02cb1709b7d609a8100005b0308996fe6b8181a788628017d1192a2b72820e50

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9fdfbeb2a3b698a60b849a81c8df74f_JaffaCakes118.html
Size

48KB
MD5

a9fdfbeb2a3b698a60b849a81c8df74f
SHA1

f891aeedc30a7ea90d33765c6da512575d4ccde5
SHA256

02cb1709b7d609a8100005b0308996fe6b8181a788628017d1192a2b72820e50
SHA512

3fdd141fd7e332b42c3d98cc42eb025c9e7595f535f89aa948d2cc88ed48abf09dd61bde343d3aa6e27767892d77d398933e4cd2d89075f8803fa796f8ee1f0e
SSDEEP

768:e6KpCnqQwt18pB2F5UoNVHxGYWu/M+ZgKSVvw0YDpvc1dHRPrgit:eZH7ApB2F5UoNVHxGYWu/M+kvoyHRd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4016	msedge.exe
4016	msedge.exe
3320	identity_helper.exe
3320	identity_helper.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 2416	4016	msedge.exe	84
PID 4016 wrote to memory of 2416	4016	msedge.exe	84
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 3992	4016	msedge.exe	85
PID 4016 wrote to memory of 4132	4016	msedge.exe	86
PID 4016 wrote to memory of 4132	4016	msedge.exe	86
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87
PID 4016 wrote to memory of 5096	4016	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9fdfbeb2a3b698a60b849a81c8df74f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8234d46f8,0x7ff8234d4708,0x7ff8234d4718
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17384525595455332901,14416336576530293920,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ef195b45880821be4d04a03aab4071d1

SHA1
1fa44f31a908c7997327b8420f52d5053227b869

SHA256
0b7d4382cb17cb2cb234dd9511d923b47d4d59039716936d21de4c1d5bea2a32

SHA512
1a37be9f396fc019534b340b601c91c9857b63fd0f0cb835bd503aab44aa546b0fc3a3262ea06e16bcceebdffab94aae2a63b49856568652579e7fd5c20989d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
844ab7e963c5d207635381ed9c3571df

SHA1
50e059ad663c6d0a9515103fa8b31fd05fd13b34

SHA256
9016e9f27ee1573d0c79cf1b84ad5710cf5eff181dbb88b50d40d709e6118a7a

SHA512
8a8c2b92f61f3462047a4188a2b5c74ecae9d8be679beeda11caad007344f224fbc8ee138918f110d96fedf45330281d6dc5a06aa7e15099284a7d9ffba98b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62d3457d60c9f56491fcc5241dab837c

SHA1
aaedfe155e60dcb83787325c0a97fad043184653

SHA256
42fb3d779209aa642ee166116bcfaaa9ea3bc63accbc5195c0cc68ac3fe35986

SHA512
d655165943f00b87b98819cab4ef40b01d9d65f338c45fb0ae9362c451e960975be4538efe4deb7e2d81358584e7b5ea8b1a434010dc68b4a63477f69d6a5075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55f9afbe3d82b389811bc191fe43b8d3

SHA1
128b09bb51e39c1f05da7f607f2fc243caf21d23

SHA256
e80e86058de278d30c40af191c45dcabcecd2276acb61913a8243353d4e43d64

SHA512
0aee133cf144cd25e65765b90dc986e1566b92b74fbac252cedbefb9192fd0f8a169910f49575eaab6934acd7f76c0b65a76165b529c48a03f08809ffb8c6fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d31810840b326ce75c124af2a5f18df

SHA1
239b2d28930cb761d3f742db171c0772162eb6d8

SHA256
22a818e353210d921fc653d67957ac3c00d0416d5d6ab3ab109777c10f4e45c7

SHA512
e69955d9e19d79cdc54ba7369dece180c11552ddf1794db9decbf20d1960a272439f5e26a5beb3f0795c1034aa31ae5e117bdabe72eaa84c75d34394da8984b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
399a1e510464251ef3d4a4abec6df79d

SHA1
8d4aeb0e68896fa4dbbd19bb51f66d73d87cdd28

SHA256
7b2e57c51fd3e6a3c69ba828686915c85d44cfd08df8f896036d951c7bca1370

SHA512
251f0e05a71708d864507e2e8a5a0fafff5ba4d1a1007c8cb6b7a887e70fbc08bcf2f3251213f6805d32f89c15e8b23ce46c5dea408fe5f5f17f2ebed820bea3

Download Submit