c2c85f51a170d8dfb02c48943bf30446d551ac72bf79e5002b8d22246cadf967

Analysis

max time kernel
147s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5141b34100d02c14f9ec647c1927be2_JaffaCakes118.html
Size

60KB
MD5

f5141b34100d02c14f9ec647c1927be2
SHA1

2f55dee481fab76e0d42eb2383ed8922fac92c22
SHA256

c2c85f51a170d8dfb02c48943bf30446d551ac72bf79e5002b8d22246cadf967
SHA512

8a74de59166139a1fb9680b49a1a12328c21e810bbe2b84f9fd071a4d6294065851f05c4f2b46b56d1da04836ffbf688e6ad9a830c530b96b00afeef710694d6
SSDEEP

768:+pQODKOV+ledJTflleC7mc1NtEHzlFlqFop9Kxk01gGWhNS1l2Sqg48U8:+pt2KFe0mc1fEHzlFlq2BRXhNS128

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
1400	msedge.exe
1400	msedge.exe
3884	identity_helper.exe
3884	identity_helper.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 3644	1400	msedge.exe	82
PID 1400 wrote to memory of 3644	1400	msedge.exe	82
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 4364	1400	msedge.exe	83
PID 1400 wrote to memory of 5008	1400	msedge.exe	84
PID 1400 wrote to memory of 5008	1400	msedge.exe	84
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85
PID 1400 wrote to memory of 4200	1400	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f5141b34100d02c14f9ec647c1927be2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9addf46f8,0x7ff9addf4708,0x7ff9addf4718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11869641192548755980,16061196364557548635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3bdd1240-c4f0-406b-9554-68d773ade9fc.tmp

Filesize
7KB

MD5
1b74b3449f67c4ceacf692992aa526a4

SHA1
c1c44cba36a26ed57fca47a045a8337510d95fda

SHA256
69bac568f8fc03b2fe8796b20a0cfc3d48630318264c3eab413876376cc89fc0

SHA512
fb56e820ae5d0d7c9c6b65a8d98b0f7c38897087eaf8e82bce085c8a0a4b34d41fde65cc0043afe4a18bb3ab937918fc6146b2db7ef3f71c943ebe69a10c5105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
abf2c57c36c6d92d1a26b33cf87ca700

SHA1
820e51618f4092c4dc532aafaa89e3ba95e6afea

SHA256
3cdbf7341deb9ff88cf1b0e6cbc5c04c83accf7dc1354695cff1236cdf745162

SHA512
b15cf8614a2ecbf69b96e18e9d02b4dfce9d3966bfab518e84ed0d02a8b85ff10d0a834f3e569133249b86599d4fe50f252175be41f8871f784ee2c2eac6defe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dbfbeaf17c397c92e2d16307e96561b4

SHA1
2207047207373532c04eceb901ea275002734419

SHA256
49c586af778cdb769da2c35a855ebe80d6b373a03e584686ed71ae1a6ff69203

SHA512
260dcc6353da1fef4b96dd7c753ca9c98d891011e28f6c439942d90d031bf88a8f0bdb0fd0d04d1b80fd4033c190beca5b31ec54be943f7b83d862ee9517e206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d0439a93ea5613319246b8fc4d5e6af

SHA1
d7edeb2c01f63f63ff5e752a74e0713baa5e83f2

SHA256
21831c03e84c04ceffda4e2e18d891df8f1cfacdef5c1af69810e82a6876e7f3

SHA512
40e952b650e72cf9ff7166254563d6550adcc3549c13710c7555ca808705ab68a624fb5a4ff9a917f5492d2a09b83da490a61286cadaccb1e627a9d20f05f6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
620350bb7e23df905e7d1e421f96bd5b

SHA1
5d89ee410cd71483e98973321089ac54c55bc352

SHA256
8c4f82c1016962c1a16da5f535a276bd7fd2fbfff94196cae9ed89f4677313ed

SHA512
4151d50af0744cbe6ad375e771c46aec7b743daa2a888322d1a2975fbe277293e290e539cdb8d35c8d446f8cdbd607df75ff993248c594fcc078a0fa93db6bca

Download Submit