hxxps://www[.]google[.]ca/url?q=30NUMBER&rct=86293177546426017965&sa=t&url=amp/s/estudioit[.]cl/starl/%23YnBmZWlmZmVyQHZvbHQuY29t

Analysis

max time kernel
145s
max time network
140s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.ca/url?q=30NUMBER&rct=86293177546426017965&sa=t&url=amp/s/estudioit.cl/starl/%23YnBmZWlmZmVyQHZvbHQuY29t

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
1772	msedge.exe
1772	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
2628	msedge.exe
2628	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3416	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 4292	1772	msedge.exe	79
PID 1772 wrote to memory of 4292	1772	msedge.exe	79
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 716	1772	msedge.exe	80
PID 1772 wrote to memory of 3700	1772	msedge.exe	81
PID 1772 wrote to memory of 3700	1772	msedge.exe	81
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82
PID 1772 wrote to memory of 2168	1772	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.ca/url?q=30NUMBER&rct=86293177546426017965&sa=t&url=amp/s/estudioit.cl/starl/%23YnBmZWlmZmVyQHZvbHQuY29t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1980425590248386666,10636406226917444073,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fe8d8524f0dd8676a5f18f0c95c9b543

SHA1
e37674551c6832e5b7ec1744839d5849f6e97595

SHA256
c9b8f07abf9df15740f2faa3f9e042a9c1291fe5297ec994569ba58e1806cc78

SHA512
e1eed122e88f5143dd273adc4122135572c4de4e0b13f0b48ac458d40c7f2690b4db8cd395a3ceaf909a56a089745e1199fa5253866d6cc60421c6b73bb2dfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1779a01e4ea694f5d669e6a0323b5b49

SHA1
5c32d16bd3b494c2cf8f4c14d799572318a2d438

SHA256
26ab6350a819356e2201f5f03749e43984db00b1ddb8473980b4fd761b23e10f

SHA512
b3f29bfc0e8235469de51efd33f2942f1a4531db7cf565cf79681c0eb0bcbe80d60f09de351bec257b4371eed5fdbed10ef99ab895daccd9988384b5cd0ed7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c154e1b2baed9c622b18d1e6f22b546c

SHA1
6f67d922e945ea7ed63300a2285230fe918a31b4

SHA256
54856085a067df41295987c65ef2bf875eca6a38bce31b3c7fd992d6cc5f8d85

SHA512
956ac784642aac6f44c35cf04f1ff269e1019ba95d23927bd9c5f533e9bb5a6f03831f918b1c35d302eaaa865a63011da8eb597ae80a2800cd7afed901d2746d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3db28d06015ef6959d5b903ba1384ed

SHA1
7773039131ffbbb228164b949724adf08b0e4cc9

SHA256
d2a0493b5ac9a848f1240d07dbab269f31f35f8e3c494966633002f6696fcf3f

SHA512
615d6d202d7d37364b22cd2f67cef64c0c7a99a206ec2f1a1d4d5121bc692dfd956e3381fe11b79d5d567778f4b518a6f9e36194e794150aac0fee3b1222ee13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6595bfa55573c2377a051e16020437d5

SHA1
78a15def79fa80d65ef51bafcf508b10d100181a

SHA256
a49089f4c2d766ff99fab8beabaf51fc1012b2ebd5a03f5e2cf760e57aa8314b

SHA512
9584418560ca363fd45ec97026bd59fadbe209d835d200a313a171ca339af007b534d4cef11f94259d7f91bf2b8f09734a20b238b04c2b7a1adf0f6d9719ed81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76ed404057f866fd5c1807f045a272fa

SHA1
d37d0c5b3bfe6843e4aea39f90431269dc621af6

SHA256
4d89c597e5d2046f8e4df1c42676ab15bcac977b7a83c99e90742f0c697a6c04

SHA512
7e8cd50433a53514b791bf893b8850321316f50006865546a490e6ed5a7ed30c86c72c1bf1a60f6a7ae3c1b03c450e3216c3cc6f68b360838b57cf0469640096

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
71a6b59e08e25451e52675c842fae23c

SHA1
565a97673954a9209c7a05fba20b89d10b88025f

SHA256
5b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6

SHA512
5cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3

Download Submit