8bca26692e07ddf56409e6408f69bc9cb0a49bd87c803cbf6af78615872e25ea

Analysis

max time kernel
1685s
max time network
1146s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FrozenSpooferVMax(open as admin).exe
Size

719KB
MD5

237bac9ef3086847085caf5063696e99
SHA1

b4917d962859770019e1a3f550f719d20c49bb01
SHA256

8bca26692e07ddf56409e6408f69bc9cb0a49bd87c803cbf6af78615872e25ea
SHA512

fdee9e7c82bdde0ca612ef47ccb25574764021ab544174ec2119ed0ca4cf4560c6d85e0fa5e35d95f99297a417efd478b2067d34891fe33cc3f40363f30e1cd0
SSDEEP

12288:ry6H2Ce/BhQDUx2tKW8NbxdtZdIWwHkIjgIFlMceC/:r5WCKQDg2MdxdtPISIjRMBC

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	discord.com
34	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-113082768-653872390-2867000172-1000\{8D88FECA-1CDE-46D7-8006-86D646146C19}	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
1876	msedge.exe
1876	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3860	WMIC.exe
Token: SeSecurityPrivilege	3860	WMIC.exe
Token: SeTakeOwnershipPrivilege	3860	WMIC.exe
Token: SeLoadDriverPrivilege	3860	WMIC.exe
Token: SeSystemProfilePrivilege	3860	WMIC.exe
Token: SeSystemtimePrivilege	3860	WMIC.exe
Token: SeProfSingleProcessPrivilege	3860	WMIC.exe
Token: SeIncBasePriorityPrivilege	3860	WMIC.exe
Token: SeCreatePagefilePrivilege	3860	WMIC.exe
Token: SeBackupPrivilege	3860	WMIC.exe
Token: SeRestorePrivilege	3860	WMIC.exe
Token: SeShutdownPrivilege	3860	WMIC.exe
Token: SeDebugPrivilege	3860	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3860	WMIC.exe
Token: SeRemoteShutdownPrivilege	3860	WMIC.exe
Token: SeUndockPrivilege	3860	WMIC.exe
Token: SeManageVolumePrivilege	3860	WMIC.exe
Token: 33	3860	WMIC.exe
Token: 34	3860	WMIC.exe
Token: 35	3860	WMIC.exe
Token: 36	3860	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3860	WMIC.exe
Token: SeSecurityPrivilege	3860	WMIC.exe
Token: SeTakeOwnershipPrivilege	3860	WMIC.exe
Token: SeLoadDriverPrivilege	3860	WMIC.exe
Token: SeSystemProfilePrivilege	3860	WMIC.exe
Token: SeSystemtimePrivilege	3860	WMIC.exe
Token: SeProfSingleProcessPrivilege	3860	WMIC.exe
Token: SeIncBasePriorityPrivilege	3860	WMIC.exe
Token: SeCreatePagefilePrivilege	3860	WMIC.exe
Token: SeBackupPrivilege	3860	WMIC.exe
Token: SeRestorePrivilege	3860	WMIC.exe
Token: SeShutdownPrivilege	3860	WMIC.exe
Token: SeDebugPrivilege	3860	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3860	WMIC.exe
Token: SeRemoteShutdownPrivilege	3860	WMIC.exe
Token: SeUndockPrivilege	3860	WMIC.exe
Token: SeManageVolumePrivilege	3860	WMIC.exe
Token: 33	3860	WMIC.exe
Token: 34	3860	WMIC.exe
Token: 35	3860	WMIC.exe
Token: 36	3860	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1476	WMIC.exe
Token: SeSecurityPrivilege	1476	WMIC.exe
Token: SeTakeOwnershipPrivilege	1476	WMIC.exe
Token: SeLoadDriverPrivilege	1476	WMIC.exe
Token: SeSystemProfilePrivilege	1476	WMIC.exe
Token: SeSystemtimePrivilege	1476	WMIC.exe
Token: SeProfSingleProcessPrivilege	1476	WMIC.exe
Token: SeIncBasePriorityPrivilege	1476	WMIC.exe
Token: SeCreatePagefilePrivilege	1476	WMIC.exe
Token: SeBackupPrivilege	1476	WMIC.exe
Token: SeRestorePrivilege	1476	WMIC.exe
Token: SeShutdownPrivilege	1476	WMIC.exe
Token: SeDebugPrivilege	1476	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1476	WMIC.exe
Token: SeRemoteShutdownPrivilege	1476	WMIC.exe
Token: SeUndockPrivilege	1476	WMIC.exe
Token: SeManageVolumePrivilege	1476	WMIC.exe
Token: 33	1476	WMIC.exe
Token: 34	1476	WMIC.exe
Token: 35	1476	WMIC.exe
Token: 36	1476	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1476	WMIC.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3200	3020	FrozenSpooferVMax(open as admin).exe	83
PID 3020 wrote to memory of 3200	3020	FrozenSpooferVMax(open as admin).exe	83
PID 3200 wrote to memory of 3860	3200	cmd.exe	84
PID 3200 wrote to memory of 3860	3200	cmd.exe	84
PID 3020 wrote to memory of 4420	3020	FrozenSpooferVMax(open as admin).exe	86
PID 3020 wrote to memory of 4420	3020	FrozenSpooferVMax(open as admin).exe	86
PID 4420 wrote to memory of 1476	4420	cmd.exe	87
PID 4420 wrote to memory of 1476	4420	cmd.exe	87
PID 3020 wrote to memory of 1216	3020	FrozenSpooferVMax(open as admin).exe	88
PID 3020 wrote to memory of 1216	3020	FrozenSpooferVMax(open as admin).exe	88
PID 1216 wrote to memory of 3052	1216	cmd.exe	89
PID 1216 wrote to memory of 3052	1216	cmd.exe	89
PID 1216 wrote to memory of 584	1216	cmd.exe	91
PID 1216 wrote to memory of 584	1216	cmd.exe	91
PID 1216 wrote to memory of 452	1216	cmd.exe	92
PID 1216 wrote to memory of 452	1216	cmd.exe	92
PID 3020 wrote to memory of 1876	3020	FrozenSpooferVMax(open as admin).exe	95
PID 3020 wrote to memory of 1876	3020	FrozenSpooferVMax(open as admin).exe	95
PID 1876 wrote to memory of 2512	1876	msedge.exe	96
PID 1876 wrote to memory of 2512	1876	msedge.exe	96
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 4432	1876	msedge.exe	98
PID 1876 wrote to memory of 400	1876	msedge.exe	99
PID 1876 wrote to memory of 400	1876	msedge.exe	99
PID 1876 wrote to memory of 4968	1876	msedge.exe	100
PID 1876 wrote to memory of 4968	1876	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\FrozenSpooferVMax(open as admin).exe
"C:\Users\Admin\AppData\Local\Temp\FrozenSpooferVMax(open as admin).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic baseboard get serialnumber
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3200
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic baseboard get serialnumber
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic csproduct get uuid
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4420
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\FrozenSpooferVMax(open as admin).exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\FrozenSpooferVMax(open as admin).exe" MD5
    3⤵
    PID:3052
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:584
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/frozenfn
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3d2646f8,0x7ffb3d264708,0x7ffb3d264718
    3⤵
    PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:1956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4160 /prefetch:8
    3⤵
    PID:3912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2224,734750612273879245,15606805049734525917,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4176 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16d2cc2d8a8347e405d36323b4e6ea99

