f1b472123ca4c6df0f769fa5cbe4833054c517d26d46fe2cfc5098f8b9bca5cd

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead1428dccfe40bb370550cb2399bbb1_JaffaCakes118.html
Size

34KB
MD5

ead1428dccfe40bb370550cb2399bbb1
SHA1

ac817da516da8fe87c539f3f0038dc1675845475
SHA256

f1b472123ca4c6df0f769fa5cbe4833054c517d26d46fe2cfc5098f8b9bca5cd
SHA512

41d0c431ac062b22600f534730afa628ae9c04aad527574061f97ff1c2bb6ea64df4f40157424babb3edd6d13dd6467560ef450bc1920a9ab12586bf651114d0
SSDEEP

384:yuETOT/PM8LNXwt+KHKqeymmdLdz/C/rgoONcEH2SOhhgSVccY+bgFCYp:YOTPM85w/HheQdLdQ4ctSOzgqY8kCYp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
1408	msedge.exe
1408	msedge.exe
3284	identity_helper.exe
3284	identity_helper.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1924	1408	msedge.exe	82
PID 1408 wrote to memory of 1924	1408	msedge.exe	82
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 5084	1408	msedge.exe	83
PID 1408 wrote to memory of 4276	1408	msedge.exe	84
PID 1408 wrote to memory of 4276	1408	msedge.exe	84
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85
PID 1408 wrote to memory of 2656	1408	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ead1428dccfe40bb370550cb2399bbb1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed34f46f8,0x7ffed34f4708,0x7ffed34f4718
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16262130208066881796,3868426016728119053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64c6fae2c75d4f070877e89129e854d2

SHA1
fd1b392c673d09e068adcb21d880d98893f7f05b

SHA256
e0d7325728014b257eb601cd0ea9cb1d30c92158e62344f98d8a034893de8359

SHA512
27196e01b7f713e5ef95171b28ee132fdc895949737cad45a769628227d8c7cb57b967bdc7a3aba96c30cab65083fb2dd5e39ed4864c19b7e84e5c6fe990e4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b4f93ed97b3c157e2742fc4ecfda683

SHA1
4e30b98c5151f00e57ed55c893bdfd2d5aacb3aa

SHA256
9603a4d3688ce848fc912f85e6840c07744266b266f3f908022c92bcae89c35f

SHA512
70268c459d5f01dc1c582299ee2108498dc301cfff73f62a3f2c0c6e98bf9bb6f7da7fe7f8a6b8202f4c9c6c3575895b45a4f61277ef64d7935678c85b892ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78bfea1f133078509b942392510e6ea2

SHA1
d58beda4a107cafd8f70a6624423b8a978bb0253

SHA256
d96d7fea6e814fb3d867358e90c6ce9d9b387ddaf5c28ed0ebff6c69ee556eb1

SHA512
23094daedf52a5130f1fff8a1092b8b8c9a3f5f5d182370638bf6b4c1e19db170ae99765b6e4793a5a120b173dfa817c46fe19f4de1aede6c049898e8c06f5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
d3b78b220ff8d43a848eb5e376e702e2

SHA1
ce00228170203549d044a1d4d0383e4096040d26

SHA256
efb7beb24b72d9afec5889df14c09390006b3456a302ad860df32fe0d8a1e3a2

SHA512
b2aef70366f3703033fd428e19e9287ce80b26915eb25c34f2df28b6183d4ef8550e8328aa42c3ff4b850660ebcd7e9d24df6dc141d1e34e2b19abcd93e65182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e668.TMP

Filesize
201B

MD5
2b586c3fe7d9c86054c0e4c2287c09ca

SHA1
eb1467d0777e36a22fe8cb71e7e0384dd9283008

SHA256
67419d4613c5f2621a827b7b8411a405e06c71e7cfbd7ccbbe7fd01ed6e3e0a6

SHA512
86110bd6475110e34de1f25656d12f4d6d2b4d0a51e319faa40898d2aeab7b724929d0b954ee47c2c369d9b8c3412ec78bd115b0e5361de4c71952168dbf8c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba3fab61-aa9d-4b07-8d8f-36da256e5db3.tmp

Filesize
760B

MD5
75e2f65f9a51562c73407bc7d00c7182

SHA1
e4fde236690f1d57c6bede2901cc8676a9b63d6e

SHA256
a30d826622a2ec84a0df958c15cabdad28b0da0187d692d5bdef4d3dde2489cd

SHA512
5d3c13583599e21438973c212dacd01e45dc26a3f96500276771a1ad5f197f2e1a08225149087ddd5cec87deaa22059dc8e8969f98ded28c22d0bf0196bcb8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1f5bd139edb6534a0cb938384b3e3b36

SHA1
6a10cac01d2eef454184e852164fb1406ff083ac

SHA256
aa104a9fcca48c1a6b95d0c8b8c73a761eedb513acdae3e1473a5dbc49bb774e

SHA512
b5536463a1ff37f0bc5dc11e64c2d2f1bfbc8dd20a4d795e0c0d8bea893dba5e42f8eaf7febc80eaed1b2826eee6dd557bfeba9c8b8d8c6e01ba2cce230550d8

Download Submit