hxxps://chromewebstore[.]google[.]com/detail/pentest-recon+/ndhoegbjcfjdihjjflcdnfmhdbilhglm

Analysis

max time kernel
881s
max time network
845s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-02-2025 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromewebstore.google.com/detail/pentest-recon+/ndhoegbjcfjdihjjflcdnfmhdbilhglm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
2496	msedge.exe
2496	msedge.exe
1860	identity_helper.exe
1860	identity_helper.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2392	2496	msedge.exe	84
PID 2496 wrote to memory of 2392	2496	msedge.exe	84
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 3264	2496	msedge.exe	85
PID 2496 wrote to memory of 4332	2496	msedge.exe	86
PID 2496 wrote to memory of 4332	2496	msedge.exe	86
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87
PID 2496 wrote to memory of 700	2496	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://chromewebstore.google.com/detail/pentest-recon+/ndhoegbjcfjdihjjflcdnfmhdbilhglm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffade0146f8,0x7ffade014708,0x7ffade014718
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10066506944663398641,5903770183147635470,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7aa0be13c8d914912341bac39e064869

SHA1
55d20143756d1c85a67d7172682542739d1d1939

SHA256
31f51a011ab2fdcee551b41cee5371b4c3b5be991d2d83700036c062cc41dd9e

SHA512
6693457f475f0ddb71129b0c9e0d4939ca47b732133f6eae8f829286b2a27dc90f17767e7ec413eaf8e30ed2c13645716848a29af0c2fb0f695be1114aeb99c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\154ad919-8024-470e-9149-a7617df7c834.tmp

Filesize
6KB

MD5
0634cce72c03ece826c3c420697e6743

SHA1
26d5dbf77deffc17978fe630ae49c01959465ae4

SHA256
e1b69189607fc042dbaa44d4828a55e43784e7772a0751eb2508df94ea035a89

SHA512
c9444f3c1436b6c1fbaadd8facf363da1f628fc111c5190b1e11023e4572103d695e2941218c96e099c152d05a9d361f077b05f8d1597e295dcaef1e53260937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
554ed46fe5abd2c4978a54689b078707

SHA1
980b7d70cfbe6a66871a02517753036832f3e9ef

SHA256
c277a6793eed4f2eed7aba2dbbc6f04dea42ae3883a520502a5506b0f3b7dc5d

SHA512
641c0bdc550b355de509209e200fe3ba16bca8e47e6bf85e7e275d29a11578a7c12f8934393bb327377af2cee4779de6b4f9ce5c75d8f339a18a3c93921fa6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
51dcaa83d295c93da515ddafbc63e2cc

SHA1
5339068e486393de590980e36593f6487e2ba21b

SHA256
9d84a0ec7356d29d568eb7ee25db30e8ffc0ecd8a29950c04a2ef36dae1333d8

SHA512
eddf48f49eabae31ffa15fdacaad40da2ef7a29ec712f2e7ed74c579f42b863399bcaba6c04bd168ccd8f268fa2bc1d05a8bf9f583f5fd64d3605f84a49d9765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9c344a66afc6586a8a8df5499cf28e63

SHA1
8e5c15f278592f6bdf32024b016848b9bef9a08f

SHA256
1c10d4e176a2259b9c0011a7fba0b586dbf4afd333d6c08f7a2ac942e44128ab

SHA512
4f4fa7c65816b224f933ab6585bea403a70b5e1f63a65b4f669951cf110d398bac791a10e04e49c1195a89a1a3d5bc70217f2e3c82f47f7f66d230d6800b5526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
707f4154006ec2e59cfc195058f7cce6

SHA1
aa041cc127570e2662c0e322bb2b721e0663be2f

SHA256
3800da0fe97cc77cb016b3513e641656390a4e2dd60025288ba6ab9576ac95ae

SHA512
504921ac195eee8e074ed38612da1ed596ac7c956208aa51005e7f888227db9afbe6228c8e33d58f53cb54fa9a006cff3dd7a706aa11dbef6bd574d468cc24a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f09856d1a650c95bccc9aa366ba7a335

SHA1
a5dacf053061af23fc04e88f68a772117633ccd9

SHA256
d90b8ae8c8c650e4861a4a1f2755f73c5db0b2140092ff550b803ba5acef74bb

SHA512
7d96a837c78d2a20f469d90f5e818573804b6d768cf950a7806e5c4fdd64dbb450c36b0a255ee65b78c98e49f5f8067901f872b0fc8531d4a88fdfa920284036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
23b980d4671106cf1891f6496a2848f2

SHA1
671cf7721c1b58dab7b9ed62b9ab5d2951ac972c

SHA256
1f3ee38b33cbcbe1a3e87c7b69fd08eefc31121c3964a1b3babcaa0e467f8e07

SHA512
4bd89f2f487fbdf06f52e9a452c9a097285425463ec2724d378121a7c164d135d9899acf1968e3ad774334897aa6108e961f49557281407dca12ee0e092c3d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
64408354e71c8264df3a538878c38b44

SHA1
7b3e10b9a40323167f8a4f9ab8a2a1c9143c3d46

SHA256
102fce3255edb96139fc78389e2c006ba7b7730f2baa47cdf2bd64a7b7517f51

SHA512
09c9f949c89df940b003bc5b1bc55904a66120e093fe3bd9789f3a772371cb92c71b05de707a3a78ad207478c35de23b15eb521b8173eae93a1278f20c469dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e0faac53fdf3da2f881d53fc72e246f2

SHA1
58d359b20bc7e654a10bf0099ef29b014c79b20e

SHA256
40fa6db531713f917943dbcb149d47a78fc177c2f9ea757e1164b83c4a49141e

SHA512
54afb1e19807119e66a2b067d86aa17c0630fb3b07fc663c790b39f6079e0023aadfced4839d503f701f58befec2da4f8792602b0a4b8719e8ecaf9c3c8bd924

Download Submit