199c4e9e8d4d4971914bead153b348ca14f9c698673dc739fa31f8b003ec82a7

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94d4f811d1fe8f86f5e8187f7becb04c_JaffaCakes118.html
Size

15KB
MD5

94d4f811d1fe8f86f5e8187f7becb04c
SHA1

c9fc1e350a50e74a7f511d137ee1c7bef52bc7d3
SHA256

199c4e9e8d4d4971914bead153b348ca14f9c698673dc739fa31f8b003ec82a7
SHA512

3e234c3ddecb7165d335d1fffff6af40a85dbe36a1dd6d0f3e2aa1dd8ddc302f50e18a1c47f94c3bec0425fbd0d78f69a97b430fedae111218db2308cad6ce98
SSDEEP

384:RjcvbdrNnCoTHYR1hm2938NInFLjWWBNe+2V:tcvbdroozQd9M2nZqWBN4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
720	msedge.exe
720	msedge.exe
2620	identity_helper.exe
2620	identity_helper.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 3920	720	msedge.exe	84
PID 720 wrote to memory of 3920	720	msedge.exe	84
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4852	720	msedge.exe	85
PID 720 wrote to memory of 4912	720	msedge.exe	86
PID 720 wrote to memory of 4912	720	msedge.exe	86
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87
PID 720 wrote to memory of 3200	720	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94d4f811d1fe8f86f5e8187f7becb04c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0a246f8,0x7ffcc0a24708,0x7ffcc0a24718
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13826695927338278298,16356358591690055347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
255c4ac058d2242ac653633f9f71aee0

SHA1
a9fbd0e423ff1ed6fb22525e4a2f7951f50dd2e1

SHA256
a5c3b8f76af37d8a3bd5b03c78121885fd3b66aa242699f831ec0ee8d7b4d0b6

SHA512
5f32566d8197f13ce193bc16b2cc650c01476501f585731a953629869892d417ca0ddd3b820d6c8cd321c5014a1c728de03fa9a0da8c130faf60b8b86c319a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0eb05a5d905478c1dcfa27c9cf66dac9

SHA1
ed1e6fe67ec6c738f14fffb8879e45ca859e1adb

SHA256
838b534aa5a89e6c9603cfc56f0493732ca11054ec254eb2535f5922666febbe

SHA512
53292b9002397ba08ada813cc20206cd5e859ed4d21c75c1ed64d0cbf39dc3189b96595504b799e090d77a29e6bced992880269f9b82e813059b7e38a417e171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2cbd18cb4a06a5369f0780b9ea6a408

SHA1
f826e112dfde67bcde0b46a4253e5de998961b60

SHA256
fb6b52892094e9d2249202ce74cb1dc0f503e3b96179dbca055908f431a67307

SHA512
d1fb48ed4ed36df770cef44f7aa3c0c1ea9abebcdde736db28831bc6ebd531880954af25830c02a5ba650ce32a99e0bbc11f9eabb4f63d6b37986fb33195be03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0eb19e79811db340f7311bc1bbea3cd3

SHA1
99d4564ad381736c1bb4888bba0f79b68a1d47b1

SHA256
dc3f5798ea67d67a5b099a9313078784c22da08e2c9c37ccc827b0c8e5501f51

SHA512
bccb1a5c7e77b7770c9055909aeeb25da0243523888507bc0cab677fcce851e254b99f05e31169370fde253567a32f5c89a02d553ab13cb6368abca0d9ca78ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a54e047fae6cb3b7d8fe218329c26b4b

SHA1
cb4f0b04aaaf1c37bfa1df60ef4f2e9bb953ab5d

SHA256
f9148317d8aabbdf526b679a2b8f0408b81c5a77dc12ecbc5c1ba305717e2ce1

SHA512
d8985ab700d9237270d0b70133c7f302c041e331e79417a35ad013b455e32b43cee739dd74685882322b5aabd81673cb28b8888dd53ac5edc22535d50ba5cf02

Download Submit