hxxp://bsif64[.]farmboyusa[.]com/bforslund@montrose-env[.]com

Analysis

max time kernel
840s
max time network
845s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2025, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bsif64.farmboyusa.com/[email protected]

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2384	msedge.exe
2384	msedge.exe
1716	identity_helper.exe
1716	identity_helper.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 5044	2384	msedge.exe	82
PID 2384 wrote to memory of 5044	2384	msedge.exe	82
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 4540	2384	msedge.exe	83
PID 2384 wrote to memory of 2124	2384	msedge.exe	84
PID 2384 wrote to memory of 2124	2384	msedge.exe	84
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85
PID 2384 wrote to memory of 744	2384	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://bsif64.farmboyusa.com/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa5c046f8,0x7fffa5c04708,0x7fffa5c04718
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,7824391110095271290,803145996269428826,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9dc3a091ab6c36eed17783c2db6551f3

SHA1
edd790080c16eb1027b152782a0a763f41639886

SHA256
3a94e0978707c35432c9f27571eb3d37b359f80a7795f1b72c822b4757362747

SHA512
283c8dc2bc57847781a0e26c19431744041fb91465588dc02c9ba4f5e22be916990878edbca152ce5917557e717de9668f5d82ca7bbd2a5f92ce03dec1a1a26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3f684c9470d1b78fcbd5c376445b309d

SHA1
c169d53d7e249fdca158e2cd287a112acc193966

SHA256
c0b855faa25dfa771c344593e12acd7bb737e902ed29fd43881df83c3c52e884

SHA512
9175169f0cd01c1fe3b90782020bf04ac96d77b0a37b2d22a4689759de220ea3de25c4e7e9f95f25d7c36f184e4becd709c2873d9f39167bb995ced6c48aa5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20abb80e067f692c786a1cd8bf64f5d0

SHA1
83d5dbc471325a761964451bef9519935abc915a

SHA256
8633ef514be3f6199461e901074878b17aa389e30b5388fddef6093224cbad2b

SHA512
c49c4999ea870912a0f62eff312e49e14d24c41d7989c76a9ec4587f9d5186b5e033714d065cebc7e2647f773ea1a3de84bab212a2cde6253d1bdd6c769d0ac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e06901358d674b2ba98ad39cb6ca059

SHA1
fd90d72e9c805a534bd0044e15a455919d033aed

SHA256
3919658aa82b7f97a3b09f3e298a131ee0926a55ca0528d17980b68ef6affc96

SHA512
a9903012bedb18c4a0776d7832529f822305fead0957523123d53f6b1cc09b272b095a16017ad611746f8194762feb0c365d9b1fb0be54a26b4cb05705c63527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29b9ee40c57598c57a4ddadf966f1026

SHA1
1c388d35af364821908e021ab8b68f136faade6d

SHA256
f109629e870913899e9fc5398c1e10152bedae96871c0b59284a23fb23c14dd1

SHA512
564233b6dec65a7407d2f9cc1994d04a29cf92468fd66baf02bc60ae0dbd2f2bb9041366193ba85782524bff89a423a1448052f2076256b6681a16656cb71230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64993fcf97f8831a8f3ac18399554a65

SHA1
7725d909a821eb09117714d7d27c692a3a9ab5f1

SHA256
22e96f8e9acfb71d02f50df24169ef4ea5690dfdd7124787d5bb254d84288f91

SHA512
59f5e7d2ba925ecb67e24b5d66c1ce3cf14263d01fc57810d710ede359e651d5ea076dcc9631396a46c56058d545e899c314e40b229e8cf4bea6c920ca404111

Download Submit