ad1ddf02f8ad0d0a52b1b1cf5bdfccb3bb2c216d070fca7602a8effa48c43800

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c24ca9d039ac3269a5f02086ccee4da5_JaffaCakes118.html
Size

56KB
MD5

c24ca9d039ac3269a5f02086ccee4da5
SHA1

bfc8b5baa10e3809c86ee89dbd4b046e61065ca1
SHA256

ad1ddf02f8ad0d0a52b1b1cf5bdfccb3bb2c216d070fca7602a8effa48c43800
SHA512

26d40cb84f6a78e2ddfc2c55af7a3216eff0749613bafc4d5faf9be9a7921b3d953607bb4f467f2c7513d699b460db711b1d06f873755a236586e5ab1c89750d
SSDEEP

1536:SIY/Ivdp5UwAHCggCwqz5NiAweIKMsgj4x25DHLTr2x:SKvX5Yi4xmrT8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
1604	msedge.exe
1604	msedge.exe
4484	identity_helper.exe
4484	identity_helper.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 4852	1604	msedge.exe	84
PID 1604 wrote to memory of 4852	1604	msedge.exe	84
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 1676	1604	msedge.exe	85
PID 1604 wrote to memory of 2076	1604	msedge.exe	86
PID 1604 wrote to memory of 2076	1604	msedge.exe	86
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87
PID 1604 wrote to memory of 3668	1604	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c24ca9d039ac3269a5f02086ccee4da5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15eb46f8,0x7ffe15eb4708,0x7ffe15eb4718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16457522426302850601,18253593188774644684,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f1f14ca79584dc850340776340fa795f

SHA1
0d688ea4a2a55551db0b20a87bb8bc37c43856ba

SHA256
ac6987944dda1498d2b7d9c8baa3f80cc2699d706001faa863da4d91c28e44af

SHA512
d1399893f27e81f287756310565139690ac79f14122ace6587d4fa57282cf48af0b7bfce8d050827ce82f18756d22e81229ccd6971019baebc54486d22796fe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
412fc3744cfc1d89cb4af5da6da5135c

SHA1
f9a6344be3d8d488deb1cc2f83567562ac033d2f

SHA256
b4689b3d8eb6e614ac1f67c12d5c3da89e43fe00b6b91d0370bfe27007bde636

SHA512
4268ef3c0894fb24c37f4a33d5222aa7b239cbee09e035479197ae45b9f7afbffe57a291fbd1144bf66fe8d58729b9dead230c733c3aa6c337f5ab4f4d68cb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
38cb7cf024eb826a4dd748e9130fc15f

SHA1
5c0487bcd316a9ba4fc494b0a7138dbfef820b10

SHA256
3560210388bd386fac5eb110fcb4994b89b2f09f7fffafcc8b967915a1b2898a

SHA512
abcea9035ac90b75f95e6c2960c6d32b98212772387c7bfe2d3ced682c97bc18911546fcb08353b4efe7d82db47fb754902f35e65dc4f7ec6d544b78b05a67fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3759d899116c0987809274a3f8104b1b

SHA1
1154cc2bc2dad3bcbdf82a3b6e773bfd1898a91c

SHA256
7943988f807694ebd2ecbb89a1a3d7ee74d2d2fdd3c500c318e673b3bc3dde4f

SHA512
12a791fcb7e2ce5f5fa841093cf10bccfac6fe0fd149f2d78ff5b2b463c44f5611c8e9294ddea40755721978d868eeb61d8d3ca8f00ab044a26f16f8ff82eaad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d44c39a7500d7844178b9fb6166d9965

SHA1
88330abd2e94c4723763901ed81d251c19f61d28

SHA256
f4ebf9fbf3c9da16f6875adb6bd5727c0e98679489bd1b29fb086a50fd5043ce

SHA512
50a7e7e44fedc0ba3521a29fd6ed974d93ee775a5c6aa829586daf7a8cb9c6bd067755ac361f4f64bc92bb64300ed73b66f78c081d55cf1753aa2d30225cbee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bc9125b5-29c8-4d4c-89e2-12bcc8478e79.tmp

Filesize
7KB

MD5
eff33efe8023a9032cc346bea4a2ce38

SHA1
dc6de0de7cce59e61716d27f53296cc59fde7ea7

SHA256
3dc4c786e23fa1ea3473781c1f42ca41e73b3c90097ad5a52a9a8c39690db203

SHA512
e90534dbb023af201c8e4e005e29491fce1024cade5ef915f35c7eb5e85fbb96cd6dcaa5b49ac4dd605536ee80e77bfd0bf5829089e84260289614dc65d9f8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf7c934bb64e2d345522f0aa5a1b18af

SHA1
a00157ce332250bf681214c898b038f9b68d5dcb

SHA256
409124e5173411632cac3fe00fa8b3202044bf5458575136150554b5d57cf7f0

SHA512
6db1e6e4d5327616103d28ece3106a364dc1e67a305f582e2a5efd07846a77ae72598a748f99af13ebe9e99b30f4b064b2a2d97f93e211f35f6e19345b5edd5e

Download Submit