0c1bbe5d146ed89fe4c526579c9a0f09a272f37ce808321495df5c3667b25a88

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea99924a4aeaa66b9dff6451637cfa3b_JaffaCakes118.html
Size

1.6MB
MD5

ea99924a4aeaa66b9dff6451637cfa3b
SHA1

ba8ee4088c4ff464c1f16163f15b2dd77075a88b
SHA256

0c1bbe5d146ed89fe4c526579c9a0f09a272f37ce808321495df5c3667b25a88
SHA512

2b437dd53e5cf3b9191368c3882184920700a27a179acae8b9745f2aa16c8332d8b71e6ea6d7240dec4a0290b770d15d2dd4ca84b322272b726b0e9734a7be22
SSDEEP

12288:FM3yJ2nlaBIKjTACILSm4cIA6x3vRGiCL3CcJZmBmhsxGRI23hXHsp+J/e4l:tglaBvjTAamzzA3vR3XgZ5OGRzZS+U4l

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1796	msedge.exe
1796	msedge.exe
2612	identity_helper.exe
2612	identity_helper.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 916	1796	msedge.exe	82
PID 1796 wrote to memory of 916	1796	msedge.exe	82
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 2772	1796	msedge.exe	83
PID 1796 wrote to memory of 1452	1796	msedge.exe	84
PID 1796 wrote to memory of 1452	1796	msedge.exe	84
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85
PID 1796 wrote to memory of 976	1796	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea99924a4aeaa66b9dff6451637cfa3b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd83a46f8,0x7ffcd83a4708,0x7ffcd83a4718
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12303904210881121788,16554727906498897977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a4a06bd343e8a3c4a109070b876b9e74

SHA1
0788d34ee9a6b372c1890d10d0fec244dd0066e0

SHA256
742dd843ebf92c393421d644acfda4d2f9bd10a3e69c381820a465bd5a456ef2

SHA512
438eb41ed7f3ae72aebbeaa00830dbff1db719a126cf8f131d9d5b472c49f22ff7b567d3d5c327bc8bc47c9f5555498dcb6916fd56df6cc7c81804065701db1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc4ddadb7d5288330a1febb69503864f

SHA1
87831d4406a10706622d100dcd8f0094800a98e9

SHA256
e36a6ca8a85d4e86556762de0d2503645f55943874f3ffa0c263d903d2142fbc

SHA512
511eb9e2ab5a7f413f2879006943cd2bd559fb84a989327d7398021dbc48df7b091c28e82c2bac1f1f215d91ccc888e14d02f6104f96553f612c152feec111ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3dfbae8e12fcfdfc3c5ccb86074b8fd9

SHA1
ac140e15ced0d8626001cdfc636d5769211ae37f

SHA256
0b011c68e79ac40dfd0993bad38349406ab6f96a85b974e445d66cb009035d44

SHA512
a756902cac13de40fb368b3f07fcfd5cdaffd510282a95f438cb2654b1005f47fac3c92293505b64e2e3882dc436992485f142f208021de4d0f26403dfdeebd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3c57274a21fd9d1b7f0fe97a66a56cd6

SHA1
580b06e50587e235c88485ad76b71f8138075c0b

SHA256
9acdec3c12d7640f81ae45e5e38be0a0f97684050374bc61bb29dcaf0d3a35ec

SHA512
70dab8b5ec4baf059fd9a09e5e15aef82676b9888fc2e90825a7dd7ac4da6f39fd166ba5f0241748591189cee6fbf5a2a6652cc590da8c0afcebed5ea891655e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3a048a739dd8e9c4e446a1d631da7b36

SHA1
c73963832a1362ee7cf46356439a755984871171

SHA256
c11216ba1a8674549c31a50387edb38629b8b69589a6e1c1e6f9f2c676bb6039

SHA512
2947ba760b350bc194eb4e727e1525a64b0664b643ca42a3222dc49442e167d747f21b368e7627f97b9849b46b84963b3d80972dcaba8988c4a91a13674ed595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5896ad.TMP

Filesize
203B

MD5
fda31859d15dc3d6755222d8564a4125

SHA1
66595139ab802a880123c9bd65da52c72e101a1b

SHA256
95c7195d268848f6760885affcaffb8b01eb44291cd1b3978e58b842263b650c

SHA512
bb2f413530a3f097a6271fb69fe0cd677b877c3c7a6016a101007338a5095736451a51f3f3c9dd81c8f6401fe23b633029d8f34d020fc1ad0c6ef27904bbc44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c36de3ba-1e32-4b1f-a9e8-00c031744244.tmp

Filesize
203B

MD5
9e9c3bfbdc5c2d429465cd242f95b9e0

SHA1
d792caa73ce3ddc0ad29f3e02694c43ab80b1427

SHA256
27c6c33c4853182a328f5c32b17f1f7fdd843dc022553804db503fad5c07057f

SHA512
212cedeca19e565a6075934a028fff99eddc43c2701d51dd217a5c36c42c259bda6cab75b9587ae58afb0145736ef83204e678fb090e29ea5607d3160170c9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
491b375cf65b3103fb931628fd00948b

SHA1
d1dcb0351c257179e9003dc9d93e40c1691f409e

SHA256
8d69187980b3bd6e33b3064df97da42c88893494fce362a1064b2fa0072962d1

SHA512
5f6125d1a41add141efb1744578bf734c504d4dd02a2ad817524ebf146d81cedab0b52c1233575e27cd24b28174d7eec1acb0a48a55c3e1a11041e7d24ebb7b1

Download Submit