hxxp://29fe13f2992c[.]atooz[.]lk[:]8443/impact?0000040000000000=test@outlook[.]com

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://29fe13f2992c.atooz.lk:8443/[email protected]

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
5032	msedge.exe
5032	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 1212	5032	msedge.exe	83
PID 5032 wrote to memory of 1212	5032	msedge.exe	83
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 664	5032	msedge.exe	84
PID 5032 wrote to memory of 2740	5032	msedge.exe	85
PID 5032 wrote to memory of 2740	5032	msedge.exe	85
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86
PID 5032 wrote to memory of 4980	5032	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://29fe13f2992c.atooz.lk:8443/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc44f46f8,0x7ffbc44f4708,0x7ffbc44f4718
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6144312608262816909,5218737207897811012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6b4b07544f30d7742b9806acc49f5d61

SHA1
57aa8add44f1ca22ace83e184ac079a873011f7c

SHA256
94e21daee9a1c3890f47ca72f499d8fa8e30bae5c36176997a1e75ef0d4a6c0f

SHA512
85b8387d2dac4f9049ea3333aa3e23d2e85a25f6fa96ff963a3f3c26e51daf0ffb2ad1524c75f918e6cbc36d0e132bd4e001249a9496daee8815e804cf754257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8b5fb49b42bf00cf139a5fec7016bd90

SHA1
15383bd954defc9451e24bb445776b1c40f984bd

SHA256
11abbe522207b7b357f86710617d6ab16ecadeeeecc05e6b4dc2e66096501193

SHA512
fcfb0932f56ddd52844a16606e877910bde389f0bce404a5ba70dd9b0fecfcc8322bf87f39a375e5940910f23cc956f6b81863e60d6d50f2b1cf821969fe0b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5d8572d0e6c5a5f1fdf077451add8d4

SHA1
bb8ba054012f58139c05d0c22d26179404abded2

SHA256
170db1e4d678795a55938e853d609956bb9def07356d799bf07eb3e0ee127177

SHA512
97123cd22304f64eff3e4641a87347dfd8fa28287cc6560ce69da8208f6e75c837fdea65dcf2a0eaecf76b24806915b1d80fea46782a41c67ecf403874ddf11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee30c079345691ac63077b0d1bd4da4a

SHA1
e535068efc8c53d5d5acc7948b07265c33b338bb

SHA256
4d5ed3e61c863692b4c42e2753d7aa80058ed43cf4620b63da398def75960daf

SHA512
e8b781eeecf2f06154d9862a3e3c83c6e3ddc889de1cad29fea11c95a610c5f9c6b6b366c46f90445cf468336fddc8d923bdd40c706234165b888fa348465b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46796a3f4b18f25421b05a369158da97

SHA1
d68aa3d0b76fef288eab0ded45fae21e3470975a

SHA256
79c5be7dc60686ca21e39d252bce42d19afe32e99c9ce11d85bba9892dee31fa

SHA512
43c2624836d7c605af0347173c1a0a0233deae2914f50b471e799b85c4c0414d911188c201bc5200dd3d30630331c2061744d46915b40fbabd5178fd869e2930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e47b0307a80ffa3ad3d64d62c89015b4

SHA1
77b4251d2c02ef7aac27d221c3d2b44255c11bcd

SHA256
8622af146539e60f3c88ba2edc3e040527d053bf2c77272604f00c56f83d7262

SHA512
3b8600c3b2a41f5c594f7f6aeac5e70da5ef4f08be1da074174757d6fc15283bfe0dc6a19e9bcc00a28d85471f6ce62752a065ad96a3d713968c968d47c08751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eea7ad8d49dd6db780dc2bca655571ea

SHA1
b478684b31ed493ff35a57da78313761568963a9

SHA256
cce6739eab63e0efd427744ec741435c694e56fccd5b8b2230c53830fb61aa11

SHA512
54fdb3b34ab7e889657ec2e5ae7889ccae33765543e9037d4704e20a966d9756d4e5b5f706caeab67246f88fdd9a36382b3f0b97faa9748066849738a4420891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2ff80b8e6f55afa64eb1986253c62e6a

SHA1
aecb38275b5a6c2c6ac389bb0b1c8494747fe0b4

SHA256
4db64cf13ca1052dcff1bded304c02f0124d0df8dcc1112f10a3c7644742e21f

SHA512
4e7caa5c65f0fdad3edde8bdd56f8fb36f5964aee4dcc1e4c528c9ba5974d1a015999d90c0c982723dddcbd8c6c481f957a9b60fd4119df1cd04f92246e0e80b

Download Submit