13ba9112159d50ca62ba6ef4e8146db3bb23cdf474e13381393a78543034038d

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97e710dd195bb242e068625a61019c68_JaffaCakes118.html
Size

137KB
MD5

97e710dd195bb242e068625a61019c68
SHA1

7d8537fb382513c572d38e25d91e9a0a5064f037
SHA256

13ba9112159d50ca62ba6ef4e8146db3bb23cdf474e13381393a78543034038d
SHA512

11608dac34d70bfd2269fe7926cf449e472f6cd7c3741028f824b6bd5383ac829664e1db94425f2dbd3a2a9afeaaa2790c89763b73794cb237d2d31872327eff
SSDEEP

3072:F222o22Uon1HLp1xkxHgp3cXmNRS+rKW0LTmIm0irKoPc7o:F222o22UgHLp1xxpMXmNR/8g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
2852	msedge.exe
2852	msedge.exe
2832	identity_helper.exe
2832	identity_helper.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe
5772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 3896	2852	msedge.exe	84
PID 2852 wrote to memory of 3896	2852	msedge.exe	84
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 2164	2852	msedge.exe	85
PID 2852 wrote to memory of 3020	2852	msedge.exe	86
PID 2852 wrote to memory of 3020	2852	msedge.exe	86
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87
PID 2852 wrote to memory of 4872	2852	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97e710dd195bb242e068625a61019c68_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa292946f8,0x7ffa29294708,0x7ffa29294718
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2321884833723067278,1960439958588443038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
cc68bd12b77d61bba32cd1d9c6965962

SHA1
50da4bf0812a4bf98daf1dad4e8a86ee6e5b2a72

SHA256
b9a62b4f6957c043240b6657ea5b3b7b1be5a6d6d4177f9ac1d87e46e754962a

SHA512
6e2b4df19b480838d3b311c7aba4ab6e0c7955bac2d6d883cded7be0b162e6b8ce31d33b8df4d25bff9ec897b31a45454f1d77a16879830c025e30c01a4c4625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b1e93c471d4506814833d1acc2a24eb

SHA1
03e9763c8c1df3f1577615a34eee21e833a03854

SHA256
c78dce55b80a0f71fb6562a9a4c4b4dd17c81ac8ea20d570687155e66ac3ae8f

SHA512
213e692d4548d490a5272a0b645dcaf2aa35898c4cceafa47900e66e1edb05c719a2dda7af4467007fdf65beac350c1d00a77aaac13fcbc30f5d229001f697d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a89664d09ef497bfce257b817c35bf16

SHA1
c1f5e8e701ebd09c4392ea3e9bfd4ec3a6a28dac

SHA256
e10315860ad75214560826a3815da175efda05fcb5b17ef166d611ff1082d2f1

SHA512
e46eab438bf1233e1e721f6ceaa2528997eb525c01a399656172918615cacf0d8cd6ddc218a60184be6dfa3b500a4441017c50b1dfb97ab3982af5464471db93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5beeb5fa8165743c7e301878196524c3

SHA1
07ac8888d1b74beb5521192c05cb7edd441ce0a7

SHA256
da32742867b21a15e26f16481819745e59d9391e957efb381317ff870557e2e3

SHA512
fdc8cc2bca3b29a9ba956df352dec5f87344a12451ac6e32c5e4b83779752e779ff6fab1414f003370132899c251daef8158266157f36257ef58a3856e9ef66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c2f93c841d0a28443c84d2e7a8713fc

SHA1
9f68a60415068272b1fa4bc9ba1df62f05ee975c

SHA256
f1099c1ec27de60a1a90577f87ac7c4bdba7ce0270343d0d92046004af6728d9

SHA512
699154cc36dfd09709563b444b93fd206cccd37c83f6d1f28781cd3dc4e5424235bf59222da613af0cd9951419e37374c228356f0a3154ddd7fcacb985a37b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8183429af48cd1361378471bd7a8372b

SHA1
538aedfe40c14da5fd8ed6a942a70a2a0c097828

SHA256
fa157e761b6cfb61b7def1b4777a77ca544fdc154b6fc0a5f0dc8edec69125b1

SHA512
82d636c1237122d2c4d43a04d4d6c46db918c160d370b71721ba0d619487b5633ed86b792de3ff1d206ef8fd1394c6d108b37b380bc5276c7d33fd86b556cbb1

Download Submit