68a9ac1ea2882410f23928da2271149164797b33b138303fcfc25e3f0c9d118f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

827a71de18ff294b61baf4ff1bcc38da_JaffaCakes118.html
Size

42KB
MD5

827a71de18ff294b61baf4ff1bcc38da
SHA1

ba7b1af6011eb8ea9e36e16379b00db7b38c6ad2
SHA256

68a9ac1ea2882410f23928da2271149164797b33b138303fcfc25e3f0c9d118f
SHA512

6c602634b12ac862d751b2b341d428a7f9c3b71c6076620a641140893c637e2efe057bf28cd9080494c5fd4b65d74299d4953dbafeadaad3522502df631dcfe5
SSDEEP

768:PF6T0EipBfgL5XJlwJyHk9LnIXAT8ncQLQD299C++GL:YTupBfgLV3wJ8k9vUQW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4000	msedge.exe
4000	msedge.exe
2320	identity_helper.exe
2320	identity_helper.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 220	4000	msedge.exe	82
PID 4000 wrote to memory of 220	4000	msedge.exe	82
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4468	4000	msedge.exe	83
PID 4000 wrote to memory of 4720	4000	msedge.exe	84
PID 4000 wrote to memory of 4720	4000	msedge.exe	84
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85
PID 4000 wrote to memory of 2184	4000	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\827a71de18ff294b61baf4ff1bcc38da_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa088046f8,0x7ffa08804708,0x7ffa08804718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,10789419815091999886,439883417315158511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6269c53daf4070e4a9e72d61b72656fc

SHA1
a28beb20d7abf230a6ae3931bc41a2e0a3e5a26d

SHA256
7869d64334c885165849b0e98a8f098975515d3425fb7d66928a723e400802ce

SHA512
9b7a40426add30234c8297d1a4fb1a01f3110e054296fc97ef1e295adf22bc1f8acb9e0dbf35c1bfbc1b7cf9624f0c83b0cc96f93b75d1fed2e8e720a0db07fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e81a096eff15f43b9c8cfdb24fbf848e

SHA1
76a85ea070ea779954c31aa1f64ca1ad84234a34

SHA256
cbaf6f1a9164b609b394887606e146bb0dfdc96e1d03df717d8bf1b029e9f94e

SHA512
08e625b0b55c7e461e1ed8f262a026afb0edde4cb54adaadf91aeda2e98f857d11e7ab488be1a8910ff17987f2f7a66e45d7861ff3c1763e8899251d659aa0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2804b5140aee8879c924bd9e037f4fe2

SHA1
e002cf4225c4e718ddcf0705c766b936028cfb0c

SHA256
b8d0227b77fa291d77e1deace70735fe9182f6561a847652c395c8cf1d5d1abb

SHA512
25bfe95f9a2732603e6c828b653d6d29e3b2397de5dd89e34a8914d1267d566b87c186c3d9edc7d326a80b44579ff52bc28ada2880fe5deae38d0187bb5937d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9c68ce208a3aadf2933b794a935086d

SHA1
61c0ca949a3a05c84f91ec01c11d2e58359c806d

SHA256
fe4b24fc68236ae6aec8958982cdacfe0a4fac780ac3514764d24f2483d7f803

SHA512
a6ba98efb4562f4dcab2fa922dedd46fe95f3f98273018651cf762e49c23470c6c5f98f2853759725d2204ea097a471cbae12200797e934b7ca5b3ab96b40109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71d1d42bf925c25279ceb0f7aa0d0e21

SHA1
b8ee25daf757a9eb35ea1218e942a9ecb07f9e7b

SHA256
13afebe41b2539fb22d8d6d77a7696080261347858aff5ea629cba0f72192cbb

SHA512
f0a5ee0faea36206660c1615593e10b55d3b4f88d001264641227404b8fa7ccb49e7ea52a03306152b1fe4c94694be9ed6069917b67d3f7874ba952fb2007bdd

Download Submit