f4cd2dab3dda99b34ab864291cd8d57ba45677ae5d92515235e66589be382bb3

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1611ad1c1cafa97b9b2222e778d0a23_JaffaCakes118.html
Size

203KB
MD5

d1611ad1c1cafa97b9b2222e778d0a23
SHA1

795cfd2462e69473674380666706919b29c8d65d
SHA256

f4cd2dab3dda99b34ab864291cd8d57ba45677ae5d92515235e66589be382bb3
SHA512

e8b252ce97c638acc30542c602984d5727735795980dead1a2601258085dbc4fef2653879f14a3dcb388a850d2cde9199e08bebf11543855d11bcc64351420ed
SSDEEP

6144:S+3BEyDvCCEgBdPW7nn1q1le0HkjJ61/s:fEyDvCCEgBdPW7nn1q1le0HkjJ6W

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2348	msedge.exe
2348	msedge.exe
4992	msedge.exe
4992	msedge.exe
632	identity_helper.exe
632	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 1308	4992	msedge.exe	83
PID 4992 wrote to memory of 1308	4992	msedge.exe	83
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 4492	4992	msedge.exe	84
PID 4992 wrote to memory of 2348	4992	msedge.exe	85
PID 4992 wrote to memory of 2348	4992	msedge.exe	85
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86
PID 4992 wrote to memory of 2884	4992	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d1611ad1c1cafa97b9b2222e778d0a23_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa50b46f8,0x7fffa50b4708,0x7fffa50b4718
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7467026029288172354,4099183205922649447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
581B

MD5
6d523a5d5f183dc9410f358ce4b8b9e4

SHA1
f1fdb2d5a7e21d2fe50143f32ce9b9da05a5a99c

SHA256
a11f13dc497ecfc70a17d181eaa19cdced3cbb170c68b32189272efe3e00479a

SHA512
ff788b5ffe97a6d83aa82815c1d0a4ac8e026d12cad52c43d8f9c2ab58b0007262e685eacc1ef701d3f900356b52d68f992e959fd750dd13a99836c0ba74977f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f9dfaf19ccbbff393ffdee911df6b3b3

SHA1
391a824c9ee37b81b710ff829bf35c80313fe228

SHA256
f6f1b6afe74371687c07e4eab08d8bf0eee323d1027a814bacb8ca9736e009c5

SHA512
8935035ca51b521dd37a053e4bba74b2a05352ed234649391e9d9775e0f8c4c883d51816e185515a61567da5a11650fe78862684ddcf143180d0767917e3699f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
812f2d4d3702629567707ee057029b0f

SHA1
3a561d022b95bd6e97a1413830c82015441bc236

SHA256
597ad30a9cb3f014f157a2d2a198167e038a9cac25010b3e1a2a904d2133aaf9

SHA512
3d10b3a2801e0622c7992b3a91ee1b0595b05a12fdbf09f7e693fd6f802388bea5890e9f8193ab3cbcda9f978826271d4debd3c5b7c4623cb0922e6425ecb7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
006c0dd18ab96462f27f3659bddfc845

SHA1
645baac2edf7904f55c7967f53a121ef6bb0b7d8

SHA256
f767024eb49123705e603e1a6f29a9ac8897048431dc9e705d7e4b6ae32aef57

SHA512
91a194d51506a02660613dff9f7b677b271fa89ef45136bb326534aaafde7270df4ecce73dae67c56f3c2cbdf23c3e6b55cc416ee101eafcb7117b12823478ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
09d9fe9fd3f55d54272ae4157dc0e26f

SHA1
f99e4d0c4673c479437274d51b6af74c385dd36a

SHA256
3dcac658d24422108d6091f51091504f934df9b395161716af869464e9378a9b

SHA512
b1c1fdd944982763bf2f67cdf48f472b00c6873d6ac48f1c68f897686a961469cbd97158a01a0f9bb6681ed21686bfde7a95dd1e18b9b2af01311816b505ae38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e678.TMP

Filesize
371B

MD5
f67d1f3395f81c3d304df370a317254c

SHA1
2742e73534c1025bd30c4647f2246e379671ade0

SHA256
3c7e8ceb3ddd05134d6e743c1121c860a272c792091e86690c225cf134072465

SHA512
324f21c8bd12d3f2868e4c82468c895b5cd6dba7f2c6475a4b891d969082175e8845edfe0ee6425daa1a94559f0ac4c23222a633d28cf8f48d410b06e77af7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6426e71a017832ea3aa20cdca1f8e4f2

SHA1
36da1cc433fc9426f53f573c7913a73ed5f41e1f

SHA256
cc5cd40ddf2c505bfcb1aa01730184cd5e1ae9ea432b3266ac96a08fe3b8a761

SHA512
12cfb918cc10b7239e71d8e014d6449007aaf6cb42b348ffc793529fcd0f5557ced1084853f0766cf34e6602bcf48b80c8e4797d170c7dd79ca4d32511fc0490

Download Submit