d1b982d2f8606f5594e53b10c1a6f939dececfeff39dea5963238b54bf496796

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e989af537cf599bf97259cf900f52481_JaffaCakes118.html
Size

430B
MD5

e989af537cf599bf97259cf900f52481
SHA1

5f3b7ba7bff612e07fa627227f5914ffda736009
SHA256

d1b982d2f8606f5594e53b10c1a6f939dececfeff39dea5963238b54bf496796
SHA512

1725dae26a1a7cb3754f6773273fc3e3e779250dbcf8caddbef36642487c6dae8e6893b2d2d2fd507b3e7a6d4e270cc04c3aff08c875fc08e153ec97994279dd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
4292	msedge.exe
4292	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 2592	4292	msedge.exe	86
PID 4292 wrote to memory of 2592	4292	msedge.exe	86
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 3696	4292	msedge.exe	87
PID 4292 wrote to memory of 1084	4292	msedge.exe	88
PID 4292 wrote to memory of 1084	4292	msedge.exe	88
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89
PID 4292 wrote to memory of 4356	4292	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e989af537cf599bf97259cf900f52481_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f42846f8,0x7ff8f4284708,0x7ff8f4284718
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,13918510245713688566,5589364196083843856,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
360B

MD5
6e1943f5a783b2412c667b828592af5c

SHA1
983becf61c44577a68cbc6f75993f411a46884d7

SHA256
934af73b3ef7ca400e625fbd37cdbe89439c25a5fd7349c206a82b99f3d61969

SHA512
e397286603cce28ee158163246d9a788ba47c4fe340e5825f9b4b0fd7154f77663f6235bbe5e8adf18a4e1a576260186b4e29b4223c6a7f82e801fbc74351175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3386fc63ecfad35e4f490d0602e8fc62

SHA1
12bb5e6f3cb855c4b686a09b81a8424573d38f3d

SHA256
dd670b9168e3a6d4ab22435ad053a3c6c9ac199bf81fd080c7a2f4d61adaf218

SHA512
dfdb0ad209572ac161894ae527228eb5b38e3a9acf6b2d33a2c5a46bec54e7155686847dd0e78234d7565dcb5db63ea82c0ca6d0823e05dc6329692d4899e227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a86f3cabb100a789b41ee438bbe30838

SHA1
f4ad8425d65b9f6d4923372e36c933ba4f761192

SHA256
cbf7863917482fc352812af1bd39e6c8057535255ce524f2ed5eafdc42d00bc7

SHA512
cab702dcdd1701dfd29e876e59a2c1703aa82be5fffc0d88e58a7952ccaa983e0c3448a1377a7c189d00c22b3e0793402aff9c085135041e6b3f4c03b4a97a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a69e128182829a4fdc86a071330cd93f

SHA1
773db3892764f78737b77d70ef44b503a4a99923

SHA256
9bd51f0954bdc38b8375e45c10949e56b54e65e7bbeb2b11fdf2519c38e8e838

SHA512
94f3e5a24b708121cc211a8e83fded13924790a12f3f13ecd8d5630d1c6450cda0db71f9e5ed6db36bd34ccb02b98d2a94fb6e40152719e43d23899691c84e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579308.TMP

Filesize
48B

MD5
6db6b617882e22f0a046c8e46707b9bb

SHA1
9e3358b54bd4c92870b789a5f0a28f0734682abb

SHA256
09a6aeea673eee88c29901b51ad8d543dc5d534f5e4d648593c1df6f882c5d2c

SHA512
5910c668dd72ca765c0590bcadc4021a85fa46689fde580624381080720e2288c820aab6d5fc8f8dfd86ac40f64c76c47acc611d618b68e82232b720e58ed40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e5e89b1d9992c04cf9ed2cc3bf3fe6b6

SHA1
1975888439c37a0e2207a108ec04fe5635513de8

SHA256
6286708fcbee4d5699452b15f422211e486b96fb6447888e4713f4dd491ff6e3

SHA512
8f0b15026afc98e16bab3db9380d1d29e069d95c5ffafc27ceba596e914314619fc62b7de1e7b2bcb8a1a06d0f7e46d6d11b58b222ecb90ff4d62c522795279a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f98f69b32e7519b164d34c1ff5f83887

SHA1
e72db48eb5c722b179640dbf2ea0a571a713afab

SHA256
983d971cd67b7b271633f80c86618ef5b7f260777f0d2de9e795c62ebe1c3edc

SHA512
90aff7aa41e027d1714fb563a3422b4addc4d8f36b570a8875a60b219eba3396e9dc83d8cdb94064a7373f9d00c9375d677aa91f73efe53ec9fe8ddc80a9286a

Download Submit