d086ad7b394e6d62fca5d126fc0f8a8c160916b3f46e4327e8a7270d64d9af0a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1f396bc95a7052253313dc7490a9420_JaffaCakes118.html
Size

68KB
MD5

b1f396bc95a7052253313dc7490a9420
SHA1

6fa5771865e48d79f6687ee28b20a67934257fce
SHA256

d086ad7b394e6d62fca5d126fc0f8a8c160916b3f46e4327e8a7270d64d9af0a
SHA512

82d401c4507f3d9969ac10b47a47a0c2ec9f5d5276fe467099d8bee90cfda91ab765b84dcc6b07a0686b13bcc080c7762e5262dad3b2b5aafeedaed8bad2f0aa
SSDEEP

1536:Is8y5L/ekvMo/rE0t7/zTAYFKD+KBrFqbX9u9YWYIXKcxDVID1hD:Is8y5LzZ7SD0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{D845A388-426F-40CC-AF66-B703A1C9133D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
2648	msedge.exe
2648	msedge.exe
1516	msedge.exe
1516	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 1164	2648	msedge.exe	81
PID 2648 wrote to memory of 1164	2648	msedge.exe	81
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 3032	2648	msedge.exe	82
PID 2648 wrote to memory of 552	2648	msedge.exe	83
PID 2648 wrote to memory of 552	2648	msedge.exe	83
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84
PID 2648 wrote to memory of 2828	2648	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1f396bc95a7052253313dc7490a9420_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97ed846f8,0x7ff97ed84708,0x7ff97ed84718
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2843170156860309054,901662141351770200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43712a4a3e7c753c631039a00cde709d

SHA1
360464423c2747ce7f6fba2b113c1cd685a155bf

SHA256
e375a5ed5c6de932eafe95a2240d67057d6a28de483204ceb0c0e4b9b00e1c60

SHA512
51d3ec36da296adfa930a9f3cf2c46f671dcbe72a1858982405cbcdb476b3bde324d66c0cdd1f7246c5cfd2bed6621a8b2fb85ba97e645cfdf85a4e209c364b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9ac6ce7d5a7e9f0ce295856000c0947

SHA1
5d6c42987ec452a0a1908d40ff4194b6e50ff160

SHA256
66d174f48410af8015809d1ab9518231a51aaf88f02461358e6ce87e1a91369f

SHA512
0b392b14f65339e9a4b877942f7c374e0236c4166726a0550489002e3b892d8b8ced91ac4987081bb07945da6131add3eb7c619a7d960583e57bdcce48a8dfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f9fd59f3dc359c91fd4ec99e777b1f8

SHA1
f840b3bd02bd7121f14d1f48ff73ee0c93132c19

SHA256
29ac7c75d65cded4fa486b6d4e74fdb25f33d590fdcf1b17433be7f9e00a8716

SHA512
966c0630e4cbb579a5bf9473e6b0abb9e80aa31cfdc61e2197092c510636554f39fbe2a2ff5616ada6443af779226ad3bf1db8953710bbb1e764d095fe974ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
648b306cefa22e5117c0caf16eb753c9

SHA1
df224b3579df3d7b8e463461ae143af6585f50e3

SHA256
5d7bc02d644abaa36fb16a0395b4d49d81156ad0718f56824038169c481112d0

SHA512
3c9c8bd7fd8871b5680663a14d98468dd6cf33ec817e5ad34208629ceabed49004652d5f854cfba5671512ddc4883415ae44ba217d09d277c9dea9c15561fbef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801c0.TMP

Filesize
540B

MD5
2b87dfb74ec93d05da158a44cd6a66e2

SHA1
94360ff5803fbaa13432dfb59150f22ffccfb93e

SHA256
13c9e4ca23a4f38ce158042e2bc678f4ada8b5e4ada4080f343d7e00610eed57

SHA512
837fc50709152a4b0651306d235799d56a021f4b58615aa1d2c9b7bc43f5235721e3be11731a873e637cba7f6f1a9763694eff3cee6db65fab1bd95c9da48bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dc2dd275-baeb-46f7-82c4-d603aa60131d.tmp

Filesize
473B

MD5
386efaa999e3afcc842e85c02694b2e5

SHA1
81830fff57f4303d4199d5d8160c775dc12f054f

SHA256
55fcee1ca8a2ada86698e77bdbc66ce9c371e7a8c8fbe6894fffd6a4df9d31c7

SHA512
ff5abbe864c6117befe345b4379118f44705319bf9a26583577d19eb6f3dd98532b9dd073492e756069ec4236daa442b03d852db8504b0f420602c73de9e443e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3828baf44616273cf219a5f00d83b10c

SHA1
4eda6f9e2f77f28d39be7e7d5cf4435902067049

SHA256
1b2af3bd60ede0767d8dd40faed36ae232a1774b2f8fbed41a173520d77f0d6d

SHA512
0c4fa3f601b1cb6b02b0e6866d7972e61e09054d29537093fefdcb4fdaf7b84d56594a5e76bd0091d2605f92973f75c80671b86f5d7e3ba99a6206b9e72a2e86

Download Submit