39f5ee5b0410ae4f2c43696ea7abb8aab6ab47b35a90b2c6eb8485a02059b4c6

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7067b9f53d6fe3969b834a03ba25f664_JaffaCakes118.html
Size

17KB
MD5

7067b9f53d6fe3969b834a03ba25f664
SHA1

881f69680b45bfd36c7cf4362d9080cc36904599
SHA256

39f5ee5b0410ae4f2c43696ea7abb8aab6ab47b35a90b2c6eb8485a02059b4c6
SHA512

264e446e2e5a07a8e3a6efbbd8ed57221abb057b410aae3094b7901b8d56bfb554dd076ae6a2bd2bcfa26d90fd6f9979ed4b885e9a425f523518c29d08217a59
SSDEEP

192:A+hq5jcDPWMJ/1uJdCmrPJABbNJmcI0ZCHYQz5MmvGrjkrs/T1wKYWxi9mTHDfFC:tqciBCKoJm5UCn1pvGrj7wKQ98jDJ2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
1908	msedge.exe
1908	msedge.exe
1436	identity_helper.exe
1436	identity_helper.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 556	1908	msedge.exe	84
PID 1908 wrote to memory of 556	1908	msedge.exe	84
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 4668	1908	msedge.exe	85
PID 1908 wrote to memory of 3024	1908	msedge.exe	86
PID 1908 wrote to memory of 3024	1908	msedge.exe	86
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87
PID 1908 wrote to memory of 5068	1908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7067b9f53d6fe3969b834a03ba25f664_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbacd146f8,0x7ffbacd14708,0x7ffbacd14718
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,6581957166336075243,10821686070821135468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
f87f5a970b5eae668a82ca4a0e1c3f00

SHA1
a95bd9d725ab99e586353fff3cfc47941369739b

SHA256
f8bb067a827f6e72b673e01b031750964e2fdd977deb00e63c28b14bf681ed20

SHA512
bcabf2486ec9f39afc353c68b180cdb7fd5a8b492e999118d11fc87a07ecccb919dec028dbdc328bda1ec75ba3d965a431fa9348cd59c2b938bb0fa6bcab2f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9c96cbcde03685d2c564741406fe70e

SHA1
404746f7f6869b8387e87f7319c7fe560c7b2256

SHA256
6abb6248a97461e990a0c2789de112fabd3c6e5a17de936824ca6bfe788f0144

SHA512
2cc46d66c07e2f74ca072e91bbbdae6b54b919e38e08341436cf83eb18eb5c6e6a51571bc58fb5ee8048b84ea9f745d5bc5b67da4e64b7e3333da457bf17c633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c8b820bdc3ece1887c79370e324645b

SHA1
bf9ad00b885777a2a09e03142f39713d5d7c6d70

SHA256
1065db49067cac39639a3712efa395cefd53c0e036eea77011ffe3058c71ac0e

SHA512
c1a73f05f1690c934213166e17c08e2347d0c936cfeaef87ebcb81d5822e1191352440b76cb78ba7a880ea64e0d8ba2287d1d56bf30706c87d66efdc02446b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a993bf4818cdea08b4ba2a72d76886c4

SHA1
5c823f3a6b8f472de4aa408aff9d06298b836cd5

SHA256
e91691052153081885b406c541346d84cd9b47eedbbb035dfebb892bc44bbbf5

SHA512
1e8f34bbf9775e5f41725db206d07a284f796837257418867d9530ee302a7418c5abcf35b0ba743fcefe3c5144c98254c4e0fc6de0568c247ec9c38c72404bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b438726767ed1a488d0d0f6d1004c2e4

SHA1
167c578bd9e01a7508820b554eb4bb1fb50add29

SHA256
2c1d5a28a0cd457ce0517d791ef63341f6edff7f43c8f1b0773a2202aeb4ae6d

SHA512
cec7c57232a5bcf79ff2d29230882efbf9497c7853e92b1b40e0d6e19daee2c58be35bf8b69b0a2b8e6122d6f9791233eef1829d5b4bbb021cb7fafec02339ca

Download Submit