hxxp://badges[.]westernsydney[.]edu[.]au

Analysis

max time kernel
75s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://badges.westernsydney.edu.au

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
2716	msedge.exe
2716	msedge.exe
4360	identity_helper.exe
4360	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3404	4568	msedge.exe	82
PID 4568 wrote to memory of 3404	4568	msedge.exe	82
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 1816	4568	msedge.exe	83
PID 4568 wrote to memory of 2716	4568	msedge.exe	84
PID 4568 wrote to memory of 2716	4568	msedge.exe	84
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85
PID 4568 wrote to memory of 4960	4568	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://badges.westernsydney.edu.au
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa458746f8,0x7ffa45874708,0x7ffa45874718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2507220600560573834,6316743632131100576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

Filesize
1KB

MD5
285ec909c4ab0d2d57f5086b225799aa

SHA1
d89e3bd43d5d909b47a18977aa9d5ce36cee184c

SHA256
68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b

SHA512
4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

Filesize
250B

MD5
de96c0b8703b7c49655294d85c831f4a

SHA1
85b764af587f77f1b8b2b0b5a70a926e29adc21e

SHA256
6f2e165be1de69af457cc7bbdfa92d79d071573ca5b5acc780b6ae4014358be8

SHA512
3283ecbcaf5c18163347c753497cb76faec01e639bf1cd67b6e901e122b332558826c8ed1f22ab0d8f731b65e2281b0d76b6645877eec29052f8adda03a10b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2484b7a6ea42eb88b403f016fee7b8f2

SHA1
ea89aff24ecfd8cbb3ba26dc5b289737ec50346d

SHA256
598d69f1775aa4ada86bd972a9b2e6c43c3024c0cb2192312527eaeacc0628a3

SHA512
80db470be6b6ac711788ec6e2ff7ab74e8071d6180fcee01888dcc3fad591399ca39ad97b7548cb51e0c07319cc6a3ef34416a0052bbe0f07fa86589f8fca665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
058786afdc5e98be6fa43bbb012442c4

SHA1
c7085145aeceddc294f84fa840e1a539e58ced20

SHA256
30fd8a7a4050506174dae0e8c2abb744d578289acafe9c4f5aa5b1ac1ab7a9c3

SHA512
d38b4c095f8ded43cc7f7fbf1d00b75391e6d9f64511b976156de9986e02fb1d94a647580a4041eaf9e7f456f7a2beb865bea502b024e7a94e59cb59c8ac2195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0947af2b5a7ec9af71aa0bcb15cf0f4f

SHA1
24f5da0345d72d6852e2abddd24f141478462c04

SHA256
294aeac9a1edc24c7fc776ec49aae8802fee6406063f205650e8c5bfb206b775

SHA512
3c36927a532882a0215f507899b3f1bebf7c17b2df9e45024e140c945ea17fe315de28d7f4a96f12d91135a0bdf629804eaabcb727d134fe3f449fadf94a4447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f5317639a07c10d988eade61ceb949e8

SHA1
b30dca6cefd1f4b5b2a4d991b3c310ad75d8457f

SHA256
cbc394dd097257473a250ba51f2f0d4d41b3d6b84e64560611e12a669bb6369a

SHA512
122c37ecc0a269ec9b06005c3960b2d0c2ef8229ff6a1ad41b5039d0694285f7bcbda3a952a909e4b1c52a2cbd61920670131f62cffeda17af319d2d7b8290a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6bc2b6c74117a5bda64bfc703315a4c

SHA1
6539cdf7387b3a3f2920f60ff14d5724d36b00c4

SHA256
07b8772e99a6b0ad1814be2578c1222a2b83eab49a50427e0ac1dbc93a2c1f6d

SHA512
96c15a2e4436f25b2a11eca593ecaec431a36fc2d358e6ab6edb589da0be96f6dd77e955d6b19c208f26deff344685bb451b86ae4ef29ff58ab2e400d9e5a1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
627c98d226a1630e6ce68d1a331c38df

SHA1
7a792da859fd8482084b60105d548b5759d11f1f

SHA256
a090bcfba2a96b53ab3d158da040257921bfaa2819befcbed836bb91cf30940c

SHA512
2c7141deb78eb21c78c4a7cb479e9d389c3db25f7cc9ca46a239ac6fd977633636419700da11b85c31f17086035e0bb3d5965e8c5c7b8c162eb1bdad5a3fef9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fb831d54f9e8a7c02dce8efe6e224086

SHA1
04e61d9d125aaff19406c0ac3c2cf75f17c073ba

SHA256
07143b24e00a29981d0e9d05b40572b9360b1b59188495064ff69705c7cf37a9

SHA512
ab08347e298f2cc10a8e5c431386c982c3109b6a4f5aaaff696ebb6e52b861c69666dc840a074483b89a89f2ff8cd7f167d9353ad318c103b9d6039c57d42949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f7704415ec874296ec7652cbf4371d5

SHA1
d73200341af904d13787bef1bebbf50421fb0fe7

SHA256
b0d20d94504c057bd7d483aca3d3528934234419f0ef80046c6c30103a7fdfc3

SHA512
89dec2c08e670d919ebf101ae54a0db3f705b4b4bfd9de95fbf39c9ffbe4ed4aff0f53ff2aacbc1ec9d12b5c1b5ff274b3d2af72c79c105f6e34e761b9febfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d387.TMP

Filesize
1KB

MD5
a346ad5096a2979146e5f0cbd57485bc

SHA1
f5c5c2c657691f678f8275f4025325ccd5c1f66c

SHA256
3375a4979299fe7b2b25a8d0f530b4070ddc650f5edc22c45ea2a0810c0b4876

SHA512
30262b0c3a6f4741dd95b0801ca20f7d94f90479664bcd7ab682152162c9a6e0bb573813feb38f7e46523cf2c96df84e8b439ac55c2845a5217d7fbc4a19678d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f1ba765a707de91ae772220a2a04111b

SHA1
863904b1086fe7df4a545818d34a20c21d339edb

SHA256
70e74589cc1674cd0d0864587ee629af47256c917f8d3c0be2c9f36f693ff67c

SHA512
2230002c514403423d397aaac8739a3654fab49682b9697c73f10f99e579a79fd4a020a864de6bb43626f7c21a378bd52b992ddaf83ba7ae61fa620476ff82ab

Download Submit