SHA1
ea695aa245d20b1e1141f4c18ee5e56f810614b4

SHA256
5455c3741232efafea8e3b155a0fecb660800e2e0f19cd2d720281f7cdcbbc23

SHA512
85d9d1319d4b4f8442e2fbd22951d7a2836f6456f18062508a5d22031d829a23a1a4453283f2194312ec444eef57fe09ca393c5c1536efabb7495fd301433343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ee3b30a1359db628dcaf6b053a049740

SHA1
35bb7a4d99bce5d4ff9e080b6078dd8d9ca9cb1d

SHA256
3d145dcba409bab26909c6090fe80bb55a0c030d226f26bb4e04b1bd495f5212

SHA512
6825eef8c8fc940d1e21c31e8643f969386fc5c5f467b6ae4a6709dd09f35632bfa2b87f3bc828a8dc6d70533dc7fbfcef6772e2b73586286680f4b567d92c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
fc441b067e5041bafe5ddb6459c896cb

SHA1
077acd7ebe621ee65cefcce2d48ce3d5d8ddb2fa

SHA256
7ffd8775e26286da032aa3f9878f0188e5fad912e1f602afbb50b4c53f83eb2a

SHA512
f0a0222b13075d59f714aaa1e6a9f4fdd039ad50f790dc3636c39d99947059496e2394862a3f6011ed921cce62fb99a1c8dd744149184c2451dc0301c9b74e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
247B

MD5
94bd83393ee4e3c749f28c3414160cbc

SHA1
68effb04ecc392f2ae4ad7bdc1e99b9116da474c

SHA256
e1dbf44fca250f32925910fcd7f59276e46d0d916eff30fdf9f85ef91bcd3d4b

SHA512
203109a405cd685a195e6cdae5d0a624abcd6c6a9333b88f312e50f96bafa03057366bd78bf62df8784ec97f14677d56f8b78b472000044618a784bcf7af3e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
564e9b5ec5b2a0873d8cb24856b2f29d

SHA1
079d4a6d217fad8675184cf98c94a851a7b92334

SHA256
77d4e53a8cb9260d1dccf9505ea2164b4f27ee299e18c8e9e3b3252a52017efd

SHA512
1528c538c976958054b440161f021d51e6447b0d8a81ddc0e24365067ed749f2065c8a339bcf551769fe3e114b7c86673a756b5914623ac4eccc6cb5d12e0a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e8c878319446c443192b55fde3eabcb

SHA1
9cd64e7089ba721c7673d0df3af3fd30e9243d52

SHA256
15c8af3ad032dadd8bc1b8129520cdcd7f2d81b422761f5e2c6ddbe9b0104bdf

SHA512
b410eb4eb741261f7f85b302ad066a5c3ddf9aced6e34f3d78cba5e571efbede602a6c522607abc52969e32ae6ad640068682934d1a1e9844f9f3df49fae093f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ed02d3cd7037c7686c3848ac377506c0

SHA1
e31c1a6edd407aa6422156d1312e34fa87bc8625

SHA256
4ae99df8bc37ed8bd6c723cdab56bfa62c622b6068e32759c94544645304bacb

SHA512
9fc3789292c1b74a98743ed46da796a897090727a68b5cb883b198512ce972707a41baaa2d9f0cc5caa321feeba0b8f360018be2063cf355c9892f2a68d363bd

Download Submit