cb38edbbd959167d78c70e34e9e31f4add23e8bc78e50e8644a310097466f540

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37f40a9a08ac7784378d8d3f613542de_JaffaCakes118.html
Size

162KB
MD5

37f40a9a08ac7784378d8d3f613542de
SHA1

7448bc1b594ab6c709e8194fafd44a6f56efa4c8
SHA256

cb38edbbd959167d78c70e34e9e31f4add23e8bc78e50e8644a310097466f540
SHA512

0a01e94cfcb7b2afdfaf7a407bb93d16e5a6452b161010f954c505514cf4c4f4d92e3a35ea54b591948b4416deab8286891ee0c387a714b127221f3530cc86d7
SSDEEP

3072:WKJqJMb2KNWYD+uUUM4yLe4YXyuyXtN7zV/0RslXypIBK6SsbyTyAT9L+fmS9+f8:oATF+fmS9+fmSACnaCnwh/sXM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
4180	msedge.exe
4180	msedge.exe
2044	identity_helper.exe
2044	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 3316	4180	msedge.exe	84
PID 4180 wrote to memory of 3316	4180	msedge.exe	84
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 440	4180	msedge.exe	85
PID 4180 wrote to memory of 3872	4180	msedge.exe	86
PID 4180 wrote to memory of 3872	4180	msedge.exe	86
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87
PID 4180 wrote to memory of 4088	4180	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\37f40a9a08ac7784378d8d3f613542de_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c7b046f8,0x7ff9c7b04708,0x7ff9c7b04718
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,645599046091470728,13129945558643965642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
718B

MD5
20143ad6f00ee99d90d546f833386d4b

SHA1
26820dadad2c4454cf1dd74440240547909551c5

SHA256
a6360a3caa9bc72760dad3255a149cd7d1e1dfff63ff1c083624d4495ffdc1df

SHA512
a80700feac3b82cb997e59156ac8082b46095de03911d8abc9770f43176181a74c73374c6f4193aaebecd32d503a3dfe21831d23561c4a7ba1b785cc851d2640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51f0b1288509d47dc81afa703b887068

SHA1
2ee8206687cba09fa4095944a945c90c5876ae80

SHA256
752b04d2bc802c651d7a2f211520dc1737f75c7859ef3ecd7779815e85b0f694

SHA512
272e937d5f6d627f628a06d625ea499798e58e19b768702def6fd1022810fa001fb5c073be041e313ea20c3aec491c8d35e7887c413984eb98691d43d3b669b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26f58e835c7d57fe91897f7ab27932b2

SHA1
1bbd8236e7b76743344d9c4b4f02a6b49854a92f

SHA256
84f10401cd79f010dd464e6d6b4658b48a441b36b6c3d18fddde8d50097973af

SHA512
6926324944beac5312e0ad6377061b96d038d03a800df8501e86d4b4abf20514bd1b9b743ce1491f456d15098dece6f3ac425d5beae72f801ac8dc8459f0e9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3442a98b105cb8dfa667a92eedd83b82

SHA1
56705aa8594a827aa24826d3f32d7f87ffb6bdee

SHA256
abcb41b27410561ef58f3ac5809ffd02e2913efea887792d862e1bd2c0651946

SHA512
73eb73e619643e661675b58d7c35404bed55a9f38e7cd034c4dc1fc8708685ded7193228affb4ab2ccbb36a3906008dc19c3531e825431f22f4bad7f59ec9daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e5c609b439c9a9cb3b064af3b6b87f1

SHA1
82fb156c20cc708f94055f5d09658ef2fc485dda

SHA256
85f9e57ac73126863414cfd2cd9e55061b7062b1a620838c0f7f3d0b317d92ea

SHA512
d1d90a8f9a9cf79f9dadaa0eb36279ed8917534c5f2b674c1c8e02402df2276c0368bc209e1ed06ed75ae764445d02c6d29567ce0d23239e725918d825f8a84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
a78181bbca1f7461340bfbb56725cf04

SHA1
3dc1077f907c2a859d4fadb7302293c783d1f30a

SHA256
3a7c9f7ccbd581e0d1e928eeb70242b1b2af0272c860b94c58ba43d57eaa293f

SHA512
f97e02562b96977f6509a8dbfc0290a81e232e7d377970d81f6d40f3f2beed2585afd6d95a1cb6d252b8505f94b17ee1e06500e8a2ecba077171974a82c756d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59142a.TMP

Filesize
372B

MD5
9a9a18ea443401927e22ca7336838a6d

SHA1
af41d401b2807cd1e827b385f452b538230bf048

SHA256
3274143ef0d83e9063dcb4d1d803cc7ed790cb0845622e8ffd8364a7ba716927

SHA512
0643791f45efb838a1787e899b299253ed3f354bd6365cd861ad8bbd20718efe321d638bf452b1c6c138a69c0ab963765ecd86a1860fbec53bf413043d93bfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d3389761ef44834966be07e8f389b33

SHA1
ea099a4eee748b23192ba80aab7418760905bd9e

SHA256
e8a760ea5abc5ba475885acee39f7bef55eec78781c3228c94616e7c9e2f6e82

SHA512
56b5fc9832b5ed560a4540ea8a4a5baae21e755df93112a97e8da9beba6bc354c012c81f63c146859a0e391de6cc8a3d6dbf4d986b218dcdb26e55a62afd48db

Download Submit