1665be812f9e06b9cbc411038e72558738ce7fefda6b2f5aed2cf9cfe50e4e00

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 11:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e0103713b72e8d864c24203a3e786521_JaffaCakes118.html
Size

21KB
MD5

e0103713b72e8d864c24203a3e786521
SHA1

d142fc0f32e240188240e367754dde3f1fd1f626
SHA256

1665be812f9e06b9cbc411038e72558738ce7fefda6b2f5aed2cf9cfe50e4e00
SHA512

d7c86c3de17ae62edebf50366cad830dc0c51b6b83901cb912b831e4538fe6ac6d6d3d748eb79090bb003cdfe2eded810562426ac99a567ecac8c25cce545f9d
SSDEEP

384:Su6pKXo0lNWsdgeKQjr6UITHoh2da2XI8L:blSy7wL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
624	msedge.exe
624	msedge.exe
4696	identity_helper.exe
4696	identity_helper.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 3236	624	msedge.exe	83
PID 624 wrote to memory of 3236	624	msedge.exe	83
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2772	624	msedge.exe	84
PID 624 wrote to memory of 2524	624	msedge.exe	85
PID 624 wrote to memory of 2524	624	msedge.exe	85
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86
PID 624 wrote to memory of 2636	624	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e0103713b72e8d864c24203a3e786521_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8a19c46f8,0x7ff8a19c4708,0x7ff8a19c4718
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11179021569871720360,15113335117712799661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e17f8ad-dc88-4b7f-a57f-8a41946e4525.tmp

Filesize
6KB

MD5
79add4518d06ec7035ebc9ef2b4f1bda

SHA1
ea3f6a07b5701c40c52157c75f30d41f719a43a4

SHA256
be3e164d7549f555b14e546e636bd8728a3e265eb8e560321494e2316ee4a5a2

SHA512
2f883e55cf82fa1b8c91e390616c87e6b96792d7f545b01d2a44f7ea1d0d234ee19b946d81d7b1d1d623011c00fb053ca98e36fa3725bde9da7e53e83b53242c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8f565f62038d473260b112b45435c805

SHA1
40b7e00b8946c4fdb30fd95c5c14e0fe38bb939b

SHA256
2cd908de791786fb176e9ddc7b02b0113f92396b46e378419512995276fd07d1

SHA512
0719fae1d079dacaca6f28507d264f6b804eb82d0ecc08dc309c0b808386c93fb30221aac21e8530fad98679f4f26c4b4201d1713a52eaced03e35296d47eac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
db24ef26dbd8aba2a696d91410462ad7

SHA1
b991300af176bc08b25bf5d4676aa42ccb4cb267

SHA256
075774ea0b00975829e6daa5907ca9e018cc9f229347a8e667cd44e9a9b1964c

SHA512
551e95a4b7c5502d9bde35b6f0e6f821aa8e09e816f2fc47b650a57facde807c756c249180381b5316aaa52f68ca3564f35d5be1edf48826ebaa0c3008d6fb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
408B

MD5
32f6ebf7e8f52844704683254e38713b

SHA1
92a73f64478d17182108a70b4c5ce95d7831db44

SHA256
745b3b46ca534d3b6575f18f959f0183e4a05b8ff2f9ecfc46c62261ac664ec6

SHA512
67507b9b216c46e2a11bb9d8ee7d4d69bb340587440b80feeb3a1b817f1cb5fb3591820141e4b07337638f64edfb281fc2397fab710b154e1ca9d1a1107f5932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ba86723dc2a09e9f3807eecc168fafc

SHA1
8cd141eabffd92782acfbf5821f7bc03898fe82b

SHA256
37e26577b1c796b343e3802b995d34c4e647ef081a2e59414543cf5b195b5172

SHA512
573469429851a13da29b4ec8e7d52baca9c347c387eb6b3a573cf01995dada8408a9fddd08d5f7cbd7215fc8c2bbf761ad32e476893651d545cf95de5bfbce26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cd26fdb9-5db4-476a-a202-844760474abf.tmp

Filesize
643B

MD5
7a436f94331b84b5131983dcbd544dde

SHA1
c884f66a1f57bcf538cc9634433da33bcfac105a

SHA256
c09f9ff58fc831474c94c03a65633b4d736b8d13228717bab9bdfe2eded32d4b

SHA512
b9c6a25a7c9a1958867a0595507d60e52d85e671f6a9d3eca5bb9e192019362e8e8632539aa7e1774c9b1250f1bdca89d9caa696f4656656a8f08f04bbb1f9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3bf5cacdcb4bef360c58e015a87471c7

SHA1
2124e3f6382e3999dd43e651f988fe16fb5588b2

SHA256
204bd7f87274c6cb9e5c7147835b98f6275315903102a3583693f532996b43cd

SHA512
df913aae113ab0f4c81607ae2b2194d2a6722f5692380ea628ff4608101ba5549f086ad6cddd1f84784601c1035e58e8f57995b02ebe597acd37f7342e707c85

Download Submit