddbdaf6c90ad2de5a8158ad51830d6dfb73212

SHA512
edc20903e00a1efe86605cd2872f7a41a1aa9940594bb0e9231954e3361a6d65ba1ea4f8c87b45223c619e9bce137b42bf5a6d3f94129aea322b3bb98a1044fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02702ac9f26174d81ea87bd4a52474b3

SHA1
3d69164d1232eda6a01e2354b6daed47844b52b2

SHA256
a6f71b531c3caafc71d60d3643731dbe22a021d7a42b448a928f8f35b141ade0

SHA512
f40df6bd27670e106e8d77247a32122b86846cb047c5b72f952bff02ae5dddfc9c5c54f2cda9201ee7bedabdb37ce286360b5ea8d2629e9ea05b107b4ce956d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
282f8c97475d118ad548ec2f172095e5

SHA1
7d95c799056b4623f2039fc19314d77c0d2aad67

SHA256
0e09435beb94d6d438a5808d8edb44c28d8c62206db7fa0b22bd215120d06524

SHA512
05a1a16e0dffc80c5b609c303f419f29e347b51cc920e48ba68038304476b899af3d57b1227c48a64f5e31a6a4be603cc04025df04c6d095d860ba92fc8d2493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a13781344b255209382dabc396303d3a

SHA1
ea3ace78e42f8f4e6096450e8a713886174873fe

SHA256
370e90313ebfa904122f99b418714432a2770084702dc55cf085f369fc03844c

SHA512
d0ec29352e5fad5271e1a79bde4be9e6fb8d683ed2411eccff877ec6d98d3c6674dd83132458f137ff402283ec70bf7b133c1df7f984643313238fe52939ed4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4bf00918d5b1b0ca4a9cde100fd9e449

SHA1
7fd2f78ce297a958fdf902f7bab9c0fab60df7e5

SHA256
849f1ba68a440fe2a880cc536d3c8afc86aefeff0a11e0d286fface80419ae05

SHA512
a7d344c5587ca3f58fca51cdf8591356ec9c15207fca3eb174ef60e5ba5267f81926c49df91b22b6fd7ab82830f6f3d663617d430fd227643e299f57754f2117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c524d8fb74e4fa5de157f7f8d1b94bec

SHA1
b4332ec3035394fcb8886d442bc201ab1bea7007

SHA256
291e03eb6f61b6c0e9226ddfae57a7f00886c33c35fbe333becb59ccf32f6769

SHA512
e9e2ef6667775b28ecb912f8e5f1239fbdcc156492f917b49231e200f09523d6d8bd5778455d41e0de68714ee9b4e25cd36e3a8054584af3c31fe47b2fbb0816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5872ba.TMP

Filesize
538B

MD5
82823fc789419554b42499ce095cbf1a

SHA1
76d840f89ff679082de97df68472f2107740ff63

SHA256
f0bbe962ff8def742a235e87d7ed25569369cb52356b134cdda4dd0f69f81966

SHA512
a278a05ac0cac2964fb5f25ed9e785e510d816844a1e59f4f3c44e7ba3716f9baf7fc3cd54a780525ce7b623ebb942e9058e0705da5b56d39240eab14d5d8f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53218b32a65733086485fce28df1be64

SHA1
723494256f824026234428464658049bc5221f93

SHA256
eda70ee516fc3e6dccb17ea6198806bdbab953633883e136552549b5be162708

SHA512
86dcc874b4f0c1d9d9906eca8e1483f8519094f5151cc68fef7aacef409456bfe3be5f465d915f54aeb9347a8bf2a05cb19070fc132cd082c8e8320731843f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7332b3d299cfb6785b5f9ed7007a5cb4

SHA1
d7882ef761c3c6de0d85e2d35f3ce2fbacc6d070

SHA256
d93412946dcbb04816bdf901ec99e7f8ce5f0459984c0214478d1f217758568f

SHA512
d637a3107d8d66eb401ed7120182fa12d92930f27ffa14fcf4bd466ec05a9d427f2f77a85fcf60f3c51b6c6e7b7eb36a158d7db060595334bc2e90d790ee5133

Download Submit