9949efed2b6553630b3bc83de4188a7380468c98e5a175e15fcd34beeb7a6cfe

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7060f220cff24b28341c8a0df1c73ccb_JaffaCakes118.html
Size

175KB
MD5

7060f220cff24b28341c8a0df1c73ccb
SHA1

66c55b82a334f4b43af2c131412b7eb5bf71690a
SHA256

9949efed2b6553630b3bc83de4188a7380468c98e5a175e15fcd34beeb7a6cfe
SHA512

379cf50275b0be7848e6f7d083b8514817ef8d1851c7a5cf6af3d20f01fd0fd5854bf5f49c7c591c1790f1a5eb5c4c84f54f2fa0032522f901350493c5e321d7
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3kGNkFcYfBCJis9+aeTH+WK/Lf1/hmnVSV:SOoT3k/F5BCJiVm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
216	msedge.exe
216	msedge.exe
2248	identity_helper.exe
2248	identity_helper.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4688	216	msedge.exe	83
PID 216 wrote to memory of 4688	216	msedge.exe	83
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 4756	216	msedge.exe	84
PID 216 wrote to memory of 2044	216	msedge.exe	85
PID 216 wrote to memory of 2044	216	msedge.exe	85
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86
PID 216 wrote to memory of 2308	216	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7060f220cff24b28341c8a0df1c73ccb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db4718
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7920430251278585089,6387446195968643407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c834a76-ca37-4662-912b-6d9615c1b1d4.tmp

Filesize
5KB

MD5
a5101cc9259cecd8a558d0e86d080c05

SHA1
366bcf611b2332092212ee65e3dbf7dfede100c4

SHA256
fc6450786e7f082ce807aa68a13bf28f9bdbd2e1b73b99ac3b5330f0d2ab9708

SHA512
cfa635d0b3bfe6886160d8ae8a2a687815a0af6b9488d16ae797ef1cb715cb74b7f38c33c92c8df57d1d7934b60b78fdf0664002f39e8768b3bdfad1730a5b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
114526163603923b3f3a00793192a65f

SHA1
66f2e2ab9986492b9300e125546d3b74c1e344a5

SHA256
cc4ed1caf4711b2a1ff0e915b5d5e9934942a831f5e5905a8c913bcd5699f169

SHA512
67559a09bcd39eb9bce483c458558fdc2d22d2cd7d96a8fa4ea0ae73131b2cc247ca8227dd1747e78685a22baf607db2b8e1b61a6ee808c7853d3fc688d2f96b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
942ef6cd68e7f110036b03291777218d

SHA1
97130ea88af9f620c27cf2ddc39623f98137d6d8

SHA256
6ca9aa37b1cb5da871b315a46bf97e8223351f66506d9df52566d14ce5d8e16c

SHA512
f856a00c96a1fba500960bf0a32acef8f5e545dc7d6bdcf590c277a52901635ba564bda8fac92bc9ce427d811c077ea1e5218f66f92e786c8fd429722ebddb5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
766541d49abb36591239737eca2e905f

SHA1
50ba35866c017bc46987de1c2b7b12688d7d8ad0

SHA256
c2d3427fd053bf3be2f78b330de82941f25afc010fdcc839bb57d74d9ca08a69

SHA512
aca8cb5468054506a73711709b63b7351dc4323cfce657d5a96cebe2340a3e48fa7d8612697e6def7b5efef7ecbe8b29defdddf46a9c7ce05527a1b55aa7bb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ea3e02c276691e0b68b75fbcd81a4b1

SHA1
75502744f790c2a30ae5fe902eb7a26d59290297

SHA256
65d563cba408b33b60a30fc398f8d2052b64f3b88780a86cef93f1f5bd69a37d

SHA512
cf28d6c460029348c155bc99e0e6b8300cc1e35d618f4fc2d1ce94c1c82beff353c5cd9be339d5934a8028f03c2cc71bf8207a75042e4303006afa253fe59451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e03e01d636544eda81c0f70abfe86ef

SHA1
ddf21d045bd81c40c146b82b65ee677b47252061

SHA256
8b2ebfa497fb10188000e3ad0a1ebcb5b267c1442a4bb615d94bd31a4fa483ad

SHA512
a837d5c6c908d6bf2421e2ca83bf9be0ea5f0c9ea3e8b7f7698c5b6d74c22a8adc796fc11f3953066f49207a56230d71395411e60fbd5139f5e4bd40689daedd

Download Submit