hxxps://apefest-tokenproofs[.]com/

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2023, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apefest-tokenproofs.com/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4272	msedge.exe
4272	msedge.exe
992	identity_helper.exe
992	identity_helper.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 3828	4272	msedge.exe	43
PID 4272 wrote to memory of 3828	4272	msedge.exe	43
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 1844	4272	msedge.exe	87
PID 4272 wrote to memory of 4976	4272	msedge.exe	86
PID 4272 wrote to memory of 4976	4272	msedge.exe	86
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89
PID 4272 wrote to memory of 1564	4272	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apefest-tokenproofs.com/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd54d46f8,0x7fffd54d4708,0x7fffd54d4718
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16805722552754039825,2838087082798932410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
002f48868a03c20b83fe88e8ac290926

SHA1
eefd194ea59d3b4593508412ccb4dbe6dbdb9cbb

SHA256
d80c50fc2745c8c6793538dbcfac532b25066374bea580e55a54d98ff531004e

SHA512
353ba4e3214d1e16e21af45eb9c5bce03a767cb53c2953ddf4258f90c97494518a0faf2ca8243d4bed9d753ec3529e9c5c7a81726469572d26b2b1dfa33572ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
42361ae7582fa37cd2ad3ad921573803

SHA1
97a1c75a359267409eacf3763971cd33a035b29b

SHA256
8f7acc076f509f8055608c55fd3a8951c1d16c31d04c3d0a81d57bd51e7f230f

SHA512
e381f2e563ad494e692778fbe504e7ca401fe3e73509cc392a5a8b51a19301f678896933a896e76eed7f6b847931e0cce73eb07801edd269e096dae5468aa724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3900e9cd24678585855858456c4e30c

SHA1
bd01cfb6a70d4f216b7d9e5a43aa4940f2b5a2c1

SHA256
792c8c6c22b291b28887fb1bb698838be7336f0b0ca2ae9402576e25675a4bec

SHA512
5565bde5d00457c4fa3d53eca16b205cbfdc013286625c48dccf918381ab1a5d0b9ad96af2854b9a7a8a9a63bdf45081330ee41a3d97dc93abdf044ee9a2f2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2546d14a4c4134cb1397f170e2b4a729

SHA1
501a76c4ea5a29213dd6fb8e85f182387be543f3

SHA256
6737e47738caf2652fc4a41e93c963d83f1cdfa239bf6a2085e7ef8461b876f1

SHA512
96f0eaf9e0c66a5b814cf26f79071ca2eba781df50a9bcd97922d0cdb6bd474f77680b0829a7240053a45356b551b6f0854ce6a7708ea8e76a21746c9117073b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3075a12a89e9dfe1ad0b22235b9657b2

SHA1
1adfaa96d9e851bc3c32c34c84c64fd9b27c4a4b

SHA256
3cc5ac23cf9160dd1358d65dc324fe7102e818e7fa509c5704bfd68bbabcb7b7

SHA512
de6ce42a8bdeb41757d2ee41ea44064119cb1f183da3f1adb3596f12b625b5d19fab738a3066e81ab272dbe14953f40d37b67804f852cebf76d36942959e5110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d01942b018cd4f74451c58475489368

SHA1
f93422dda6e4992f216eb25cce8b61ea413dc72c

SHA256
30f3fd322ccd32f593a52e4a30f070e75462aba12538962504373a812e97b829

SHA512
13bff0cc14bdee6b906f15928e51d09da02103a70bfe6d63abcd5c23117426e77456e679514517f22dbbaf2bbe90291fc49cb2d0542aa4d5369c9e7c62bddafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a6e914c2395bc7e8b1495b6c99c4646

SHA1
4b4cc2b37e8a1fd2c356b104025b1ec307479a45

SHA256
95be0d6de1d31848e50fe6a3b7fc667e9259c3ab73732bcb8fb753138c660b45

SHA512
368612d6d1f4af9977d7b5077d9c71595dcbfbaab41f94afc195d1f50570ebae646697cd05f2428a981ee198de6538395a4ab33beadf37112adb3f8cf940d857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf46c8d746f93684732dbdfe3758ddca

SHA1
d09014845d274b19a0ebaf9e61728f914f9166cc

SHA256
4e5686ac0d93025186abb74cd9206e29bada6f716b49252e3758ed43f4388b20

SHA512
5f36da26c2f10869e3a3c799d9a864d69d3d6389432f701599d7d428118a2da5bbd273858ebde54b06024c350c8a11a4ee4375a4a8609358756fcda837c243ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e53.TMP

Filesize
706B

MD5
94f32681ac00534c605d212451050eb1

SHA1
4ccae94ba5a4718be17f385642397835e01d23c8

SHA256
90e843c2c6398ca4c8f58a0c12aea7bdc417d8b99648ecd57f783f5a35bb7624

SHA512
6ef9ad7e9396b9f51218a204b740d7c47017a8813f982583618b6dadcba4fc58516ccd1aae49d7bd74f2a258ec03ab4a81f5a8ed62c6f19548a1283eaae1e7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
83d5629ac48db6ec6f1c785151c77809

SHA1
5a1e07768adad771376c90dcf71a286aaba6ff45

SHA256
38d414c0d31adb27577331887db9e01e5467da74d92fd919dfe7cb8853101d9a

SHA512
0fbc99460bca4101820ba75298eccb4906ea1973bd12ce4221bc1e58a0c9ecbfaa01bad1a8f38ffb4a75f4f2af7908bf549a7b3e5dae7980f65e6f7e411f968e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
065dae518223d453f26042d74d2c69dd

SHA1
d9f4f93519b45e1c9f1f917ab2e7e0be012056a1

SHA256
4bc3a4114ac6e24b7a8f15dce65709d4705b1391e28f03a51131abb03287f5b3

SHA512
13a749912b025fb410357b707bb9db7ef10af5ae5ad9910d47b0b422f1226e2368ec7b8ee0292f624d3c2a05de10b53af19de37908abcab4c201033e59571b68

Download Submit