9621f370bc596ae7d74f88a9791157604d9ce868d0a049b2702d171d2efc7ab6

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6ee20dcc15a876996c8b643caeb9076_JaffaCakes118.html
Size

47KB
MD5

b6ee20dcc15a876996c8b643caeb9076
SHA1

6de12419bc7482e858eaffa41d096cfeace07b86
SHA256

9621f370bc596ae7d74f88a9791157604d9ce868d0a049b2702d171d2efc7ab6
SHA512

ca9fc6ef715772d479b4a33992e0b9bfe4b12fb74014d26ae9150cda41d8dbd0009ba8b3738dc7216a470c20d5c82acf94b87ed9963786a55b934a35cab51640
SSDEEP

384:naYgSFFwbwMCL2CAavcBcxZbzbD12IlFQ:naYgSFFwbwWu7bzn1VFQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
5100	msedge.exe
5100	msedge.exe
2392	identity_helper.exe
2392	identity_helper.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 2168	5100	msedge.exe	81
PID 5100 wrote to memory of 2168	5100	msedge.exe	81
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 708	5100	msedge.exe	82
PID 5100 wrote to memory of 4996	5100	msedge.exe	83
PID 5100 wrote to memory of 4996	5100	msedge.exe	83
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84
PID 5100 wrote to memory of 2468	5100	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b6ee20dcc15a876996c8b643caeb9076_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8595341163041154411,6793414905734270931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
63bb8424d53ba3982f37af3444e5402f

SHA1
4bf21e3c2e05b526cc6d6648a6492c051bb13310

SHA256
356f06e0d1d38237094fa71add04d33f4c4489b0da00acb3953d4def49c9416c

SHA512
c69565e0ac7b4a40f2f9205764ce1f7ce433ad61c62700279357068294370209d31c3059974259789ed0fdbdb6f7cff03d9f2d54c1872b59baf13cfbddf4f2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
952B

MD5
376f670fcb260c6c9383bf32ba8124e8

SHA1
4749f10f66cce02a92636aaf3bfc93cfe10d3a21

SHA256
90aa22db9542ef6fe39072af6730e3d370d6778f4202fda00c2a30e4b70e02fc

SHA512
2af42ce83d7922ded763f72ab1789a27c195ac279daaf97663d2347f60c24fb0b4a879d477ef40f90f24f40d6220352405aaeb70eac08a3fff592054d8632b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71a8a3360d91ec7fe812b40901cac6af

SHA1
cb6b23fa9e908d5fc9cfb23a51a12199efa411a3

SHA256
0242f67b82e15ec78c6e781c67dc8e4b58e521753868d51d970a375d49d587e7

SHA512
fa7c9bc01ca880c14bc27925a1b8e55cf1cd1e879c20785364fc0ed3b3085188598d05bbc5df8429d368d047652d2ba80b949e176a7c8f422abae0e86172d904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a45bf4e436e93968ecd77564761fed9d

SHA1
911a751bbc75331b109c9d9b06029916e0b94c8c

SHA256
668f3ff89e9ee09c548e6456b5692264a6d673dd8dcbd5fa46a4cbde77cf1d89

SHA512
7be186f41c0593a7dc1c5013dd0b22fdc0aaaf8885fd06672849fd23630e1a604b656434109775d2de5bb88af075365c5b033cde227d56944b80a8cb360a332e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
6e425ce13b286187e72976c79351d546

SHA1
280e52c3bd2798f8fa4b1cca7ae5e6bbd732d025

SHA256
f42c0514272f0786e416dafdef9cbfecefe60c3ff5c15d33eb41ff1d9ff3828c

SHA512
d4fe3c36a0daa4cec71d77e2221f5a3a9056f45b83bf5fa2266ceb6fa5e6fa95bfc064a1d301f742c94e548590577c0409761407ce3ebedc21c38cc15e18ab24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578741.TMP

Filesize
203B

MD5
4cd676dcd43d09af8c91bee8368a4ac9

SHA1
349dfe501d268d0df8ddf75f4e70d965fa4c97f3

SHA256
3c4f5b31f0b61c6e519571c139b5e27b63cac00121d17bb5b62bc1b67f99f497

SHA512
c8865b0b3050842a7eb3205be09d224e36ad162c48735026c8a3fc453b1580af85ef595df2b08296a2531eb8a244c115089bd8c8012b5007a3c6d5e620769d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
050018a6545fafdd46f221b198874272

SHA1
89990167051a25c0647de2807204c67de490fe2a

SHA256
1fac67bca126d88e7d2300c88bfc9ce6b559374a7aaada13db686f4aa645ce6a

SHA512
2f2ae2b196589e46825b8c8d1d8bd5f67ec45907d417795fe8fe8bc149abc2818079ecabd7209f19b9eb3647ecc39e938dc31026ffeefc125d53eafbd6ef16d3

Download Submit