d3d2332b7ca59c1d30255f34f0e956cc0d36816dd6295d020e6f58d82b968ba4

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a44358e56182e22fb49cc60112948042_JaffaCakes118.html
Size

77KB
MD5

a44358e56182e22fb49cc60112948042
SHA1

6de39046b5ae99118c381d2c5f197c888d5573a5
SHA256

d3d2332b7ca59c1d30255f34f0e956cc0d36816dd6295d020e6f58d82b968ba4
SHA512

46f957ed3e20b0884e88490a8119c3b3390526179d066619fccf90a6e7fbfec3957002b9053e8fbfb2901eb550f6bb6569ac14eca4ed50ddbbe91b919dda23e2
SSDEEP

1536:OgZkAdqzFxWoCkAoR1u40FVxRz35EybzWvujbs14h+2uJZexn+l4mEt/:OgZdq5rrAK07H/b+uqmP9sxHE+ymE1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
3576	msedge.exe
3576	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 5096	3576	msedge.exe	86
PID 3576 wrote to memory of 5096	3576	msedge.exe	86
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 2780	3576	msedge.exe	87
PID 3576 wrote to memory of 1540	3576	msedge.exe	88
PID 3576 wrote to memory of 1540	3576	msedge.exe	88
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89
PID 3576 wrote to memory of 3776	3576	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a44358e56182e22fb49cc60112948042_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90de746f8,0x7ff90de74708,0x7ff90de74718
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
80219e4c8066c423a088a9dc04bc3599

SHA1
091cd825cea167b1dea5f1af4ab58f45e1c402ae

SHA256
bf563800d06b97e51534646bd95048e79998d467f69d54014226aed974c083ec

SHA512
18602eee051a726bb32496a7d730448d9149888a101ac09b4ff97e4a0a9518c5fbab02217717ac8e711dbe5c81a2db9a8e107b151fa541db0c780fc6bd0e9db5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8c84b9d3009e437501764e30035d9e11

SHA1
1bffec1a5baeb634cbd3fbc694ef8d366d9dc9f0

SHA256
1aee40da531b3c80bdfc8c64690c10aec5a9c9bd80daada64e0af61817ca3843

SHA512
8b38eb1e3eeb037359fd374c3554af62e5ceccc2f62abf47fe9f7a289dd9a6ec480905199a4fe5b1df55b218bb5f0cb36e6e9bd333dda1f6dcf4812333c71dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6988be4cf17fc6c5be351758be40056f

SHA1
5a0c0d10fc649f497b4ac3ce271af9c9cbd084a6

SHA256
fc080d3f5652d59652b2fb3a2f081e13e3a65fbd0dc815aae4f3e3bce5f7ccfc

SHA512
a032a459b8175afa5a2086284b5b47a66c6fd75e7e1a3c0ea321eb760ecacdb5bc12e99492fde8e77527bfcdcbcc71d7a32dcc0b75a22ce2b6e08b3ce0616eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c4058ab44fafd3365859c0ae423f386

SHA1
0a1f63940c770b75fd2f07fb264b6047ba56ee86

SHA256
13260f095944d1688c8493db36265185e7c62e746e1ce7552c8cc90f3b3dd7e9

SHA512
355365c3f37b4d041322a00cfdb20d39a47cc1ebd49a82ab0fbf6fe42e3dbab4f95dbdb968d5cef70095822b55928e5bd6ea1e00778b32122495aabd14343f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2babfa4c12ad26da4fc50c3fb5f75126

SHA1
6ba97955859f626ebde77f494376b9d48758ec6c

SHA256
8d7a8cc7f91ef3d240d24fbbc8e71535a94f102c04f4f3d3b37c9a4f2c36ae7a

SHA512
16f7eaf64b3a663c43bd803e538156f375ecda497be28db928f7f76bc356778c8e700f785dfca0790f4147a08b9842db6c0f9b686afb2c75302c3ab0035f8f79

Download Submit