b50fa4684a9fd41d51cf4bdd0163a290bb3f7f569862f4aa4a2b2f58ed678c22

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64320cbac5ee78a1da6a373198972e0b_JaffaCakes118.html
Size

35KB
MD5

64320cbac5ee78a1da6a373198972e0b
SHA1

871308d8bbedc3b406bbf1a9a2abbd5807f39028
SHA256

b50fa4684a9fd41d51cf4bdd0163a290bb3f7f569862f4aa4a2b2f58ed678c22
SHA512

8284af9fdeb0691b2e5ac8d0448da6046f1904fdf916adef193bf7c43ca217fb091dd5d760ac7c3d40dc62fdc735fe1081109ef11704d4260e4bec13ad45236d
SSDEEP

384:SA7KBNGBg6pevuP9JbL5EDLGFXW2QZhUVas1jPf7FfPCSPL/+LeyVfSI9I+HtnNc:SAgNkg6pev4LgkBas1jLR7rSm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
4752	msedge.exe
4752	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 1120	4752	msedge.exe	84
PID 4752 wrote to memory of 1120	4752	msedge.exe	84
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 1708	4752	msedge.exe	85
PID 4752 wrote to memory of 3588	4752	msedge.exe	86
PID 4752 wrote to memory of 3588	4752	msedge.exe	86
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87
PID 4752 wrote to memory of 3748	4752	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64320cbac5ee78a1da6a373198972e0b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde1be46f8,0x7ffde1be4708,0x7ffde1be4718
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15701536912299813788,3193382419173410173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5545081daa9c9dabab04456e206b9bda

SHA1
5c3ae3f4f6396386b442e68dc5a66a5deb097757

SHA256
94100c23e88cb1d7f0997518978f578429c4e290072ac45a2195f0b887b532e1

SHA512
19c8abcfd7320f93c47b6ac672d91d4ca783ea2a87cd4083dbcb14c480873fea6a6fa74b668ac0f9f53b61cdb7bb22011fcad57a7b1f0e0b5094db58d750e802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0789b61d89deb2b125f9be849e1cd2b5

SHA1
4af2e2bb39569fe57f17e8caca3c830c9fb6cb1f

SHA256
03c9c640f7861a4eb9bf6736d22b07109f17374c90b72fd9ece969f15c85b7e7

SHA512
842ba76c5d9b18488fee932df2045a59a0228f5137ddcfd50c2d9743a7dd0afbeffd75ba2aaeff9233fd29a5c2b9fd64e9733886cdab9e3e12ee26282f5426f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
11bacc62d60fd6da8df34d36996a964f

SHA1
43afb33ee2df7d200d3f2056576f0979ff1e55d0

SHA256
dc5f71972243cb51b329bd1b239046bb394ff13f0bc90b750ebc214242dcce68

SHA512
ab5d4715d6e744628bfce9b16b6d9b52eef3cdf70aac7e74cbb7b51277ad946642d92501f1799aaf9642d4d9717ac0ddfa7127a07da6fd91e45075e0a2b02a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
430bafdeea504080883108798bad57a4

SHA1
bd5b9e2b8042dcf64cfbac17d29ae792e07fa311

SHA256
7d8507de8683b066685e588daeb7a4424768561ba3bcc846ce966a57775eb8a0

SHA512
ff7b7340ab0a2803ac9cf659601bacab0c402f3251c53053edd60245e2625160b631ad34eb1e9a7e3964c016e5c8d7a0451f4083574562d3040e048d06844fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
262bc7730edcc0d54e79bdf55012bba3

SHA1
287443f6545a8df80226fd43284c26d408400300

SHA256
bb211b57fdb13ffca1b177184d62ffe1669b5f0627d3cdf4c6d10c5c2c3697a8

SHA512
5ae19bde405fefe704f1dbbd91dcca115f8fd7da1fa92f7f5bd5393caebf1b9f5791892b3d24c4852bcfc7762fd13a54ddcf7080fcb8fc5204d093a9aa2a1994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d363888526b9e6659bdf2d785e0df5ce

SHA1
0ecaccab7fd1f115bc910895763238d2c006a7a9

SHA256
bc5abf0ac9c078e62736d76916a4a5b3db213cf0c2656d408e5d49e563681da5

SHA512
803d6078ed8e0fac155712f7d8c6c8dc293a62d3e983eb96dedccf0cc6cb321008a6d3912d7081dc0b32ca0f8decf0d10dd82a3d2802b412842776bdb717151a

Download Submit