87c3270c2496e905f2695f0dc4a805ab24de862d7923f49665fb79bb903ae3d5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 10:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a52d9dd2d7443cdd78cc23103dbd4e7_JaffaCakes118.html
Size

33KB
MD5

0a52d9dd2d7443cdd78cc23103dbd4e7
SHA1

0b7d3af787219fcc00315f7e3adac3056d8a5b57
SHA256

87c3270c2496e905f2695f0dc4a805ab24de862d7923f49665fb79bb903ae3d5
SHA512

57665f5c6ae2a95e9eadc3f03932cff600517de75b961d4a93d814c47a28b212de43fbc44d43ad0b0ad25e79d72abb0b4376d209d3a70ed139628ca75dc33f06
SSDEEP

768:J9WH3aVvt6ZAa5u8xIhy6aOsBlrnJRYinRQm9oQjH+1+/fX:J9WHqVvxayaOsbrnJRYinRQm9oQjH+1S

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
4196	msedge.exe
4196	msedge.exe
2964	identity_helper.exe
2964	identity_helper.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 3892	4196	msedge.exe	82
PID 4196 wrote to memory of 3892	4196	msedge.exe	82
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 4432	4196	msedge.exe	83
PID 4196 wrote to memory of 212	4196	msedge.exe	84
PID 4196 wrote to memory of 212	4196	msedge.exe	84
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85
PID 4196 wrote to memory of 2244	4196	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0a52d9dd2d7443cdd78cc23103dbd4e7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61a646f8,0x7ffb61a64708,0x7ffb61a64718
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12743939661166823344,4413201369441993709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
b51dabcf73579fd50ccd7f3e3f419395

SHA1
cd2ffd719e5946490e07b7262aa18a1fc588709d

SHA256
a48f847845dff67857d0edc748600b5990201a9496fc5adbd2add8c9edb4707b

SHA512
a92002a4f444160f599a89d9266f9162bd3f4bc7928df63ed9165de73b247a6fce027c45e6c4902318c25b295947fe1465ae0343809209e41b6b5e316c035afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b1bc704126394e2a290ba8319e7db95

SHA1
12a859cfbd5bc62eeb4677b65d73337456810266

SHA256
3ef30e40f97616991649f9ef2eafa09d4b8e1bc2c53c3d0602cdac834777eb43

SHA512
7bea4d28aee53fe62c9438a8b5521f551ba964bafa639201ff8760a63fa94ce804805dd3d20eb9fc6670fff0e31f673f035a1e4c00acba9415bada9a4716b54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f083d3ef45997f0f64755765dac5095d

SHA1
51ec455164a063191b4e31422b10d6a054add1ff

SHA256
07083f44da728867d0a8054dd90a4053eb216125e20579d6271f206e76bae033

SHA512
eb463d18fa0f241c2b1455bd427887a8d0792ef582c06c84da440e49fcf27d4d1d0c19d942a13a688a74660fa765efbd3d2e9a27582241e223dbd554b2f37595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9888cffa28b5e9dea60a85bff17d072b

SHA1
ec2e6ecef7b09f33f82cd47bbe58eb3c056af206

SHA256
3ce8fa40e4c4423448ae11def020fe7da12dcd20ad0828f953512a277560c7a0

SHA512
9c14343a4edf778c7ca56826f0b05ce00dedc77d669d2a9c5b1cd10788e5c0ecf43b4c37ad32dd771dfe7f35d8c2c2b5101d65c88fa414a84092d76ef300d584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
919683b796a99bc626dc475b302210a4

SHA1
a690b747af7c6e982d9141f43ec4553db22eff8d

SHA256
bc17e776701adc7620ad9461d1e677198f907964a3f14e8a19a57706e89c5f81

SHA512
e84585712b89d282fc2b450f349cdba72170ff2c155fa7bd2508ddbbe571373bddabbbce7864988edaeb19de877240da31fb0f8f98057f265ca6e521d0ea49aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
57b5018b9e3310c52c968ab3487dca4f

SHA1
777bc5d798c2d87e29f092ee3b35b2478c1d6f8f

SHA256
760e94ee357b489bfbaf56e916ea873e5597942cada516d33ece8c8bf5a23793

SHA512
0b78c08c8386e3619361b7b9471e21a2ca604e52acc45b451e63e13e1dad5d610cfd89acc8ebb33fa6fddcb1f29f328f3b9a822a3799ad60b01af8dda77b15fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5829bb.TMP

Filesize
203B

MD5
e166854a7f1b91c188bce5e355d1d6b7

SHA1
e66a24d926f1c4c53a86018bd3fc26571d59ae16

SHA256
e16339a263fbdfbdaeb674d33b220458ed960d36a767146a3e26435b1c8eaf01

SHA512
632c31b7c4227996936993cdcfaa938ba9c69afa98cf636d56f247162f4fff09ed0b78f91fd27871e97e21ba3e62a5775b70cf59d7b7c29a660ed7198160a083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eccc5945-f1a7-49ce-8339-3556e75642d2.tmp

Filesize
203B

MD5
f2d4e3b16ed4bfd694db509d80539346

SHA1
3acc0855818172c663f134343683b2b804158169

SHA256
ac34b30a7e131a0b30b473f84bb3750e0c574483ec43287651ad20089127f5db

SHA512
4a06c45cffcd2bcc69af2bc5b87914a7d5be9045645aaf0941d7f27672f017307b4270dbd1bfe45c8317384ba9cdb5f98bcd98dc4da3dfbe190ed9661934da9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e693150c53d35e58e624937ef6d77e2

SHA1
0ca4f4eefe800f67cc1a5a3d4b116fe71f86adbc

SHA256
9760085f753140c9a3a54d3ccc7e3f942656096473f56715a72298d271c40cb9

SHA512
03ced113d4dddfa5ebd89733c29e582179b0551d0afec5659e08b3e6af5db63c3a0f0e06594d08d66db332bed138c740c1b4755c569da735ad8444a81ffefaef

Download Submit