hxxp://getsolara[.]dev

Resubmissions

24-12-2024 18:55

241224-xkyf7atqfy 7

24-12-2024 17:04

241224-vlsafssma1 10

Analysis

max time kernel
33s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://getsolara.dev

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
116	api.ipify.org
117	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{31FFF194-EEF4-41FD-BC82-FB53FACB0991}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1128	msedge.exe
1128	msedge.exe
4504	msedge.exe
4504	msedge.exe
4704	identity_helper.exe
4704	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 4536	1128	msedge.exe	84
PID 1128 wrote to memory of 4536	1128	msedge.exe	84
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 2764	1128	msedge.exe	85
PID 1128 wrote to memory of 1008	1128	msedge.exe	86
PID 1128 wrote to memory of 1008	1128	msedge.exe	86
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87
PID 1128 wrote to memory of 2784	1128	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://getsolara.dev
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6b1c46f8,0x7ffb6b1c4708,0x7ffb6b1c4718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14214871113467547968,14576275679378026606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c782b7c469412cf086f7d206e6fd13f1

SHA1
5a94ef7f264d1cceb183b33480d583d45bde8426

SHA256
a168e415b647b5aabed99985e67f0e9068cb319e73ea6d3b3555111533e3bab0

SHA512
6028f2b5d7ddb591c3e19f980da26e051c4a7fa26d8e2ca04cb8dfb6cdbc00dc04b306bbf8f5515367b3dd51b3aebb1c07b6a16d921e7db377d009f192d34539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
32c89d511a4554a61b972d4610b6d4fd

SHA1
b924daa43c80135b6732200a8f305e4fbf342838

SHA256
8f6e66ae44a55d51d68481b4cca165cc82274dbc6349d8cc0b8f1cb19e17f3a7

SHA512
d7f26ac9aa9db0d78405e8147d17ab8f8bfa453375f94e65a678e13db32eb6b35577d6bc13ae689f2ec15dc41ef0e7dbfbb77666d451cb19cc8473a1d7292019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cce3b0486e2a64696e87ae1d9bf64546

SHA1
8832cf1aacb559b8314ed1f8d61636d706ee537a

SHA256
70d3269ba4617e7359e5b81328166fc008dbd79781a88dbadd0db5e18c3fde2d

SHA512
8259a10bc918635fdd70d91c24c8819e7a07b4e3c1688e24d53fbbc00bef6a2d16f8136398982bd96757273bfeacd5db292d59e5a243f8191d6872593ea38d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c40543a8a7fed737a8f8616d14dac456

SHA1
2247158444b80ef8feab08ecbb519b0efae532fb

SHA256
449ed32d8f660b662b1625ef76b43438b35bc014f57d31e696b60e4dbe04ae90

SHA512
234773e42ba587bef647b6aa36a1419dc9d7f4cfe9ab9c9c90cf815a8a6ebc812637879d1ea861048e1d9a1bc17bb0ad7fc40ccf3fd432fd8ff1e663d6732d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d3fb23fc3eb8f8484ac5009966555a7e

SHA1
ed706e2b48b1397aff21fdb67eecb99915bef4dc

SHA256
d2d0b7d7b436adc15bf9706d7393ff61914d1372012308a16c4a22eb152e565d

SHA512
61de5d1520b2de40393d71496a19a2a8f3c3e3a4cca6198a31004d7ce8bbbef86debdaa3616b5bbe1f4397dac38fc9cb8e737b1ecf3ea4bd43a87c59b01c37cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3d50a4f501f76698a92fe8c6a27261b

SHA1
8711b69149adef87dbbed9f50a7042ee6a4c8d3b

SHA256
253a2c6d4272896e972b2bb55df997f777a88abbdd45999d4e00d2b0f0cc711f

SHA512
9f6ea32c45d20738d1a7718d0def42d61137b9e54f0469682abe51b5a24ad4436095f8b564d8e2b67ef29c3cf8567bd5ef3bfd1ea875a34f3377a212ca901f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580bb3.TMP

Filesize
1KB

MD5
3de8a940dee18cb14b6aee0b719a43e3

SHA1
643b95fec943dc05e1508febf84772324a0788b7

SHA256
00f029d9af8d243c371b880bab5119633c50b368de13ec1ba03b6b88d065d834

SHA512
0aa4333dd23cee6f27b44b59ffb9c2407a12554697004cd702d63e4ffb88d2f440d17ddbce43490c17a6b62aa5fabed960f9f655c4de784b2aa7a211502b786d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
61d0cb1a4b758616c937910f5a3b0605

SHA1
d62cb57a0bc0cb0aeb1b00d3363e7362a5fc5acf

SHA256
ce598c771bb506924c8312b042029261813c96f0494aad4e14ad1a5c4180cf44

SHA512
d8dd9cd138057a551d581df6460b48690cefe747910f4de3ecda6754edc83744946b40aea7f2c915ebd493b75904143c629936d942bdbc325bae28189b374ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17d42a9f3c38005f9a9661fed0c2a4d1

SHA1
c85a7c5a508e38cffa04a51344554e52db157b98

SHA256
7ccf05eaa12e10d401dca0e5ce71efea9e981b118756ea9f812987525e889724

SHA512
71628cbf30e658bcca366c3960c4f2857aed3ffd42fb38d653e11aebe2e0982be18fc444395b5a4ea0115e3112293905f080f39553f262e78ce3bb6383e48067

Download Submit