66270a91ff79106f3e1bc83f2b5b22717aab6218c3ec84513c18b3b39b76fa0d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6abaa5473199849b1f66cdd7f4d5eab6_JaffaCakes118.html
Size

415KB
MD5

6abaa5473199849b1f66cdd7f4d5eab6
SHA1

b48d090cfbcee7e64e665c1462284b098e1b9278
SHA256

66270a91ff79106f3e1bc83f2b5b22717aab6218c3ec84513c18b3b39b76fa0d
SHA512

aa4ae6d23b5c885641fcfb9bd0c13cdc826214ba9b6394d0aaae1e63810c0bcc68e7fc947619378053d5fc2022d71a02c4d6f57831d50a12db1eb43e845e43d5
SSDEEP

3072:NHT/2cDG3xwatd2EQwZA8PcX4WffsKPHy19NcpyLVhJGVjShQdU+GkpEUuF2rBKh:NHTff/mNFzhaAliqsofiG2+3HLX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
2828	msedge.exe
2828	msedge.exe
3104	identity_helper.exe
3104	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 632	2828	msedge.exe	83
PID 2828 wrote to memory of 632	2828	msedge.exe	83
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 3368	2828	msedge.exe	84
PID 2828 wrote to memory of 5048	2828	msedge.exe	85
PID 2828 wrote to memory of 5048	2828	msedge.exe	85
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86
PID 2828 wrote to memory of 5088	2828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6abaa5473199849b1f66cdd7f4d5eab6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb614646f8,0x7ffb61464708,0x7ffb61464718
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12479934472357046364,10396955751155634875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 /prefetch:2
  2⤵
  PID:380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
6ef80876ba8d9991e02f6d140722f454

SHA1
f75a6a00a016cc66580119362a4910ca35fd83a1

SHA256
b0f81f29eb12f3aae3b37b2c45baef2b64caa9d6e605099e374fc14239506084

SHA512
47b7ee0b989720501c7315ad1052046a5b1d13726d5393bbb6b41d97146cb50f13d1ed6e606067b265f04e31ae7dd29fe738f98e9c78d2a6bce60886e08f66e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bbed22528e8a616bda712e0a30a5545c

SHA1
7232c5349571ec45054e8be866d43700423b912b

SHA256
1539319ce8bf530c180e506cc0b2c962db6d418eaebfb7453782d2f63df51968

SHA512
43a546736a9d58c5eb3ed94ffa86ad2bfea67dab3a949236289e930e3cc957927d98bd776f6634978018cc445667813560a172c83d07c3b81981de8d5a1a59c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6406035f46c8ad8749dd1d611372668c

SHA1
4db262481c786f81e87c4584046edbb0d38a98cc

SHA256
5de316f7a2a2a7f719fc370f44ab1e8fb991ba49d41ecee25181033da047cc39

SHA512
d0776f34e10c76a4d38a6cfe926de40dfd3c8fde6c210c2282a1a919745f4a2ad29400c79145a9426926e202401138725b95511766744524af3e6580fe127ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be7062c6851bae26a9ee207dbda2c254

SHA1
e22768ced3138579ba1d250d382576752cce6c87

SHA256
2a665e38dd13da733652d0cae73e5bb34d6aa259b03e68119763fbe1c7aa3082

SHA512
f31788bf589e528923dcdfd9c14905f2a01fb6ddb9eda2e0fadca0f1f89c0375ce51af567feacfd6e5d286a88a674bad8ba276b74e433f3f5b4296bbe53fa5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0752656e38d0be6f5a85a484b6c97c5

SHA1
6b06028300a9747c792dcd723c9377d62b500b9d

SHA256
8d6184b7052898811f1b1832eed1c3773990b1a1a7efc517b676790e2edfbf90

SHA512
8c64b55b2d565cee6be404880c1c24261219461e32269f541b036a64c9947b4183a5fa24c45f71ea2b2b5d29191bd1987dc1e8eacca013f82ace407cd85672d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59d3713208f99fa07e69cc2a2c4c20aa

SHA1
d012f187d73c419cf857196364b08e66da90f342

SHA256
5824e385f4bcd11476aa3cb9726f3123911b4d32426b092cf2fed4fb62ab28bd

SHA512
6a08368809c65086927829e4941c3e33c2fd8ab99d0d704951f5241d4441f0aba3cfaa6d730a054417fc3ccbe990bd854eb878ee7d51fc0dd9376e6f2704f66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa4db9425fc4045a0f032f990e5c1237

SHA1
91975afb3cd410d3f43b74d24a8235ab4d48dd29

SHA256
033b8add8f0b13b3d887633e248ba9e996ca5362e27709e25969c1e15007e300

SHA512
0a37bc284da2863d7d248ababd0ea9667a44a2548a9582674552a778d82c4b8d15cb85033a2b6cd02d0863a0734a89b22ec27a9709af19d49fa89d7745ce0c0f

Download Submit