91d0658aab26026794aa35bd12eb2e272ce237a616956fa07c66a1a075cf952b

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 17:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d4e7f74d30bda47c1b56d24d9a5d0fc6_JaffaCakes118.html
Size

54KB
MD5

d4e7f74d30bda47c1b56d24d9a5d0fc6
SHA1

c2cfa291162b8e96866e77c8ceb64cd082516414
SHA256

91d0658aab26026794aa35bd12eb2e272ce237a616956fa07c66a1a075cf952b
SHA512

c9f7d5048e557276efda766e5979ed2d97c60aea76aa2ddfc2dc527f4f511a3f6d2eb962066e5761f4ccb2419cd3d70a802e9f73ebe74342169e36eebd98a796
SSDEEP

1536:gQZBCCOdO0IxCjXq2M5e9Vz8xRZjApXBfat+ppRq1sGjJLxVpSV0hVQ8eJYBeo5f:gk2U0IxWM5e9Vz8xRZjApXBfat+ppRqL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
4408	msedge.exe
4408	msedge.exe
2140	identity_helper.exe
2140	identity_helper.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4832	4408	msedge.exe	83
PID 4408 wrote to memory of 4832	4408	msedge.exe	83
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 3092	4408	msedge.exe	84
PID 4408 wrote to memory of 116	4408	msedge.exe	85
PID 4408 wrote to memory of 116	4408	msedge.exe	85
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86
PID 4408 wrote to memory of 2064	4408	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4e7f74d30bda47c1b56d24d9a5d0fc6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9984b46f8,0x7ff9984b4708,0x7ff9984b4718
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3444017820448498591,403698554838875935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
6c0c1f2e7964eabdde238b729d613f5a

SHA1
067c40de2c599835af6b12acaaf88aa93a8515c9

SHA256
bb30188b5200e2bbb0f2de8993734fed601cebac3914a2f5ebd972f2e898f053

SHA512
ca7b3f9ef19dc888266ca70ae2ea91aa84d0cc721ae7bdfbece087e292a95f6455c27698cdadb3a50db95bdda701eb1a1ac767891feea00d9d7dfd0c0e8410e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f9c19a0d7469fa140293c2c0b504afbe

SHA1
7d61f6b1357bdea38e430b295ceee0b302b9e916

SHA256
391edcfa748440a4b0f4676004e12891c0bef8d95d6093d61952958c1fdcc5d3

SHA512
726256e3117446c65dde03465f6c65483a2d2122bb8900fe227e903e4dd62e6874c75d7816373017a6bfc07f31cd711401c69c8fc453a1fc81988b0463341cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7f5222c0b719cfba3da2414f827f59c

SHA1
12db1245cfadb9d2473b986d1b9e20404cb5f838

SHA256
64bbcc022702759d45c04e20aa9c9f02625d06fdef330416c16f832f61794340

SHA512
7a9307cd0c8b62e1442add3189c3365caf8f0b029988cef86d2a2632646e5046ea89a2ecce90588b3596815aed6dc796f25c3d58840710ae6c8534ccb5a96ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab1217f4365c03fadeda88bf58f8ebf3

SHA1
6568fd4533ec55798c570f736d3eea74f7589dfc

SHA256
119de75a1aaa5197e7c61e6ad4569e1630ec4f09ff62bc7c559873c2d4c9e8a1

SHA512
867ddef05265f328fefe90800c7efb3344edd1da9e9c03a7c97c693e31f1e22a5a1c69b1a0d2e91382d140d4a237e2fc61f7708fa10dbc564e7ffb8100f20021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b32b5f3a10ae215c23e898c9b572ac8c

SHA1
a360bac43eba1861f2632816eb6a4530af63d337

SHA256
16e0cc09f28fe0875e1ff7664ae943c1c50dbcdf917144de204ead90296d4808

SHA512
48b134ccd11a5e8d55ee1f3eb128a5af05541c696d0a8d43c086c58eff6eaedf95431dc2dde2d98ddb7420ab7d0b86472c225c96a027cb8a1c00acc203cc4f15

Download Submit