3688a1779dd433a8b11e24e82949c557057f881e039dd3fd1dcd61837efcb5aa

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9968c05385047cb42a4a7a667c38463_JaffaCakes118.html
Size

91KB
MD5

f9968c05385047cb42a4a7a667c38463
SHA1

dcf044f212ae37d03cd06db29962d71dcd7c31c6
SHA256

3688a1779dd433a8b11e24e82949c557057f881e039dd3fd1dcd61837efcb5aa
SHA512

7e0daf02b3c03da72a8873b018e21e8c18b94d88a51564ba225e02ccb9a4862325d5efe2a1f04b64f470500e34ca3c7b9e040cf7a2d237c69a28183a801d11e6
SSDEEP

1536:kgkzaqviy10VFhsEJOiwJ+IMYslmsmlIXiQCGGv4bWVZ9/1liL9CAYIMNAmC9trU:kjzBfGOTXs+rmwEMNdC91Be

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2868	msedge.exe
2868	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2384	2868	msedge.exe	82
PID 2868 wrote to memory of 2384	2868	msedge.exe	82
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 1860	2868	msedge.exe	83
PID 2868 wrote to memory of 2028	2868	msedge.exe	84
PID 2868 wrote to memory of 2028	2868	msedge.exe	84
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85
PID 2868 wrote to memory of 2648	2868	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9968c05385047cb42a4a7a667c38463_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd95346f8,0x7ffcd9534708,0x7ffcd9534718
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9089368556799871165,12979011266242695937,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
432b2df844811f5ca71e1921aff6f689

SHA1
9cde31584afcc6151515ec286c9d24f22590f9c5

SHA256
3d8027ced285c29b5680f8c627b59068b190d26f0cc4d55afc6eb473d2077c93

SHA512
a5a2910d6ef239b0ae3fcfc040759a01b1b31f2eae3411f100ac63072794abb883ee4430516497a8a4c736ffce5a2d34fe00e766b8aa86474ad343204df7e666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ceb727538aa706ae6ec8b5eee78ed231

SHA1
0311ab5591feba600963dd401f2d4462b8cd74a2

SHA256
c1812a9449def9c490639bd88b3a9144d665189baa4b1988f3eec67b18be8f18

SHA512
cd36f246930865c57ceb377b0683fd2c666f736a06a4c92b65844b0a050c7a144c61d136a4f257f77149a0c6b346a657c0e8d5a966408bb4a4735ecde05a0566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
391b407aa00334d4c9e18a0aa30bd8bf

SHA1
d51764d412388de548075e1e448cee93f3a61037

SHA256
74d626f0e01d52a8146e56f83e54b1d879a278dafb3725f044415ee3cdebd039

SHA512
38d4a97a075e48eaea0ef4062786a1cb0d7ca029c3825bb60b3ec71cc21662bc64f3def45bc08863386c779200c445e9148276095b6ca339cfd258c1f9833ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
072d51d4419655ce4ec82284504d2148

SHA1
e1e5bc6209e6181433786bdcfb5836438e103df1

SHA256
135d904262d80053a179b08a8a5bcc82092bc761c5fd39e71d2569a22fe26f49

SHA512
9f011de09a438c5d96224f67199a144ffa0b92454c3f2be034c0884864aa0e93f81b236a24ed4859b67929878db0b326f5ece283dfaa34cc240219e11bab767a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
431e736d6e6dbe736c40d945fabb5a50

SHA1
a090b33530f9628dce38b9d968808c039737218f

SHA256
b28d330070f1fe66999bfc1e3161506f320d0e3754c79cb84101ab90d62c7dc0

SHA512
fc481e2915ed271f21c441183caed31141203c88e90512866b6d9250ab16b22e46d38dd580d4aed91957926a02ec862163c2896af978c56381156ad6495efd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7bb61b34364827bb84c21b58393af87f

SHA1
5f95974c60a62b8f1ffc28003bf4824aa4d7cc2d

SHA256
e4eecaa732f52962cee39ba31abf0491c2de4b765b4e352957714158e51efc1b

SHA512
fa5aa756e653cb18f61d493f3d47f90bee9accc6aa52f87497607ef97ac7861fed39b868862a8453cfbcd16f7aaa3c77395dd2034fa30bae84a22828595e58bb

Download Submit