292cf7c59a5a6115d08a72e8995a986377f9f813db0a261e75afbfbac71e8831

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65e3ec764385062ddd47a3dce27f4961_JaffaCakes118.html
Size

56KB
MD5

65e3ec764385062ddd47a3dce27f4961
SHA1

548fa707c8f9ff21132bdb0e330bcf5d9290faca
SHA256

292cf7c59a5a6115d08a72e8995a986377f9f813db0a261e75afbfbac71e8831
SHA512

5e112d604c1c2bd11b7122890fb151cef8680aa3afdf027ca7d425dd368e88ba2681d532d87b7936d0602955e19dc5008d3112f4e90de7bfb075c08b43063c23
SSDEEP

768:wLRepHvvCIooFwB3kMPQ2t36WjYSsv3R/sRqS/6i/VHgVI3:wdGHv7oSwBUMPQ2t36WjYS63R/K6i/13

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2264	msedge.exe
2264	msedge.exe
1892	msedge.exe
1892	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1892 wrote to memory of 1768	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1768	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2728	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1184	1892	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65e3ec764385062ddd47a3dce27f4961_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
2⤵
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:2668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
2⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16674744292194666293,5280353519430863815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
6aeccfa1c294e062c31f56093b20146a

SHA1
0c1074a2da89e591d566f673dc98b4232004a15d

SHA256
24c3f58976fc43cd65f2dd7c5ab653d35640d2e1312bc14fb30288589cc0a306

SHA512
8c9d47dada38d19b319c6173c730c1564b33fdbb5ce4773cd67867d10b59ddd3304acf16057b9aced2c0dec195936cc63f39f9f353732c59e882a37e678d7904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
4141be75bfe48f57bb8a87ee9e482e34

SHA1
700a25b09ccb83cbd1a1935aec0f5ce456ba4c94

SHA256
4f6afb347f2637f5eef2109a2385854efc27b0ddb9f4db1bcf7b20c32353c0dc

SHA512
43e02dfc849d5f44c117b845d1fbaf83ddccb3a2c366e4f8b2dfa5848e51991ecdf266bf7229ee39a9242b963a6bd1c2a69f909a664090972dd5062bb660e3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dce652147e095c6ba6a18150c9c7ed4b

SHA1
3a0ff787f703bc1021ce68bb83ba4f1dc0d4cf8d

SHA256
b5282b432ef2287106d55c6fa100bb22c0dca2131590e68cf31d02ed369d105a

SHA512
56fc5a0ed33fcc3c3941c519efbff699bbf074ce80a30b1a214a56ea6641d196720329db6f4eb49dd91bb045b899266d781f2ba7fab4301fe5bd815ede54e612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a0300b6e6fda7099443336008d7b81b9

SHA1
1583ee5213e96b6be2ea729b129c4de711a70fbe

SHA256
ba3f40740fe76745ecd5fe53fdd5c1ce88531e672a09e0ffdf29acecd7bf29c7

SHA512
fbf7e675266cadf200aa1837d9212a9aa8d4ad892d68330918db74ec7e608108f6dab88ba3ba572d2f07f7e877f25f7323ca27d1a1762adf96a1b4764696e333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
664a70d2ecc86cc256f8e4eba5a35cad

SHA1
b242e439ca93e014f14f7330ff9e93de5386fcb6

SHA256
9c9ed09091f400c9f00a3babd4082a46798ca2eaeeb1c4fb10775510a7d3f0d7

SHA512
0d45d5e1528684db0c242ef1302949e45e9448bec3b16b5e2d19b2b2981706b850ff1f640527fc3741cc5013c52d8a7a4597d799b65a71e77539899b7e3e1653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
94a0ffe3cf454d37012e2255c18780f5

SHA1
b1692a65fc58dc57f6a2a8cabdd5e3044eff310f

SHA256
51974b103248f515a4220917bd74bc1b6d0509b9ab90a35f695c4f461336a298

SHA512
eaafa79a650a89e1911c2b093b112c5fe52cef959ab3887f95d06f6bfb4fc2f4ee6c625128b27bc95a7044343dcf2d1289af49a668852ac0ecf63cfc7e754eaf

Download Submit