d549fbb0e1e83b50f86e274051b296f6ae66b54adf18272be37aacbfad8d2049

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea345a9d2fca9316cb0c74b02c4988eb_JaffaCakes118.html
Size

32KB
MD5

ea345a9d2fca9316cb0c74b02c4988eb
SHA1

e3953ed66e1ab20b79a52208987a1315580073f5
SHA256

d549fbb0e1e83b50f86e274051b296f6ae66b54adf18272be37aacbfad8d2049
SHA512

16fd4694db111dc53f6a4d9906ea9b9ebb02b73013686c42d1f3bbeb261bdc50d6b18d3b1fa8c110c25cf82fb63e3875859a8698a5fa88cbc64403eece22ac36
SSDEEP

768:1pS1EqplZKCcuNc1Rb/NKkyapf4Kg7kpZL56Cy9dLB821l0hKJw:nYapf4P7mZLoCyG215Jw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4876	msedge.exe
4876	msedge.exe
3876	identity_helper.exe
3876	identity_helper.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1124	4876	msedge.exe	82
PID 4876 wrote to memory of 1124	4876	msedge.exe	82
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4780	4876	msedge.exe	83
PID 4876 wrote to memory of 4984	4876	msedge.exe	84
PID 4876 wrote to memory of 4984	4876	msedge.exe	84
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85
PID 4876 wrote to memory of 2568	4876	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea345a9d2fca9316cb0c74b02c4988eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed10146f8,0x7ffed1014708,0x7ffed1014718
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3856437691514813971,17856743968467201162,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5426dffb6872636c11290fc4cbcdc3a3

SHA1
86c0b6077fd99a75bd3a35ae8e5543def06ba4cd

SHA256
65b0246b58e225e80d48827b3c3c00cb34de5abbbcb6cc015ff7dfeb196be864

SHA512
74f9edab9dd9eb65ee92de2aaad1ede3c4307a4746dee1652f3990f4d81a530f2e0d6dec187e5246c241d1eda4e74b5a38ced39bc816851069af1806f1eff100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
84f824ed2a4a850e152e4a995cc52dd0

SHA1
c10dde7d6b4753c7a232223dada628621dc095fe

SHA256
ed9688e9d0977dcce187efbb007502635d47e3221958e3838d063485936bb68b

SHA512
b7c6b66474af2a1fcab10db83a227fd7ea2c8127608b3b86764dcba7508ac8c8d3a466eebe74a8a8cef8b113487b7de8c2ace7237259c33306bc889fe81dec90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
369257163e0e19fd41573f46517e72c8

SHA1
eca3720bc8682ffe9a1b88db6dd4e126130c1206

SHA256
afe71a8f5d780bb95a8c3affd70b0347d678f4403a9c71a8b6d960f0ca8972f3

SHA512
75e47542b2998c9416d6b7de547bc95efe4483b0abc2951e7c2d86fb78ce976f608554589606742eb4339e7a6cf8d37d7a5b6d5553a3f7c9ba9a6af3467edfdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ddcb10d748204dc17ff08337a704e7a

SHA1
c8d8213bd8394b475ff800fa1c63ecaaae09b386

SHA256
a82994a0742ae625411d2be1e877ab6ce70c75067a1a925032701186f66e69b9

SHA512
0d725c5ad0e0faea2c1c1891e44f6a914b2e0a81931bba4336b820e52e09b929d2099bc6a0a19aaa12fbf113b03d8908160b9896cf7a2fd0c7d02847227ab0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a496b2f03ed56c35b33e519273aec1d

SHA1
24010c57d2ca32a16c70d067e1ad0051d501bcc7

SHA256
839e152baac6ff59d0e25c39bd46a534449b2b426870a828e91351b5ad5c45ec

SHA512
0542e2fdade55ab681bfa47846c8024beb88e19dc7b92cc02046ac870f0cd3841ae5c3bb791fb5163c83060b40b0633d743bf7cdb85cf5e0b3cefb8bd13e2137

Download Submit