6183fb48c98c87fba6dfc952dd7212bbc755babb2c2f1a635e8756475e1af848

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 17:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4128bc4507aed3611e48dbf152f450ca_JaffaCakes118.html
Size

57KB
MD5

4128bc4507aed3611e48dbf152f450ca
SHA1

78042ff118ecba3eeadad31b4a4232574a0d12b9
SHA256

6183fb48c98c87fba6dfc952dd7212bbc755babb2c2f1a635e8756475e1af848
SHA512

d17617b05eba007a2b37648e78a509f09cea9de6f6c4d1a9870c3cacef67809c6d85c7bb833d4a8a3e64db433baa7b33dc76c2691ca34d44ca08d180d67ab3c0
SSDEEP

1536:gQZBCCOdW0IxCQLQ9xULfc5/E/NuLo5GV6cw8U21CaMoo9uiuVDs+r9WpNJLfRy3:gk2I0Ix49xULfc5/E/NuLo5GV6cw8U2l

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
5008	msedge.exe
5008	msedge.exe
2736	identity_helper.exe
2736	identity_helper.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 1200	5008	msedge.exe	85
PID 5008 wrote to memory of 1200	5008	msedge.exe	85
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 1100	5008	msedge.exe	86
PID 5008 wrote to memory of 2672	5008	msedge.exe	87
PID 5008 wrote to memory of 2672	5008	msedge.exe	87
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88
PID 5008 wrote to memory of 5028	5008	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4128bc4507aed3611e48dbf152f450ca_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc634746f8,0x7ffc63474708,0x7ffc63474718
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15044227227242031662,6889089282744228444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
3ecfb85730e5535b7b097c313d1f17a5

SHA1
9a5e94b713715304f1a63c3a1a00bcedbfedd813

SHA256
046e14cc20830b660cbea41a095944336f9b945732a46cc5fc123e1734f9bf0a

SHA512
283ed17df0ab74139b81f7b2aa28d0eb3985324f30e0489f92d6ef663fa1cafb0fbc9c263a44b424c3d255f87fd3616d44055fc4e3e898d394878821c00d38ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
045326cb6c3d4c62490c6c115ddeb7fe

SHA1
ab5eaceea0d72edf1431c581b18de0d9bb4e3e0f

SHA256
c7ddee8030a874654d54721f3db81a470189d82ce3d93f8d55aa7154e08beee4

SHA512
b904aab0f7a9a072e1abc4d713de8d595560ef880f278e39de7120c7a6cd375eff13a194a2876e37fa81f98172ef30c8bc7cf609533419f83e16b131f86d51e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7d6354bd397ba8f28b232bc1d61bb5c

SHA1
34b61c41e72c54f81948c1286a6c9dfa869ff096

SHA256
a9b37e3f1dfd2bc91c1d4ca6c27698376d8da0e3d418288886f12f2aeb6c1a33

SHA512
53bb2ca98278f184c1680a8d812a0dbdaf73b886604ef0f2927c5370167c6217df87d236b63f520d999ed3eead610dff88e1744ca6b54e6f16c74a0df532abdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffcf672db49ddb3ec1437e1dd1cd18dd

SHA1
d400a0d57e3a51cb2802a18f7a9be2f3d776ba23

SHA256
6244f1c0b4a49ec76cdc91aa668b5a0b7d38196c8abc1072b4c324887f6b5203

SHA512
d3d30c5a805c452ff2d6f61905f86fd61ee0ff580a3802523250a5e556e7180ecbb93e0e96606e6d7c728f2e5286f2dba2ebacdf36aeb9c5daca676807339dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a5a368f1e6c53ac3f38af9615cc0db19

SHA1
36921d9f03eee0f397c61b2cc7cfc90b6552435a

SHA256
db4b2b0f259b87e9cc466ad2e7b439d9dcac6f352b8f23acf081375b1f2aac64

SHA512
050f7defa872aa9e597448a16bc4880ded48cb6aa2668e4159a7d42f7a38352965dff564daaf31b0b5e2cae08c27099e49e3bf145426e49cc8121389e760c7a2

Download Submit