4386f818ea2b1ea9557ded85fd7c004de650d8d1e2f51c1d65e58493327f33a4

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b394c71354dae798fde1490c5d725cc2_JaffaCakes118.html
Size

15KB
MD5

b394c71354dae798fde1490c5d725cc2
SHA1

956016689a18a39d34151d9004f5316f0ecf129e
SHA256

4386f818ea2b1ea9557ded85fd7c004de650d8d1e2f51c1d65e58493327f33a4
SHA512

0c3eb10503d5d4cc3dd27a4db0e44ec98ce07f01ce23ef4d8c3441f9d656e574cdc1625738ddfd0c010935cd3f6f0d750c696726198288fcc014ac96a8544302
SSDEEP

384:LzTE5uMfHFqcGTgqt0RF2PlD78APovM3AF:zkuCHFqcGL0RFwlD78APovM3AF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
4592	msedge.exe
4592	msedge.exe
4928	identity_helper.exe
4928	identity_helper.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4856	4592	msedge.exe	84
PID 4592 wrote to memory of 4856	4592	msedge.exe	84
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 3024	4592	msedge.exe	85
PID 4592 wrote to memory of 2328	4592	msedge.exe	86
PID 4592 wrote to memory of 2328	4592	msedge.exe	86
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87
PID 4592 wrote to memory of 3340	4592	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b394c71354dae798fde1490c5d725cc2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfd4046f8,0x7ffbfd404708,0x7ffbfd404718
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1480 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15767531913126422273,2463529356646730302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f219caed450afffe5cb89a3476004e1e

SHA1
0ba265e48d4558a6a1897e3b36a24e71318bf644

SHA256
07295172e867c0682cc78719116a787fc12df3464168ab4a47911f1ef3952c26

SHA512
7507129492c3912bb9512508a967da3120c7e03ce6e52b4347db78881483731525d167870cf1f4c379eaaa45b16789ae7545b3370ab2137d60477154a5c09f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3884809c247f57c23e65431d0028c71e

SHA1
6810ad13a095a6a7c018ac86bbad5677d78cac1d

SHA256
f3528d91820be5270d499496c68668d6666e2ba2ef66f8acd53ee944927de204

SHA512
f21d4846cf8ab7cc0c9ebda1fc584f18b4ed211c559fccbe160eb489c2de2b36ebcd1e551a25cddd973ca49469a7733fbfa025064d867b52c5f4beb84b6bdb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
87c30c0ab95ebce1536344aa85bf1479

SHA1
e499ac5a2010d17b205c8608f87350d495181904

SHA256
80a30c614961b07959ba66c984cd900fb765c11bfc5834acc1ed02e5ca2c7bad

SHA512
2b16edacd08420fb1f842f8ee1647a69cd970ff487f101eaa7760c2b32a343f9b4e878a6120b3fb89b7190129ba124d76d5eafee06cdbfa943067895fd7523c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed8acc9296f2b3ed715e15941f7d54e1

SHA1
351c4fed0926ff2ead60f75e50879c79899c3a56

SHA256
24a5a0c779339013498100e9dc61901239597f0cc4535113c7997892c1513361

SHA512
cf3caf4808d3329a2b85cf2015cd98299339cbae989054e32730f7bfb6866587f2765d56fef2bfedad94c4bfcb3471b6a3383d8a5384f1c3cc13dd5ffd3ee974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d0a8d2008713777183f15a7c7ccae14

SHA1
c1a5edb93acbb9d0d2cbbc2b04bfde1527fb38b2

SHA256
3e4861d1206f0f578c735a1ca97a3f050242678b50e29fa107b485f6471b46c0

SHA512
d2eb25273b820e8141bea484c064b236045745aff2a96e8c30377183f8b1a186814d690a947e4808b01e7153f2b38155fbb2a67e9efcb8d0b8a59b6f2550b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cbc9f9d7c4c003fb60da9a9cf7ca6ef3

SHA1
2ca65ad9276c698b1904bc9d92105ad9a34c1420

SHA256
f9743645c728df5e689f48cd32295d04a921439a6af4fd4efa1a5bf73c30b6ae

SHA512
c2e4fee043540d8604aa51119441daea2269aaab7f643ab59227f0ac86c0c1d16083035924fd14e957b23e6c54228542b648da5b64557315f0d56b9746542b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57efbf.TMP

Filesize
1KB

MD5
56d0b9ee59b64ea8c8ed5dba8bd5c138

SHA1
82ace7a60c7dd429c600f3e192ca56aa1c3af8b2

SHA256
33657df39f11f2bb12e326cd29bc3a15a3d8d8d1dc1c28b3fd42fc883ed589da

SHA512
691a816d6c1e7e36fbc6902ef5e53ce918fc5afad7c79d3d63d9a1791b051b1c956ec7a53bbc6d2db2feb16466192957876facbcf784e0c72170b4f6a7b6795b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b6ffe3c2aad41dbda4c6be8c71ca293

SHA1
c52b6100f0aa0db78ee9c3d96fcf299f592d9714

SHA256
0dbdbc0d730a05904f32911eff6427db4a702f4d7049035f24b8074cf836c99e

SHA512
4b8fc8cddf6b9cbcd1b273e5d0ec14b0c5eb14948089f156322a5f5e48207118bc94c4bdff6c653cc7b46b7b9dd4803c8ef14f831d75d954d70c9fdb12c4b83c

Download Submit