2e4f2e64ea2a242e129dd4206a5d8a57d26a97997eb9df597f90b349f88993ee

Analysis

max time kernel
146s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 13:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20aa822365140c46ef8c8fa7008673a0_JaffaCakes118.html
Size

29KB
MD5

20aa822365140c46ef8c8fa7008673a0
SHA1

95dafec1ee750393657681524a6f6bbc82fe61d3
SHA256

2e4f2e64ea2a242e129dd4206a5d8a57d26a97997eb9df597f90b349f88993ee
SHA512

2f148b3ecba706efe1926eb267bd2a20d41a30ad8b88287967a42a3c4355ec82310853d7c8839fa8b6fd5d371c452c270a3500a732503c9b8476bca3b5412f6d
SSDEEP

768:DXOV8BsoBQ1u4lztuYJCIK4ffKu8CS7q+tm8//my4c/:DW8BsoBQs4lsMCIjfuqY/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
1332	msedge.exe
1332	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
376	identity_helper.exe
376	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 2732	1332	msedge.exe	83
PID 1332 wrote to memory of 2732	1332	msedge.exe	83
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 516	1332	msedge.exe	84
PID 1332 wrote to memory of 4040	1332	msedge.exe	85
PID 1332 wrote to memory of 4040	1332	msedge.exe	85
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86
PID 1332 wrote to memory of 4260	1332	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\20aa822365140c46ef8c8fa7008673a0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe8b946f8,0x7fffe8b94708,0x7fffe8b94718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4275770917912817694,8920518313655074675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
86adb2c8ce3bbc6c5276d13abe65818c

SHA1
bdfc2623ec374c210140c10440d0e0817cd61520

SHA256
da3cbdf271799f2afac03ef76693dbff79b2dfa8e6eaa62a0dfaae13b778648e

SHA512
6ddbac5a286094622198b96f9b371417326581f205bc30b7d85a17db5b6846f59d850245e8719cdb3811ed41ed3315f07b571a22dbe46dd96625f0fc760c82a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
617B

MD5
c31599883d8257fd5c1b32ff6b5642db

SHA1
281d13aeb90c333f0448e396e6622641425659ca

SHA256
2acab4e6b035c0cce47da6962e23bba114b8b825f791a085f116160741e7f89c

SHA512
8a570b000a099f4884cfef71dc0c97aeab229142634613a115e7da71dccc0ceecf1f286fcd63a038b4feb059ed2e97842e7b075a8446d743663453b3b099de39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42fdd1b45cc456697f981f10c8d54e42

SHA1
c8e4932bcca388823eae473ca1fec0591b5c26b4

SHA256
58eda2aa7307870d82d984a23435ac25afd1476be2513c21c86f8cbc4fd7317f

SHA512
2dfab4be9174f935b4c4c9805cadbcb2d02baf159a5659941c7b6f55023846cc84d0dc1ae2005f255fc6b9a8711258fa30a341e14ec5ab1e5badf9b7cfe23ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1344f02058206e647875d6e032fcc497

SHA1
ee08d3166c3040c3594027fd7399c1ac5197a4e5

SHA256
00e507db516a7f17217eaaff0ea8e19c8c6dc21536e1a153351668e88ccc64bb

SHA512
953cb1ff71d37fc6d68d2017b84f9b24cd085aceb0f32ff16c964e5dced1e53898b1a3ed818c2e2136a464c600a2fad32686dc0f6545e9483970ef20eca7c830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4bab728635438d009f0e1851b713cf01

SHA1
4ece5a073746cbb042f5a981101da77a736862e0

SHA256
5fe222497f79db21d022011bfd6088a96b0abf7131ca982a03e08ac065a5ca0f

SHA512
1f8ba016bca1910068856443653e94997e1ab303dbebaabd94bc2f81d322896c4f3180d1b6bf28351da95bbef3312bfe3bfa0142d5266941c0054c7b8eb80887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f665d704c0978929bcb165b731c8a0a5

SHA1
292df452006c9516e033a2a510591631d0a537df

SHA256
1ea9f913a4295a375fb5c92024025aec7f0fa5d322435efd664a7a51f07cb0ca

SHA512
1ae6354cd1808ff10fa41017151e038a3ad828f86bbf8aa279f26acafaac7ad989b16e7473394dbe6e6f9a5935441d79ab2b95f448bda405901a04b645333ad2

Download Submit