fff5f298e5f5f081a0e3ff56ae99e3f43d45f27a6c1ca4ac732b897080869b51

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Seven.exe
Size

139KB
MD5

350273e0d2e8a9ba5e37b791016112a0
SHA1

5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
SHA256

27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
SHA512

b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
SSDEEP

3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
640	msedge.exe
640	msedge.exe
1968	identity_helper.exe
1968	identity_helper.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2876	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 640	2360	Seven.exe	87
PID 2360 wrote to memory of 640	2360	Seven.exe	87
PID 640 wrote to memory of 4876	640	msedge.exe	88
PID 640 wrote to memory of 4876	640	msedge.exe	88
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 4144	640	msedge.exe	89
PID 640 wrote to memory of 436	640	msedge.exe	90
PID 640 wrote to memory of 436	640	msedge.exe	90
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91
PID 640 wrote to memory of 4996	640	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\Seven.exe
"C:\Users\Admin\AppData\Local\Temp\Seven.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf55146f8,0x7ffaf5514708,0x7ffaf5514718
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13614687718888709867,4714188710256836395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
018ebdfd8534dc5366204928127b69b0

SHA1
e543e6bf2a887f27f93189de1b11f0dce4b10e90

SHA256
715fad072e1c60fbf1ccfe4cbb487503b70ca2a4f11fa93c75e534b14b407702

SHA512
4fb3afcff06e9ef91bf6308e56d256c9c651e3a98a7cc99df552e120602f73f8e276722bc2a3b5d81b199b52194defe685b39b6f1494edfc129c89d2e4296fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9827897a89d6fe37123a71a09f477e0d

SHA1
f7e75e557456a6348696391aa6013d53a71b03ab

SHA256
bafe373e1506294ae8a58e395d7e155ec9f43242b61a2d1e42d73f2c98665bff

SHA512
273332233447effd46e4decdb1bf9b82a17fa31056561633d4b9d1c77c09b9db49943537b4f6b0779df2cbbe8e907eb4a29d54bafb284acdd920b6d0dce3f1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aecc60d4dcff51b5feff49c9f10da35b

SHA1
5063f4fd8f352ab35d271f6403a96632e720e41d

SHA256
56cbc83edd9f6c513506eea5e94e771c6b693ffaeddf2c751eba7610b57e3e55

SHA512
969cb6be12333442b20da9a916e40696f09298d53648f5d243645c435ad5f42d939b1216c8b07f7cf16ab80e2225400da1f3e479a741bd865da79c03853e9c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
103614a53f3afbff2bb02300d08ed316

SHA1
e5b2a585e5c251c2543239140afc9f01706b269f

SHA256
58458c52dda6f0d246623c12c2d015a81a0146ee7f3e71dd5d35d740606dc296

SHA512
0b64814b99f118fb9a5bf9e3656740e94690612397b2858462f4b527aa3df85ec798ba0a7674db71d391ac0da08f5eb60bb10c63ffe838333aa7cc44b447d390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac3a28ae9dc8a7d5036f39bfc23d0282

SHA1
e21341a4676f472878355e90748198cae71ae629

SHA256
e4495f63d9e212d31c926929cccf72615a9711afb10b1912e6b849e719cbe259

SHA512
d677686715fa8de1c81fe3919f0c07fede7f74ad49bf08a12ff4a5060f9c166d897987ead712298b9a66d33ab94d88d91240cb6cc150bc50f88226f11109f301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
018cdde0ac3b2b13a87b9686d32eea30

SHA1
e5c69dad3c9be6cd69a3349d8f4a99ceba2fc32f

SHA256
8866b7b5bd2b8830ac19660c455df031d5c48e11bcb1da14d64a993700a71e09

SHA512
3a89d30c7e1b8b991fc65145487545a1945190d697f8c8795a9bc0a9154962b4b9c6c4bea3688acf183abc5813c2933183b3d0b2f9d471f6ad58db6c6955e308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1569d183e9a5f2c42a80aee8fcb50cfd

SHA1
4cf0b4107613db4a3754d9bfa41932edd8239134

SHA256
df87b591e48858eec8cc774d2d63d1a55f73c6deb033801dea272d70ee56768f

SHA512
03d7f2e7acdced029030e529b9066706ba7db55d63c46e7a3cc9847bc4c9fedff8485911cc17737eecf59a2c97a7fc1fb41663ad0f9cdb240b1db584865e9395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63282f24f3f38b359baf3898590739cc

SHA1
3304d0e41e86258a78d021400aae7a73742096ab

SHA256
1a8d784ed5f07fd8717081c4241a00484db33c4262a99c9d41a1abe08f8cc865

SHA512
5907b8e788ce55ece3d479604a288a958782593a134da0c458b076ac0a15537873c6ab20f8c8ceb3f30189267dbf2da54cc05980d514339d7d4a3a93ab6bd6bc

Download Submit