86a693f0999390534d99c9e4db65c0b14dbaa4263dc513075c2c227264fbf818

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 10:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a52fef8412166efab3b01d727bcddaa2_JaffaCakes118.html
Size

20KB
MD5

a52fef8412166efab3b01d727bcddaa2
SHA1

e6bc2b38a667d91b660306a2f4ef14418988f244
SHA256

86a693f0999390534d99c9e4db65c0b14dbaa4263dc513075c2c227264fbf818
SHA512

8c1fc17b167f9a1f5f4b0d89b7251768ccfa56fc75deea73f0ab14a7f08934f0c8168949c1729ef8340b4784ba65e293b093d3bd6f83172373cdbf464f037aa8
SSDEEP

384:SGs2KrqvqCcaqtGwnmwyebxf1u/D4cdWe0x+wlT0P//AmTB:SJpWvqCcXtfmwyeN1K4cbUE/4UB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
228	msedge.exe
228	msedge.exe
804	identity_helper.exe
804	identity_helper.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4680	228	msedge.exe	82
PID 228 wrote to memory of 4680	228	msedge.exe	82
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 3848	228	msedge.exe	84
PID 228 wrote to memory of 2816	228	msedge.exe	85
PID 228 wrote to memory of 2816	228	msedge.exe	85
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86
PID 228 wrote to memory of 2452	228	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a52fef8412166efab3b01d727bcddaa2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfd3846f8,0x7ffcfd384708,0x7ffcfd384718
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5627369609296518729,6837151836448640910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c85083c5df29ff5abff97d638c583a3e

SHA1
26f2fe5b481650ebc1cb5954335070966a5072e7

SHA256
3a72ed3e55309801b85bde2b3fae40ea5a96db62ca5841276fba9f31a9ec1f7f

SHA512
c828de61076a99a38388d9000c0c335957eda65481b8ff599f47f699ea277b2e14e4320471039a6152b08ce6b4705f5a3cf863f1a309a9d8c136dd104db39ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
404e83cb7c2282c4787a195a0618d6eb

SHA1
f8eb99cbc3b99ad01fcf1524fbe5737f6ee83d40

SHA256
05752b3b122d482f8f22352f0a8083c17722958a1d58ffe5484c0fa162af9c84

SHA512
7c82e031d4e8135686ae970f231e4a5de980da3a2be820052f4d6d232f854d0db8b5b0b7ce7a85cedc054b472acf432f5ec6a6cd580e15b9250007d4de7435cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d578a13eaf7055b2bee430d7e0e3645f

SHA1
056875c01c12a32ab426eceadabad331846d27f4

SHA256
9b4d97413dd3c04ad8c4f70395b3289ff7fc90ee98fe0e90cd0799e7c90f20b1

SHA512
b6065ffb797124a05f716f5c70cf3062ee83e94ce3c1a575bf88b7469cd34195137ba447702bdc863c3af78be71485cf21647919f2fa3afdeabdabae1d65a64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35362d63fbe94731c51a614834e46594

SHA1
affb967e18c64fbcf1fb0d27c32649d2a5f641f9

SHA256
d685abf24d3d9acae6a9956cdd04c83980daa0f35435b12446a4d4251521af47

SHA512
d311ecc49306120fcd753a1e9c6dda09c315796a872b5d2044c2748f28a47f4461f85f427ec77a8a28b36322984e0e68806d964c6648549e615f189bc7490957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
2ce47bf59dcb0d6844cb887902abcc60

SHA1
38ddb5b8bd76070b8f90f128f0a5ad010ceadde6

SHA256
fdf9e40f772fa0354400bf03cfbd91080b57047e363b801afdf5eeb926043505

SHA512
35c3b73ac06efc5ba16ee01fdb5d54d4cff0e8357199a8c4339b7d1bcd5f2dcbb30e442f13330528fac7e9f74dc7dfe771cd8e7d1c3bc5279f56a5c478a4f239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
96a081a31c7d620ef44d75a7342a14ec

SHA1
a2ee0e2198ae6f55c9c4877107f8ec90e3790534

SHA256
3df8d2ec686cdb29d40fd86cd84c1556253622480a77fc136aeabfa416d0dcbd

SHA512
a34fdf3052fcaf012804ec1a64409edf7799baf45cde4e3a7bd9a9f245ad450e5eeba075c3180f316387918ddc1cc07b961bc4f84291fe9a54b0fec5260570db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58215e.TMP

Filesize
201B

MD5
60e5346470dbe09af52c6473c3ce21da

SHA1
86d29cb18799aa02edce32dc28653ec5a34b6e5b

SHA256
3357221d3275a1c143d6814fae74098e5ed92562b0bc6df271951c978b687721

SHA512
b44f7be6d2d550cd017a8f748236efd9764eac7d56b301a3b7e0f6bc4bd233d692a3a9cd53083a6b8be8a4bab1f690320ef685821bc2c8f24b5c08d39388cdd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
483ff839b1b90c6233b9f61db95a2221

SHA1
cce8bb2af2b413acde2409a0a9051339ec91bbe3

SHA256
1d6cb6c5cb870b4af41d2648b5ce62107211ad7c94e21008c01591ba12063d34

SHA512
99ea5552aa97374ff874f7bb3fdec358ebf0ae04122eb29c89e45a88f16c15298b28788739a2533821b915192066ed41c2cbe33e46fcb23a37de099bdcd4efd1

Download Submit