hxxps://my-govau-info[.]cc

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2023, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://my-govau-info.cc

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3788	msedge.exe
3788	msedge.exe
2432	identity_helper.exe
2432	identity_helper.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 4676	3788	msedge.exe	32
PID 3788 wrote to memory of 4676	3788	msedge.exe	32
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 4936	3788	msedge.exe	84
PID 3788 wrote to memory of 3576	3788	msedge.exe	85
PID 3788 wrote to memory of 3576	3788	msedge.exe	85
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86
PID 3788 wrote to memory of 1888	3788	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://my-govau-info.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde70a46f8,0x7ffde70a4708,0x7ffde70a4718
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,8602668591363140406,14506548002394743925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
890585f0e978711e84e103f4e737e1b8

SHA1
12b9a7b4a1a016c8a0d4458f389135ed23574e27

SHA256
c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092

SHA512
246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f1306bb80503cf07e110283cd8a397b8

SHA1
3178c773976823f78553f38ce2fd0ee6f73cb25e

SHA256
337b3273fdd670326585c76ca5f2bd67507c38e978c67fe4b85f71c4383e93cc

SHA512
c12d4d9d91dd2b8723bdee26d9bfb257dd3629ef51c448845da972c69a5c988aef7c23668863d3c6f08a67aa40cbffaed2e53c05d4633b930047280aa4b9a48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
63a04645ff7319588df9dcc7acda9f4e

SHA1
50aab7f527c0087cb6ecfa61ff148e8224b251eb

SHA256
e04720388a68d8c296540b1adda599854128f0d83de7c7a329d04af8a2946fca

SHA512
13c3b647211936de1b4b523f5ec9bbf967e3932ce34fa38c7f96b0a45001460aa2b40bcd6e7e9a41d9e3e1e4ded424fccec9b4944bf1305754e8bf806d7598b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f08be7ecb45489315b3f32b94b53431d

SHA1
a081f756320bfffb7a56b8e71d89fc29d9562e86

SHA256
036e7e929df247fa0579b9b5866e0211773ef95dcfca72f44cac884ea5723b34

SHA512
0341460ab47410034d81a4f3f501847fc15972c8dbca259e3ad21c71b64a450318b154f96b4d73bf13a3a75fd047f9606c7c60927daa3799d2096ccf01b5cc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39b662466a0e5c56ad346681332d54bd

SHA1
8751e05ee1ca9efe26268256dd1cb1880b7ce96d

SHA256
483b11b47d65e5b1fad1ee88e17325df944d1c5431ea4fb831c08a2cefda6eb7

SHA512
3bc74ab627fec63434c959fcab9f6b463e99d4da6bb7a75816c4efc84f6754fccb88ea70d2652ebc1a798f57453754b696bcf87ce2a0367031a901d63af19e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee129658fae3d7eb5ba88e24a3a24a4b

SHA1
c4833985cf8c7363e3c869c93a209f0966c1031f

SHA256
bbe23c08b8632d1ceed642a711e884e747a3ccf8b43eccfd23bd656af9ebf0df

SHA512
bebbb1102491e0ad2a400cd86825e7277ff1d750e4d47c8fb82c880d08a5d3e2f392fab24a1117bc2debd4aae6906367d091128b408a8faa5326cfac64167f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a553ed37741112dae933596a86226276

SHA1
74ab5b15036f657a40a159863fa901421e36d4fa

SHA256
ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87

SHA512
25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
23f4cf30b0fe352a99ea94cf7114158c

SHA1
d5a37df0a9744ebe4efa0427343511e8f695f26c

SHA256
16a4def6c5669967c4ee57d6fd91fe686ec8e851444a054e85759b61449b846c

SHA512
6e9e2227748eff20823e119042faee79656663311f2cb361d7aa92ffda1ff73dc5450b3118058e3f8210510bfb160326ea9a9e73e187b3229ad7dc197f43f219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1df1527f2cd003ff021761029dfe80f

SHA1
366a1b1a132994452d180f58e1abc2a821e2d184

SHA256
eb62515a3110cd3c3b78979cd5707a85a634c20078746f927b1e10c7ab2709fd

SHA512
633e7cc885653ae3d28eb8c81a9e59939e52295a7a9d6be7a55571a16f3b477c5436c1413dbc6581d0178ebcd9fbe89803e902dad681f5d3773eb634eca70e64

Download Submit