6119dcb54296dfab78a8afb8cad8c5bc754670b58effbcfc8d4a7957dfbcd8a5

Analysis

max time kernel
146s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2162606e3ba7fe66532789bfdea36db_JaffaCakes118.html
Size

147KB
MD5

a2162606e3ba7fe66532789bfdea36db
SHA1

8afd3a5ad1135bbb7553c1ff480df62fcd138841
SHA256

6119dcb54296dfab78a8afb8cad8c5bc754670b58effbcfc8d4a7957dfbcd8a5
SHA512

bb5ed0a2768712d0c0d84a4466c1e1adfb173fda48ce8864be19986cee63378b79aa9ab8b411e337d669b7ea1b9abc1a280238133f30715d045fe9fb5fdf1f14
SSDEEP

768:UdZEObrLbOYN43xrbijkQzFTxF/JfHikAKyYKtRM1a1KV4ZK66Y8Dfa98/HZNnAV:UdZzrLBSB6/JfHikc0FJKZ5Ur5L5+VVR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
1836	msedge.exe
1836	msedge.exe
1516	identity_helper.exe
1516	identity_helper.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 4532	1836	msedge.exe	80
PID 1836 wrote to memory of 4532	1836	msedge.exe	80
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 2764	1836	msedge.exe	81
PID 1836 wrote to memory of 1652	1836	msedge.exe	82
PID 1836 wrote to memory of 1652	1836	msedge.exe	82
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83
PID 1836 wrote to memory of 5080	1836	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2162606e3ba7fe66532789bfdea36db_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afd46f8,0x7ff80afd4708,0x7ff80afd4718
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1267290362670538022,14242795536306189964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a657b2b891323e63e8459b4d923fe466

SHA1
3f853abe01c01001f9083b60b9edb04cfbbb53b3

SHA256
c1fab6f5adcfcacf81971d4586971b6ed2a94d2a0eeb84cbbafce513046fb1b4

SHA512
50868c7ae90283089f8fb94efe8a451f3e843d3cb80416826d7338bc987099c80c2e5657a39a86d6b8463bb9c6a15b50a95fe8e7189f931bfc8040a945d938f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
806bceabe49cea7956e38ee7ea87d2d4

SHA1
24a522d16d1e3f0dda45ae170f027715c4b5345b

SHA256
b6ce12ab655d27e4090fff1114d67db8ea0a60f63812d5c29526aeb4484b7cef

SHA512
25f78fc0f348bd3c27828411db734d6164d05e38e8104bc91c90be71018a9b1fe7252b8df7d2f98ad6ba20d90f0c1f56f1803c3eda6784e87e9733dacb20aa8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e60c8f2b964a03a641838708ac4a8023

SHA1
2ed31bbdb509b63193a84cd21385757d4e32e6ad

SHA256
71f4e1c94030b13b30f86d782d947d0b125cc08f10edd30b3222fddd4d160a06

SHA512
f39bd23fc8e87827a2c56cf2e3118731320754104c37ac0bf34f18cc3878d2e38c3e97a88d406f4cad8a0eca2ae32689d0fbce3ae4877fb66bdfcf0105face3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a18af97ee225b7abc2d3d0784234b1f6

SHA1
76889ee8845534398736d0c72a2942bfd130a852

SHA256
ac18b2c2ec54d7792577d39cb1b2c2d5ec985ef713856197567764641bebfe9a

SHA512
46c8afbfff1c7e9c6f037a989ff52ba0f7e3c711d9ead58c3a963c8012954378b5656ddfeb384e31e21f7a5ef2c7a422b6ea1d0bbb25a3d7a649f662a0a20268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce4ff7afd41a868ba9402b0d9fc38e0f

SHA1
d41147163d79e00f64a70d51851677c966ae1ee8

SHA256
b877c8187f396bc6e6c560a1cafb26b4bc77a7dc28e34c649dd2ef2a40733555

SHA512
10a61871e006cee593782c3c62bfd9b5b598c4a51190a736b2e69b217d37a2e76fb7afff22c9b3af0d944ab95d91c6a1339a342a4857ad2fe3ac9d013c4c6500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b7d6.TMP

Filesize
203B

MD5
cd9b6b736c17add75d29b45e183271a6

SHA1
c2995645b213597443e71fab806a2a763226d657

SHA256
2f868ed6a182e6bd9c8ad7f27d53519f2d8b720c807e0f757527a624e40fd9ed

SHA512
722a17b215db1ff35167be1a798cda6b1b72307f870ccaedb8dd388bac2d4ced2ee3270680d949193f0df935543d2577d3cdf867f5066ed5fbce1d67848b65c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b94cfdf8-8c88-4543-83a7-9e0c1abfa636.tmp

Filesize
370B

MD5
d2ca955ce6f1342ca7e9cb2c715ae08e

SHA1
ca8cf35b05f81367cfb24d4373a08ed3e89f82ec

SHA256
3f8932dad8000a5145a74103d31ee370e1ca784e6c7b3197aeb2cede045a63e4

SHA512
84dbed554b1d2b7bcb946f4a24827ae56dc3ecd964ef3da41599cc689eebb93d1c9f5a96d91982da05ded624866b2849427eb67a35deac1f66f0a392dac41060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10dd7c63ff3e84c9a874941b4afdc3e7

SHA1
87cb9636b173e272edd6fb1341010b7f09a69e9c

SHA256
dcd33646bc6f1fec47867efe38b7a35f8f56b6b3e1baeb5934f485d9e31fe071

SHA512
e6090499fc8ca19321c35bbef1d9447410d590fb4130a3e8a1b1d611e2eadf6c55cfc95a494e189255c3dcacd6a604affbe5648c393ec5a4fcf1d25810b4500f

Download Submit