794f372d261c92df1a1f0ab32119961993086d6fa6dd29c57b52c52bcf47c7b0

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1229b010e67c524484f22a2a08c1f0be_JaffaCakes118.html
Size

39KB
MD5

1229b010e67c524484f22a2a08c1f0be
SHA1

6b77552aef905d76230c387795c11c542d325968
SHA256

794f372d261c92df1a1f0ab32119961993086d6fa6dd29c57b52c52bcf47c7b0
SHA512

9b97b0bc6ee2d71576dbaca194c09f151842f74d1fcd81cce8dc64f7087b8970e7612af745fb16cbce6ae7155e696e573eb98df2df33aa1c8618da66d91a4859
SSDEEP

768:EliBmvWHz/QzO/XIOG60klMcUL1jCgt/2XSTXuDG2zV:EliBmvSzIzOvKxklMJL1juXSTXuDG2zV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
4716	msedge.exe
4716	msedge.exe
2288	identity_helper.exe
2288	identity_helper.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4416	4716	msedge.exe	82
PID 4716 wrote to memory of 4416	4716	msedge.exe	82
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 2788	4716	msedge.exe	83
PID 4716 wrote to memory of 3128	4716	msedge.exe	84
PID 4716 wrote to memory of 3128	4716	msedge.exe	84
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85
PID 4716 wrote to memory of 1648	4716	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1229b010e67c524484f22a2a08c1f0be_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e3a546f8,0x7ff8e3a54708,0x7ff8e3a54718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2481911949854721323,18135175652069851181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4c78313029c062dd7a8f7985b3c5973

SHA1
92839be9a4e56cc5efb1e1f756c9ed0b0beef2e6

SHA256
13bc197578f93e8d36f5366dc07879369f5801ad0ec055580275606d0d5176f5

SHA512
fa6028f8b8234ae6df25a1cb02562528b55e5bc85481efe1110a09e6a9f77c5770caf08585a28172cc9d61a384bd982917bf4435abbc6feb1871a728a822ab9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d79d49de2e4b3cff12234d38c3016edd

SHA1
c811ba0dc4048a6ff72d5a99a3bf960bd86430ce

SHA256
4db0c91022f4127952473fb53278a4eb115b65c629a581666b7da08a4de2e029

SHA512
3342ab5aa260802fe7a475f3a8d4bca907ea8ff9995e30e7fab64306fe7ca22713fa0cc6f53c1f6888b03a18bdc6edb364bb91edd2f6673391a8738f6990150c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
010e01194147890c0f6ca6d7133e8a56

SHA1
b86b71b908955119018fafd16ad8835fb17802f1

SHA256
7f5217d9b8e72ed1924b2f961c04cd6ba519276d12bf0dc59bc89d292b9e5881

SHA512
80c1a04234928ca2556a1c36ace99c9fbf1c2e008296d4d606ab818113429dfd06df3cdd1a2bfccbe6e21c2a5267e83df0909653e06088b9f85260a049046942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b6cd651302b60c4ad1f5e44caaff9a9

SHA1
f842cdb34feeeb8f31ccebc909152f17585aaf2c

SHA256
20b51a11c2a598415631cf8376db3196a85874e2bfcb1b40ebdc0938725610fd

SHA512
ef049304278ef90a20175d82b7f1820b0d3925c4e1755c8364d2b36af5466fcb487d70960ef0b1ecf5eb4ebbf9febfe5d80575653ef45ef66c8f805491f447f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5e537620bd619bddfcae0b1134aa7dc

SHA1
f0af50b1a50e8fef69a4cc7c0d2680af1b7bc6fe

SHA256
483551e86db3e78d09b6d8e09bf35ba9abd153f01711b31d951f84d0973e9974

SHA512
38932c907e858a4b214f471f566bd0bb8e1035eb452b55afe850af0d4b6d14fcd0118e540a473f6dbcc697c01b81de6dc00054a14b76ed4e62ed16c489a29236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
46cb423a485ad9428b412db9d12f76bf

SHA1
d0d65af0d8a0cfdf81bed01bb1d15069303d88c3

SHA256
7388e9169cdd2e97970e6ac09a23ec64c348e97c1c19df732ffdd5deef1463dd

SHA512
bc016f9e17d64fa60c18eaee37ee4d19de001d637acdbdf149ab989a946d5c5e7460ed438605185dce4b7d673b86ed30d8df17d4f57f29454fa4acdb86dcd292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5840bd.TMP

Filesize
204B

MD5
65c2e466c74cba19a1f535a5c8da0e4b

SHA1
dce902921d2dea9b58e9a934ae06f25461b336af

SHA256
0973c0524ad83010c85b2dba9887bc2c664033e68efd1687e0a6d22ae8ba361f

SHA512
1c95295a44ed8851df7a89735aa9568a874ee470f5a4c666f1bfb8ae6ecb1037412a44641e677f5930ec409f776c226a9d498831a15a0455d56720b3dc97a0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
46856e57d448446f43c137d5c27281b5

SHA1
699c998453573964c696f55b5fa99ec6fb5bc444

SHA256
783a60308b4c494553b6ba3eb21378bd1d25a864090d5cc12baa3b0105172341

SHA512
f470cda5419361a0b69ed1d3cf006254cb0c1364c60166fdd6fce19a7f56339ac7ecc44bf533dcd0c1675b7fa6661589135cc8cb02edea72f6e71a67253639bc

Download Submit