11879aaf810fdacf73f694015e4b75ab1c68be8eb372b76f1c03d8b21d0dc1b7

Analysis

max time kernel
38s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

subz 1v1.lol/subz.exe
Size

26KB
MD5

865badf073378140dab7511b0dee0afc
SHA1

2ca65cda56aab2753204606d21d8432101bdc97f
SHA256

b8f42e6dcd16829517d25a55184fe6edfdcf47307242650a3f69af70e03eb080
SHA512

3c856db4b91f9e65f74862d3495a9f29b1977cb34afb48d0e613a9822c7bfd0b47e29aecf2cc901f8c6c7c1d1814b8b7d37e00e3de20781d1a84b85a75f8cd49
SSDEEP

384:befEpBwVQhGtxOZrX9qKRypUPa9BejCqttp2uYxSI8Vn9UKeQ3DDmd5G:C+QgXZi9Iuu2uYxS5UKl3nmd5

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	discord.com
21	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-384068567-2943195810-3631207890-1000\{04F60579-76C5-40FE-B835-DF9AAE0559B4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1692	subz.exe
1692	subz.exe
3684	msedge.exe
3684	msedge.exe
936	msedge.exe
936	msedge.exe
2676	msedge.exe
2676	msedge.exe
3548	identity_helper.exe
3548	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 936	1692	subz.exe	85
PID 1692 wrote to memory of 936	1692	subz.exe	85
PID 936 wrote to memory of 1544	936	msedge.exe	86
PID 936 wrote to memory of 1544	936	msedge.exe	86
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 2388	936	msedge.exe	87
PID 936 wrote to memory of 3684	936	msedge.exe	88
PID 936 wrote to memory of 3684	936	msedge.exe	88
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89
PID 936 wrote to memory of 4276	936	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\subz 1v1.lol\subz.exe
"C:\Users\Admin\AppData\Local\Temp\subz 1v1.lol\subz.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/boostware
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8005446f8,0x7ff800544708,0x7ff800544718
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:2388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
    3⤵
    PID:2428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3592 /prefetch:8
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3556 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:1224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5339359473108658450,5231785399658774270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
f079af104b985f0672508a03c0a17afa

SHA1
5f0faac4f2e21d1306cceb813daa99384eef0f44

SHA256
5fab5324da4eea113af3376b85758d0836a8f6e2aeb81161422bed1cdaf857ff

SHA512
65dd465672d0ac722c69101ec767ef2b1cd846a4a9c038824842fb232cf1468866b5c5124be00cd9b6bc6ea9472ec31b1c9a0170f1fc1b8bff18e6da0c30361d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
323B

MD5
74c9e7193b0cb61e692095d8d9e01ae8

SHA1
2f60d0b754e400d545d5f3829ae3b0a0b990d821

SHA256
b51c6699b167d0179b11f965336dd9133829945e8992fb391043536d336d9baf

SHA512
e3abb8a66b88de18aa084934f2d481d7f10060d35b0426a12b7dc1e7a3a8199261be181e889a4054c5d108884a16eb304a7e1b575de21820bd97acb48c13d747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21060190263ec99d3c6308403068042b

SHA1
0b8d09aa22c8fdd84cc7fb91c3cec5700667638e

SHA256
25510e36dcbe22098a3d9488f12d6d35b6b6312ab91c99bb7ff4050171c0cd6c

SHA512
9cda7808bf964c29fd15158cfdd79d74b9ef70e88deed05b26a7afde9594b6467b0f4663010ca6c421311e926fc32f780a5b1149c0bdf169e465b4f3d141da1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4e36374b238a800fc07971543e4dec3

SHA1
bc6768234c41331f7bac38a591cf2ec28a545648

SHA256
a8521efe92e47fc1d8f2a2a2a8deccf4461807ce2282d5f78708b30c7800443c

SHA512
e1b8dce6febeeb232be76abd3af89f63bc8ba9344bb00d25442fa8e8948e4fffa0716680ee0be74a4e981fc72c6d0b060e8787b58ed3d351b004972c425d2796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80bd82277cecd121a146dd4c4aca3475

SHA1
51fdc312008d842e51a27974cdc1de544d6c0af2

SHA256
e9bc53c19506a187bd057aa26d7dbd0975d8a7afc1e3e8859af7c4d3689c547e

SHA512
78b037ee1de9eb0a24b3288798275d9a4d3814173432ae8b8f49210c6d839011e1afa49b726fa7f7213bc3f774464489f12bd7aa1472b3ce8cc0604cb514f541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8db3448fef624bbb91892426b8a3523d

SHA1
8f943b75841a79a53aa71c6fd92612e8d4ed806d

SHA256
077c2950e49210040adf0e9ac3e7a11ee0e6aaae1c6f8ad983f025d8a22a2080

SHA512
5ef0a9ef689ae58eab55c79c8a7a412193334f3b16f7e3c9de7f3ac9a68af19a20df55207708f36499c2b50982e6dc334b3eb6d210239ce7e2856560cfbe358c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c07cde21-2999-4152-a67c-60b11cfe8ac8.tmp

Filesize
11KB

MD5
066e8540b9e3177c161e9daf16bd633d

SHA1
c3e075a3107abf6e3a581e9b629c880e0be7899e

SHA256
176f7da3d2cb3998c84c06aa83eecc962ee5141a0e20f336c66d55f16b088d65

SHA512
2be7096b9175a4b270e206c5faae65d2fa0b3d6dfd4e56f96b447cc6e7491a94515b1cba1c818985a480bbbe4d7937913eeb4978757d8741a58b595ffe3cc377

Download Submit