d254f709c6f39d463bfe922bf6a5127b561771884ef049cfccbe82d75487253f

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8127cb5c09c2a2ce424cb1de00393e3_JaffaCakes118.html
Size

432B
MD5

e8127cb5c09c2a2ce424cb1de00393e3
SHA1

51176b81633e01fb6b77ce766303cb6de01d3886
SHA256

d254f709c6f39d463bfe922bf6a5127b561771884ef049cfccbe82d75487253f
SHA512

30c4e1d83169a407c22c67b35b0651975b6c97dd257f01e8ce603a8b8814fd97e822e073ebf43c86afa46d5c8fd496a1b43556062a5a2867962960bd742656f4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
4488	msedge.exe
4488	msedge.exe
3012	identity_helper.exe
3012	identity_helper.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 1008	4488	msedge.exe	85
PID 4488 wrote to memory of 1008	4488	msedge.exe	85
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 1408	4488	msedge.exe	86
PID 4488 wrote to memory of 2892	4488	msedge.exe	87
PID 4488 wrote to memory of 2892	4488	msedge.exe	87
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88
PID 4488 wrote to memory of 4888	4488	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e8127cb5c09c2a2ce424cb1de00393e3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc26f46f8,0x7ffdc26f4708,0x7ffdc26f4718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7875576834831118488,3848256790353273745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
360B

MD5
6e1943f5a783b2412c667b828592af5c

SHA1
983becf61c44577a68cbc6f75993f411a46884d7

SHA256
934af73b3ef7ca400e625fbd37cdbe89439c25a5fd7349c206a82b99f3d61969

SHA512
e397286603cce28ee158163246d9a788ba47c4fe340e5825f9b4b0fd7154f77663f6235bbe5e8adf18a4e1a576260186b4e29b4223c6a7f82e801fbc74351175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bc1312c52005ce20e3b214f6eb5f236

SHA1
a3b124c2745e3c6904827b0e65097262090c343a

SHA256
5210a0cf764db72917b5d9ff03398046ee39ae45a7229f2feb142792b258a263

SHA512
a52605b26c35026c851ee2122a8a1fbbe577edc73261dee29d85cc4cff1bac97cd41b294a2d716944ba161413014980fdffc13d38c19f2d3e4123650456c546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
51e93f864c9b1eab1167569e00d1496b

SHA1
b9c134a8d8a39ff23648cf4cde2da84969c252a8

SHA256
4fd415ee089d98b715b1555a3a0e3ce01e995cb7bc74c2f0c91905e92b757ae0

SHA512
1ded89baa6ed1efc581370d87952b22724baef2e7b5da17103ce5e67f902b11f04ac343e2fe606cda95ca104fa0eaab5f6b8787f41a7cffdb5e38223a53c82e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
351650cd8e1ef7d02b81792d40f993c9

SHA1
9afa698269f83c1e624ababa0d6db3092f88fcce

SHA256
d15a62c9a5eedec24f7b88d22451d26a7ee33b65304a87bcb164c280b7d2b989

SHA512
64fe2e584945910dc2463b0c9c5b62503888dc154edb8ad98aebebffad7453c560c25927497ff1de4698b35f6ebce63223ed9f96c9ef7c4a12e036460270e0cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a7e8.TMP

Filesize
48B

MD5
b69e4f37399ef371c3c65145fe46f447

SHA1
0fe804797e4e532c0d2f7c064c204c603cc089cc

SHA256
7e761c26409d8bc161271642da034144f42fd736726da3c83691926d7d3f5bd7

SHA512
34762da30b4c28ac2bcb69d1ec9a459bf3c06392b97e5a5acc37d3bb616e92d2c85ca30991204f403dd20628721d7166dc72484a9901c3957d51418a8559d348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58e3c52e1b71578cbc2213ef6513e231

SHA1
5671f6797cab2690b8e4a732436a1496e804f392

SHA256
5bfb05afa1bb1c9877eed6a30c8f1ff3ad1c612d703473cb17fae53e19f7ae80

SHA512
52e10c700f39f0183d816c040092f10d4fe228d1635d0171faad01779a7629e04a0e825cd9662b9beb29f356cb00555af4cf05f9a20f1fcc55ad67d8f83d2de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00666dcea7e479087ce06a0db85f6ed5

SHA1
819104962ee7c9dc10b7cc7c29ca2cbbbe95c516

SHA256
975d567d81ef7828cc7476937197f45421186cf5eec70465ab6696077cc2bfe5

SHA512
5455aae44ee1226e16b8543a0d57c151e347efa656743c7860bde4b837d10a2deb925656e4a73c830e5d7d9447c24c880d11ebf9007a4bb0aab31743c8db77de

Download Submit