hxxps://www[.]mediafire[.]com/file/pjc87iihck7d692/fif1_parte[.]rar/file

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
10/12/2023, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/pjc87iihck7d692/fif1_parte.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4424	msedge.exe
4424	msedge.exe
2208	msedge.exe
2208	msedge.exe
2180	identity_helper.exe
2180	identity_helper.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 4208	2208	msedge.exe	27
PID 2208 wrote to memory of 4208	2208	msedge.exe	27
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 3912	2208	msedge.exe	88
PID 2208 wrote to memory of 4424	2208	msedge.exe	87
PID 2208 wrote to memory of 4424	2208	msedge.exe	87
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89
PID 2208 wrote to memory of 1372	2208	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/pjc87iihck7d692/fif1_parte.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff634846f8,0x7fff63484708,0x7fff63484718
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15127185328752559292,4430235998554731791,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
890585f0e978711e84e103f4e737e1b8

SHA1
12b9a7b4a1a016c8a0d4458f389135ed23574e27

SHA256
c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092

SHA512
246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
9efe3bcaeda9ab87fb865c8f5eb3c006

SHA1
cc58813b84551b3fcddec112ff92f90c758ec3b8

SHA256
b24ebcd0274db40c3726bb11214c24694d5d1af524fef842987d95c9df97c589

SHA512
5b1a982f35ba014e787f5d0cb5559224cecb4274650ad27b594ae6a395935b8a4f944587770e8320124ba4b1ff040a9486a6b1e4e0d2070a35e6cceb72ebab7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
bf67aa3dfdd4a961b92046ba9edc2e1a

SHA1
d927ceeb9e7f974a9ba57d3553fef98e07ff1954

SHA256
c639454e69906642fd45fe908ccb69f68eadea11b1e461fcf9683d17ea615b19

SHA512
21c839797965ab2f657f2322b1a0df83b9e4ab9ad22a871ee76f299e8feeb13912d45bcc006542f0e1811804e0143aecad5764080ca0216baebe92b540f5f644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
276756cce7df55d3635cc1947408c5cb

SHA1
ac583f151a9adea0fae987396e6c8f89b9b72815

SHA256
a5deb469d6cbea7979d72ac0bc2052b2355d90cc85fefdbe3028dc4ca25e4718

SHA512
96b8fc693da5534aaaa67534849a259b3051c9818f0c82a028d49f06d7e9890c24ced8381cb725c31769a91345ab47dff957130c425c4bc971ee6d8fe4e818fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b32027a2296a09d1db814829661c7acc

SHA1
541682c8045bda36cfc3a6269aa92c7d2a911b58

SHA256
cfd11bf4dac770315286b38b0516eaecb8f9bf4d4fd52ff11187397086a2237d

SHA512
fed5498eb4d78e139a3a94bce03a4833affc5704b63887f65c54cfe1f9a6d203f129d23b2c5bd5ac0c1baf8c2871ebe43346af1863bf8dead0640c4286058e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b461498409710a28c4c99c82d7665617

SHA1
8e32d6786e994a5936988f201cf2b88564350a8b

SHA256
c75487d838abe6242125a604c5e1fc709e5fcd16d5bab6cff744af898a0299ec

SHA512
172abf08c345cbf5da13eedc3775da06564a425852a9228f0dbcfb44dbf66f5a863e4136cfdceb36383b943737816af85bdca39f353753c446c3e3d79da46d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a553ed37741112dae933596a86226276

SHA1
74ab5b15036f657a40a159863fa901421e36d4fa

SHA256
ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87

SHA512
25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
3c2b50bc2eb016fdd7d4346710729313

SHA1
372c1a61b461951b568e4ef43d8e54a334722780

SHA256
4d3a9fedfe6c23c96cd40c93fc481ed04c0339c3f0a351b5b201c9113f229c6b

SHA512
8186711b8e571bd27db64bdfdd56c6d97ed9ea267ba982e45da6f62afd3bf3583b15aecc8bde719abd714e442c2bc3899cc46121e316e2ab75d8b674f3ca2f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d37c.TMP

Filesize
705B

MD5
493487d0fb39b655b54267788b665dd3

SHA1
d52b9f7ed301c512337d468fb6fdcade00381b9c

SHA256
73a35244a43caf5ea99788661defa46f1ca77bf7ff179ea8b83b0b6c3ffa9a06

SHA512
bd3ef1773784973de64fd3fa531cd8fb44d2c658b293e78f9eda71fd96d7b4bf8a981171168119ffa998c0182a21485ad19f8a61a5aa4a1339ae26ec097f93e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
77d006078f072cffee052ba8a8f1ecb9

SHA1
cf8318dec2ac04616ccbd09c70e1aacf82e7ae92

SHA256
f32a68526ceb5c9734c64c8d6e2d445c47b95dade09970af8a8a73dd2b417524

SHA512
8c4a8228238d9657f807f1604c200f2132ba570e58ae3676ab19cd52d91d865c65b921010adc583ea2ef0a5341950faa471cb928a6887aa3368f4fc7e5332e60

Download Submit