a462669568585f7805c284fe2cb86d70513df3eca907b25360444d73942d1a79

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7321044711829c6a3b428969467ff4_JaffaCakes118.html
Size

57KB
MD5

0b7321044711829c6a3b428969467ff4
SHA1

448d04c96e5a57163387e23883858a36182e4bb1
SHA256

a462669568585f7805c284fe2cb86d70513df3eca907b25360444d73942d1a79
SHA512

ea7ccbe9f84c05620933bb4628b82c5df55dbb560d0f9aa97479d5c2f0110172658d0995faf5d20cc1bfad897265bf23da8f469fbb2421e7ffedb5d0a1c33029
SSDEEP

1536:gQZBCCOds0IxCnS8qOfyDpSNYi2IHos9o5Zm57EdYczi24/niW/adY5N9aNqLFVh:gk2e0IxaqOfyDpSNYi2IHos9o5Zm57EA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5032	msedge.exe
5032	msedge.exe
2660	msedge.exe
2660	msedge.exe
660	identity_helper.exe
660	identity_helper.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 4024	2660	msedge.exe	82
PID 2660 wrote to memory of 4024	2660	msedge.exe	82
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5024	2660	msedge.exe	83
PID 2660 wrote to memory of 5032	2660	msedge.exe	84
PID 2660 wrote to memory of 5032	2660	msedge.exe	84
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85
PID 2660 wrote to memory of 2200	2660	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0b7321044711829c6a3b428969467ff4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61a646f8,0x7ffb61a64708,0x7ffb61a64718
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9416824118315326265,12686449918269420682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
44ddfa9abd67f581ee057ea29a391397

SHA1
3908bd2b6c6db5e333ecf51eabd281c93b0d9528

SHA256
b0cfb896945be14276750dfb070272f9106c6903fba9d7a121701c73f49ee546

SHA512
378d24a3150187161ac4c8364f75e955b82ba10e84db54a023b0b4da44bd9388be03aa83ae18d7134917f037ac74ae44387dd05130c9deab3bd27112af4defb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3aaa577fee2686cc0c54f54b1dbe8c6b

SHA1
8ddeb9486b34adff4c8b3162baaefcc5c03f6137

SHA256
822ec7f4018b78210d806354b3c921a32fcd4d1f13f7e758a39df43743e39bb9

SHA512
02ece243032175c4a79c0af0e5d5eb841c35992c863c43ba58264f840b1eb2f3f593e643bdc8789d7cfad58970e643462213d5f675256626fe9a01a807b392b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
efc62a02aa071d7284a735fbd459fb45

SHA1
9b8f34fe8bdd968a179fadd8c0375cded518358b

SHA256
a01f5833ca11f6d6b0e2280cc9b66b28eec1e24e42ff154f8405b73819a380cb

SHA512
ca4b963f35d8fdda5c276b84972a9bab7dffb8bec20694a59f647b01a97328b7463db7bd414973d4114476fb33b83aa0c814006c9291981d41db95480c30b0ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
971692ad1dda060944965cda1ed3a3a8

SHA1
9947f22900007f9558fe0dc22be30f789d18a22d

SHA256
254174027cb18694654317b22ab80d2ee477bc0cc1bcaedc4c811f27b0f5e240

SHA512
d922cfb2ff87427524cb1715264b813c628fba1629e88d3b72c9018987b9c406eb4bb611b478cb832de35b1b76e669c897b7212eb10d84c82b3b3b3fe7f2e210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
efdc5a2a3b8fee228c8ef920c7af999a

SHA1
e1f699b1779a73db25a7b8298f4e36774e2acf4b

SHA256
f1381d49ec53c4c32ba0e5d105252e75bedb0ec1d778f61370c2c4ec4ea3d8bd

SHA512
31b7ab3b74c54762a32174ce3b54e425174e63e84ac065c6c766481f4d10297991ba00e34dac5710de9285240b9a531977ca47eebc5a4bb1bae4717d8155f501

Download Submit