af65ed189997f55832cdf4dfc9d59c0f40b90930542263d0b1d9b8b949210b61

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94af982fdd2673b36f6bbfab14c3beb4_JaffaCakes118.html
Size

231KB
MD5

94af982fdd2673b36f6bbfab14c3beb4
SHA1

c211bf87dfbc7fd4428f7d4f4d36e263e88bcf82
SHA256

af65ed189997f55832cdf4dfc9d59c0f40b90930542263d0b1d9b8b949210b61
SHA512

2194ec0b4f513fbb7502a43d1364afd0dfe1736f0f957bd4ccb6bc88a997afb7b4c818c8cef182a49251df41a763597b9640fd4a566c259d57cf6b49d5191f72
SSDEEP

6144:n+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcHrF94KQJ:+RELVzhXkAN8VZQLfh5JBpknvjXGXgcW

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
1120	msedge.exe
1120	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 1184	1120	msedge.exe	83
PID 1120 wrote to memory of 1184	1120	msedge.exe	83
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 724	1120	msedge.exe	84
PID 1120 wrote to memory of 5024	1120	msedge.exe	85
PID 1120 wrote to memory of 5024	1120	msedge.exe	85
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86
PID 1120 wrote to memory of 4932	1120	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\94af982fdd2673b36f6bbfab14c3beb4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff99bb046f8,0x7ff99bb04708,0x7ff99bb04718
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11441160568701224583,5418023187413812411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e0003ec1505d9ab2342589029a619d53

SHA1
c877d34fac30180bea28335693e06bf44dbe762f

SHA256
3c77630154d5ec2d4b4b84eef1fdf5373150a15167627cea5adc58bc7b1817c0

SHA512
17563ffaf7f5955585482cc797afc8c8b0edc77a67d176137cf1a9405201b61043890e7bacfb0f3e6b3a996b27eb0326857ec71f26d0bc57f7ac9e65c7783bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
da91c0bb8bdef1113ee5c5b6941c4be5

SHA1
ef5568228021e80de78be37663287a8b73c75e94

SHA256
befc62cde8efe18ed979e6be2748b87e0c24eb4b5e335d09e7f657c30d53d1ac

SHA512
d56fe4015178bba6c9e287084fe375fc9f63c93fb5780f499a0677a7ed87ac9352623028f60bb15348ccb30d942e61b7d99da809051740814eeaac80cdc24ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
1f6e17848b7746d9c53d6226f4b2e255

SHA1
05364395e4d74320c88672777f96e0fc6eb258dc

SHA256
26c92d97c5d3aff081bfa187d6a79c1d275babd7f6223d4a6b31dc139251c4d6

SHA512
9a5ad528075042c87c9caff618ba2b34d51579729711437e5fae5814af505e82a16edddee71cf6dc6e528e7ad6dbff1de3841f4ee57bbe2bcc9bef04bfd8b76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f202aa464bedc387033571d773eec666

SHA1
75f8c0f279c7b37ce207fe9802be2c354efb43fd

SHA256
c15dff138fcbbc7b19169518ca6d7763d3a55088e692b42ca90ddcfd6a0edf12

SHA512
77b814f839595c898fc7ad088303debbd1533f963ca012de9dfd9dbc8d7ffa088324a35e307c465a669f2345cc7d966ee1b734dc47ec827610f2ce7a60fbcc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0262142af814bdbb3d2c8e9f9b0e90fd

SHA1
5f30d35dc36e5302eff968beeebf047f70eba2bd

SHA256
b86fcfa8bb3faea963e0e5daa7c72b6312d8a7831cc7ae5e9df92b1390663c21

SHA512
4a39d58a45d2395e7f251e3c9005e52a561a36889c238929cbf8938ab5c27442047ef8210afcf00c031f882df8d8a9a13ec175a6f00a45464c9df46688fc16f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3aae21d3874c8ba5bb516ec69336490

SHA1
56df206464a7daeb3a5ebeed98eccd2ed1a347b8

SHA256
7fa9e5f3f62fde2e60344a1dbfbb65582492143b121d6897bbd5bab0f0faecb9

SHA512
9f4d50e41024496f02e449c51e9eccfead288168e48993f59dceb552f89be09b553fd548ec525394021a2dc0124440ddbc249a305a16021932a8e02a4665d668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2e977f2b3092c42ccacea775b816ece

SHA1
4f5427246c6e50a7da0f47a06e8e5c18438e51fc

SHA256
5eae38228e4a3b55d7c5935214725e4418c7ca788a999044e27a5428b92131a2

SHA512
55d6ad3062663512b45f8a1927554c6a7803caa3a5f40fca8cd360e1af3452f0beb819e8099e35f4019690fc49f50fc24c5acb364ece609df8e8da65e37241bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
18d2548aa394631d1ccccafe016ffa3b

SHA1
bfb26d1efbbc1b9ae668bab883134f12f242ad6d

SHA256
25f4646ad1b1b85cb5862104f4ffae0f68ddff59aea0b96e19e610ffb97526d4

SHA512
16b87c8cbb46cfe284fddc8ed77b9674de7a391645d96838417d41af9ca7b0e0e08dee61762ee1605ed891a99bf83ad5fd865e34563da7dadb36d2edc36b8a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
63f385681ebf8acf0f62cb74ac518677

SHA1
f6b6d847bc2b8b4f943baa6d6cfa4179db8d5ffa

SHA256
e6a476c374ba9eb9bbb8a4a38ba647da8f247cbc3e4ee8b87103fefa1a91a288

SHA512
c048d76de3be09654fb74ffd5509856f21c43e84684430f566d4baea0655f8be8eb2bac7af3e604cfec15f501c2bd8e7c716cea63d86c2b8524e10b740cc9910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5869d1.TMP

Filesize
203B

MD5
c4467e328916126a200dc00d0ed96fb5

SHA1
cca4219712e1e87589a66ab6131c663b89fdf3c1

SHA256
c73bf0aca1b0465f9f5ad6d23319e1ab6072f6c299d79d4fcc496bdf0b6c78fd

SHA512
c7a0f439fb40618217679ad9bcb02a2151fb0d9325b5baa9072ff97980537403b51183010489a7e175ca51905f6279a8913edd213dd42dec657894ce2e865cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ce28224cb0201f83d5a07c1769ff5da8

SHA1
c6aa55afe663a4a2869d7cbceae263b5f445b9e2

SHA256
162b9a6675fefa463c082f9550a24066331c7943638c47dd9f2565d6241bda4f

SHA512
5ba144e06ad8cadc8129127628ef5bd1bf3767a8774332473e3a4efb578bfa18d2e082e933abbe0c2b4bf961e2156f225b03246e26467c81e90a4b6d4d0592ca

Download Submit