a682f9257af43b4e8dedfec4bfb69d954ebcc91c5ae399339412936ae08e9a83

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d8cde3c16dc2c6a6f3f3b66ee513056_JaffaCakes118.html
Size

57KB
MD5

2d8cde3c16dc2c6a6f3f3b66ee513056
SHA1

d47307f7586e37e902249512f6e74f628307a3d7
SHA256

a682f9257af43b4e8dedfec4bfb69d954ebcc91c5ae399339412936ae08e9a83
SHA512

e3f28a999bc3fa5939cc1533d87d479472ee1c0d21be35f815f7736c1cfe05e3986c1d76ba2b9f57dc26870299d7a13975fe335de572a17a0a06712b020090db
SSDEEP

1536:ijEQvK8OPHdsA1o2vgyHJv0owbd6zKD6CDK2RVroxjwpDK2RVy:ijnOPHdsR2vgyHJutDK2RVroxjwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
1260	msedge.exe
1260	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe
1856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 2632	1260	msedge.exe	83
PID 1260 wrote to memory of 2632	1260	msedge.exe	83
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3944	1260	msedge.exe	84
PID 1260 wrote to memory of 3272	1260	msedge.exe	85
PID 1260 wrote to memory of 3272	1260	msedge.exe	85
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86
PID 1260 wrote to memory of 4596	1260	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d8cde3c16dc2c6a6f3f3b66ee513056_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb7d46f8,0x7ffcdb7d4708,0x7ffcdb7d4718
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,8441336596449507099,18125374059283513403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
930d298edde3ac22b81970ad52d2524a

SHA1
3ec4d44c747b98a84a3fdbfe094b3ea963a95c19

SHA256
20fdda513f40f47047c271023110514b65ecee41a978cea916c2e63250ed1fdc

SHA512
f80b84763741ab26aceffceda24ff1eb7fb77c1a048669e3debed809f0b3079e5b4546382c81addaed4dc5152174dea8007d8c34253b4949adcb764f01d86442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5be32d536ae1bf294641501b2f0a343

SHA1
c196e71ebe2baa24167db8545ddbbfb79442c058

SHA256
8507501464b2b7292bcb75ada8d7d59964fd94c5b7143937738c9a0f4d1df357

SHA512
7ad4d69ab089a412f42370ebbe11ac223339a3302c6942c0c1251304b4d760f97de131c49694cda52d63b26f4f41a58ca54698dee455e8c246cee61967748022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
130e5035a36b64ca06263065c4d4e286

SHA1
24152294cd3ad61bbc7c5c86bef3b411fd069caf

SHA256
e7d00f2dd7b446515a20670c930f41085e4d0ad8833ba8d96f713ca855e925aa

SHA512
bd89279e1bf1e7f08ef064fe87efe7ffe5a460aff77e1eb0941dd8a8e91115dad4f21d52149ea2b6cdfd2446313d3cf579d7b4e1c35954c9acca26c92c19df92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9aad62b5b6987d89f66eecdeb4fdc77f

SHA1
2ba35070b23f2c60f4e41b3545f4fc7e4446d30e

SHA256
f0b55f91457d004b03185ffac1994fd7707ece3b3565eaf63059a58aa6b602c3

SHA512
102f19aeb8711d1652768876ba32d46c27e1bc5fe42e3397e3c0a7e3e5b61e862284c2934a4220022b96197845f25ba0c61768e5cb12d382579c3b9fefd622a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7bc4c09acb2b98462592da2981daa695

SHA1
2a02c4ee0107e865d59960f8773bd8dfcf210017

SHA256
ef162d1163eacc03f21c56f35388269b7fa36bf4e78ca0db915cea13d9c6c698

SHA512
085b3336ac37796989cf7c7a87d9acdc0b75859dec843a5589553b578e847bd574bffe45be0e307d5bd124885f1e472978a6c4665386b70ee97cd2cfe9be5242

Download Submit