503f0ed4e449457f4046b2c277b3fc8691c7976e9871e75a65d7f29060961b35

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4eac84a38315563047ec45e50a7c77b_JaffaCakes118.html
Size

9KB
MD5

d4eac84a38315563047ec45e50a7c77b
SHA1

2df23545ed707c5b7e8d035e29e07bc3c2025819
SHA256

503f0ed4e449457f4046b2c277b3fc8691c7976e9871e75a65d7f29060961b35
SHA512

0939349c0a51e3c2c392f7e96f3e2099d33b7bb240fb13dd649d7a5e9a0c43f1825344a519caff004ddf3aa4435a6feef393b80b2c1f9cad4609d8ed002c6323
SSDEEP

192:N36yJu4gCJ4OUlpj3TfLU20hGJwed5A+XCxdAvYSNFFx0s526Do65WOCLd3qK:NdUllnUowiyxdAvvNF5n5WOCBaK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
2700	msedge.exe
2700	msedge.exe
3336	identity_helper.exe
3336	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 3340	2700	msedge.exe	83
PID 2700 wrote to memory of 3340	2700	msedge.exe	83
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 1940	2700	msedge.exe	84
PID 2700 wrote to memory of 3232	2700	msedge.exe	85
PID 2700 wrote to memory of 3232	2700	msedge.exe	85
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86
PID 2700 wrote to memory of 3720	2700	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4eac84a38315563047ec45e50a7c77b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c68146f8,0x7ff9c6814708,0x7ff9c6814718
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13879973095791028601,14136724173868475447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6f388ff189fbfbe9e3fad1a24754aefd

SHA1
d341e6ed92415c12b7d0e8024d7a5351b4484717

SHA256
53cbb2f28df4219d612d717b4073ec2808030d149f466322362e5db7e55eb2d2

SHA512
00b2245038bca6d81a56ae5c45a5ec6e8e5d1206aeaddfe75f84b627443e8d78d66715f9552a76095c4f61c7d14b09e1556984ce4f8090d9de8c261cc4fa8b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
443319881835b14fda88caab9945e84c

SHA1
adb420bd20774e8eabc4d3d53ecfccb20ae7cb54

SHA256
fd79d0831e92ccbffc20eed3a0d07b39a121b4f3be4f720d2981fdd2e7b5b8da

SHA512
39c2c7fd638c04ce244473831d3dc8175e8e9ecb9a0df38370300233202d7d7fa9166912b8d97b34efd7b90eab6da376191e1c5c9ce253e96c9686b886ab29fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b6504c8e6dbf7235516c3c54295fb2d0

SHA1
d94d64d8656d4ad1cd8922bde58ee8ffbb47d390

SHA256
3a0b93b4cf3f14c69c3cb393eacba5fca79580b545ec30437b34b48e3b158c78

SHA512
50d75411de7c17ab38ba3a3b6272ed93a663d9eb81454f9925786bf668587f4af8ad19e6406cf5d28709756c14678f3c6d639b9295ab3a409cf1406fe4c5fd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1eb2de343f2538b913d674e05b68224

SHA1
81e2b6f774bdd81cb3cba0e11db52ee860dc894a

SHA256
2ea0e647556f9f2132d2a968698730f340c8e2fa8af76d5d0dc331ee33142411

SHA512
f22680e0b15e810e8c04ec518717fb741d4816678ee61ba7dbe9ab60a1e0621d5864a03a52eee3e3785dcfa116e64f33106c1773fcab383ce7e4dff13c9dcd87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85109a4e7444e7c7537ab484965697d5

SHA1
7d28b2d5ce4b2cc8f6afb789d0d25e34aee87620

SHA256
ad180ed050284b58b71a848bcb00143cdea22cf4a217aa89a36df7d0b1ef66d9

SHA512
60d8e056879abcc4c5aeff55f5e314bf889dc085b9a946ef5face7d23e605ae188d0d95f8efa7b82ab1ceca36c047e397d1ed086a7bef615d921000d3c328a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5099487b857ac9287a35c2f8c36889b0

SHA1
defab8af81f6058d41d90021bff904c1bfa9ec1d

SHA256
d5fa6838cdda8df04a993d5bae237dc763c247a1631ddd397f2b2456d40c0cb7

SHA512
fb4ec3fadcf75fc1d08c9e63c9ccdc6a7929962a0a5695ca6aea41d219f3f108a27f18150b8229a77ccb74e96962225d331cce4d2680b04419d725b4a7398aa6

Download Submit