hxxp://abn-india2[.]com

Analysis

max time kernel
512s
max time network
633s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://abn-india2.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3692	msedge.exe
3692	msedge.exe
1668	identity_helper.exe
1668	identity_helper.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 2052	3692	msedge.exe	85
PID 3692 wrote to memory of 2052	3692	msedge.exe	85
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 2728	3692	msedge.exe	89
PID 3692 wrote to memory of 3916	3692	msedge.exe	88
PID 3692 wrote to memory of 3916	3692	msedge.exe	88
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87
PID 3692 wrote to memory of 3552	3692	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://abn-india2.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a40f46f8,0x7ff9a40f4708,0x7ff9a40f4718
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6087054941787963345,15103278775972246086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
323ebc0c8ee7a59111e027278852d750

SHA1
69a1d3fd2462c9d263da179691f99c1566e3169e

SHA256
77ad1171710fdbd3d81568120481aaf3f136bd0d4a41a31400c27d9b9e5d74d2

SHA512
6bef19cdae917bfe9cc6ee854f9ae6a9e5c5140b115637c5637cd6124278d5b3879bfb4e723c5c582a6350a84feacf0233acfb3f7e367c58beb93a7793334e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2f4afd50373674265bcd8608ce6177ee

SHA1
f441bf583b5173a4448a2de971b5dabb1b0f28d7

SHA256
43d52aedff9cde54290458accd6e8c7f2056e382cda2ff3d6180c28296bc1052

SHA512
547c4fd856fa53f4ac3a88bb2c771d57b38f37a0e22655abe4cb5f71a6e57550015fe97c985c4d848a8b0ab9c2d72eb5ae368986153bf1325efad3d262167fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4034c2dae4f7dc7ab6c31ef8265846d4

SHA1
38f5029959dee95ee078ed7ce09c6cef32fd33eb

SHA256
001ee692cf9df82063aff8b8482912ace2664cc0d9a33832c5c887820a0088a2

SHA512
1874754dc1b424203ccce8342c150b36ccbbbd01609c7d9683a53b97c1b41d0c33e35b53e5b95d41fd599ee3e04de33f49ef7a8e17eb1afb9c50fce657e5e355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd205180edda35e600258ba3d2089668

SHA1
73bf6a8d3b5c20377d7e4113ddc804a7dfd716ca

SHA256
a25cb4ac95ae9fc3dfd68ef96197131456815f6089ca9126d9879f9d6e816ee9

SHA512
2ee05b0deb299eb5cf1a801474ae5b6a5e8b96d9371fab8c0f240f868fbfca1f56f8de78fec5f9fb473b4fcc7c0e4c559955c14d900818cb3b52d2df5db105ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38a0cde5e9d591b725c6f9776d731fc0

SHA1
a7df2ac92bbb7ab8271b4b20ed7a80977c3e7524

SHA256
a30e64a131d53a1eb4f106a2bc0fb207d370790d04887ac36a73190d4fee14b0

SHA512
76ed9407384d81ff39acdf0432a46515329f3470006bdbdf9592bca070a45f97a8627e40952cffb759daf680b7b7fb40be648e68f88d427f46202c33309904d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
177ee91cf30ca49887f83c50fbba6ff7

SHA1
f25fa6ebb451883ec43df282f84c2d0c43c7130e

SHA256
35ec2e9947d26ccdd90e7217e519780470f04f8d6bc5b90d26cacda9850653cb

SHA512
6309afa0195cf1b34a9e7f9423e89c7c01d6092950d1b8197b62a0175d6097eb3bce7722ab7c9eaf0503bf9f868c96438f91a6cbe760b6dd7c7cc8ab11bec1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76f02c989e90f5aebeb7b42ec333da38

SHA1
38c8758c93e79b5b5c0251ef3581f4c62a3346be

SHA256
d4370609a6f2aff842f5c97e8ec5b9f3340510997cf68a8f7959f093d09f5afb

SHA512
be8c09c3c0660ae713bfb1f258f450404dcd21f627660771948e770c5f007f7db58737f6a28db6bd5edc221bd42ad4f510dad068086e0465c4f236461b05c73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fd20a99220b56b08e7c39e23c79cf1e1

SHA1
1dfd01858f54b4ea69c5fbf41502dfa59dee37a3

SHA256
d50ab8dee92d87335ed7233bd9fd7d5b6e5f497cbc2fe1eaccd8253072e72e44

SHA512
e3a45a21e898d5d65601a9d26a158ee07d951ec1df5cc62644e52eda907318839bfbd68786129452250ab085ecc6a958056faf7ec75e78dd7e915214880e2bf3

Download Submit