1a4f3dbdbdaa17c158db04641507643d673f87ce8e750df28a7479b8c1131a6b

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 04:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b0eb6039b0ed477d8bb50b73a5092f2_JaffaCakes118.html
Size

57KB
MD5

2b0eb6039b0ed477d8bb50b73a5092f2
SHA1

80dde7b651de027d7e35b259e9ce7cb191fc9fd3
SHA256

1a4f3dbdbdaa17c158db04641507643d673f87ce8e750df28a7479b8c1131a6b
SHA512

0072081399f95c863fcf89938fa01fef0bfbcd5eeba3f5e45d1859512db5f531790ebfb7beb6cc2b4645ec4d85b308dd1c56587e4527b12b4f04f76f523ccb5c
SSDEEP

1536:ijEQvK8OPHdsAuo2vgyHJv0owbd6zKD6CDK2RVroNJwpDK2RVy:ijnOPHds22vgyHJutDK2RVroNJwpDK2m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
64	msedge.exe
64	msedge.exe
4976	identity_helper.exe
4976	identity_helper.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 1600	4176	msedge.exe	84
PID 4176 wrote to memory of 1600	4176	msedge.exe	84
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 3452	4176	msedge.exe	85
PID 4176 wrote to memory of 64	4176	msedge.exe	86
PID 4176 wrote to memory of 64	4176	msedge.exe	86
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87
PID 4176 wrote to memory of 3668	4176	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2b0eb6039b0ed477d8bb50b73a5092f2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85e0746f8,0x7ff85e074708,0x7ff85e074718
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2334381836898073574,9708250244853404123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
3712642ec5ff8c31a43ff1f873a9022f

SHA1
6667ef9b046311b74c49498d1a591cacfede5585

SHA256
ff9a1b7b7313f243112518ffdabb35ae6547e95be07bf89415ecc51b2a3a5adf

SHA512
38e7b18ba7f7b32674f1cc509a2e677ad5d4c079bcc4eb2b988d28519345c3504335b4262a43c3a5b2929443f345422fa8456d0ee82efd403512a13da9833521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
96fb7f263694acdc9431aefaab2fd704

SHA1
7b3e0beb415ff6eece9e1522b556e494bd788559

SHA256
d3388c1288becdfbc250b89e5d640c14a509a44f7c83bc9e9ce86e5cc2575216

SHA512
4568c9b6714bf7aee4857417c6cb3cbd0b9a40fe045832fee6c7676a092d835ac17bfd06e12887ca05afe38f2fa045c0cbddd5d1adbfd13a69640a9ea3ff0164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d79b51efdcbe1514435e03e1cba222a4

SHA1
ae3e82c600b3997d9391a4cb1961c48795e5978d

SHA256
adc1de3caeb3f4ffd44e33c98f01407613925d4bd06d3e13527af474ec511e57

SHA512
ca348db1f39a943c5e511a11c683f9503465cb4ca1571377c42d10f7112d6ed8d66553cd36b188412a578da3612a636c5f4742c716fffc1e9a0dfddff81a57fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
025d053767767a642af2e387c3af96a3

SHA1
c0f447254dd8ec5fbc048e0a2cc98d7a64658a4e

SHA256
cc073ac076c68cbfb3fc0391349df38cda62b01dcb9a69657228c230bccef21c

SHA512
80d948454921e89b456c4ac8356f91614b30feae5055aae7cf795fb79c33c20857737f099e0be11da61ef88254ea27519fa5957d08ace556fe72c125a6144e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
238bd9809624289454274453791ddcc1

SHA1
7d4ee2f6878fc1fd6813455d5432ff27a9c1aa99

SHA256
c0505c1270d855a46af7fdbd1f3b3c38a4b4761193db9b265322ecef47971e6e

SHA512
f19e7cb62a0daa0436edadc8270c6a4876bf84e566a27fb8e72cb5d1028fa4ecce19441e3710a1f2d0b3c20039e2c3879ad46eedc7fe5019c5ca497a0ce55b5a

Download Submit