113e37a26b119df354c5d5cf48762e093671fcec3839ee7bee87c6d8cdddd76c

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d0880e06c3d24c60a6dd8727d9ec6bb_JaffaCakes118.html
Size

45KB
MD5

2d0880e06c3d24c60a6dd8727d9ec6bb
SHA1

4134532e0595446f3bcae4455e34a4fd886b78a8
SHA256

113e37a26b119df354c5d5cf48762e093671fcec3839ee7bee87c6d8cdddd76c
SHA512

82cb94dd5c051761dd19957bd74259031180d57c6e3b09e3e2000aa8bfa3bfe68d4c7ca364e299e7efdbd874c06615998b3958fd1a2eec130cc90b37665e3e51
SSDEEP

384:v+L+C+S+DjONGbSsSn/fG/85/E1/rYo/Xa/a9U/b0j+3nsh3+05tdgkYm3eaG7qp:W6NdQW4isoSjY+wj57gfW2qlluW7D

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
2408	msedge.exe
2408	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1812	2408	msedge.exe	85
PID 2408 wrote to memory of 1812	2408	msedge.exe	85
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 3764	2408	msedge.exe	86
PID 2408 wrote to memory of 4020	2408	msedge.exe	87
PID 2408 wrote to memory of 4020	2408	msedge.exe	87
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88
PID 2408 wrote to memory of 4260	2408	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d0880e06c3d24c60a6dd8727d9ec6bb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc5c646f8,0x7ffcc5c64708,0x7ffcc5c64718
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13285993353421602003,9401772429599134184,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58d5c6f7-45a7-4c7c-9930-66f919abca61.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
a0deb905312e25008a72e5ee95fc44a9

SHA1
f3364d2b638f4f6f569c7cfbfc5063a436a1d8f0

SHA256
a48e35d8543eab6a4857c9cf7d6076fc1c8e6f455d34de3ee032c33ec2757a58

SHA512
75a635c3594b812ff3c9514caa5c9d73bc470e61489119a1ca1ab0bb568e6eea4b94fd9835e522231d4a615d3ac49c3b3bccab8147f039c5f74ac78e90adebd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1360a8defe60cb5045abb44f4d28ef9f

SHA1
639cf6d7eecf912a6d5923e006240f37ecd501c6

SHA256
2806c0515e960b9119d5d41e2b4395162510ad19ea35a889dd76e5a64bac8074

SHA512
6f19a2b086b0e145cc4ed98eb8e938d783958def51a65d9cbad5cfcaf7b3e5f4f032827ad0cae2b9e8d78824c8d8467a7f9086f9f601b1f4190d28a0daa48bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f9a4859dab2e6d63edbb1acb5b32add

SHA1
e9d531475c85693f158fd948c54651aec402b090

SHA256
3c37d3e3287303764d20904a0594395f2857648780fba4be20979a7074f1b990

SHA512
cc5df1a7b606cd29b9852bd6aa39d219dd29d51ff3698febb710d30654026e387504ab7abbee16972d69761777eccebb22908dbd7bc4f271befed845378c6166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0af38d5c792f5bcfef72033455f1bd4

SHA1
b3119c71df6cee5eb071919ace739da1300af393

SHA256
44ce620ef56eeaba9b7deebfcdbc9a12aff16186afb104896e8f9b74d7701e31

SHA512
b4f2bf3f088f4b991e1c8118ba056b1bbde9c74746db1e60eb6ff32812b2a89ab7968ecaa46bb42828193dd72f025199c0cedbb454129fab88118f0213737502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e40e45d35c0e960f8acbf47369a2354b

SHA1
7f37896fa6edc38c2b43b0d32a11033d18f5effc

SHA256
edba989f98fe5df5c49998c81ae04d1aaddf53a06eac5ab2a5ad5168fd53d634

SHA512
f6ee10c73d1a59dcacd94782dadf5430e17aaaf8628426f078846c7d76e5ade7c62b45a6fdfe59f492eacd96f0744f4387d6bf74b1879e01ec849b826ee859e4

Download Submit