hxxps://www[.]maguro-pro-shop[.]com/product/abu-garcia-fly-fishing-travel-combo-diplomat-fly

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.maguro-pro-shop.com/product/abu-garcia-fly-fishing-travel-combo-diplomat-fly

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
456	msedge.exe
456	msedge.exe
892	identity_helper.exe
892	identity_helper.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 3404	456	msedge.exe	85
PID 456 wrote to memory of 3404	456	msedge.exe	85
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 624	456	msedge.exe	87
PID 456 wrote to memory of 3664	456	msedge.exe	86
PID 456 wrote to memory of 3664	456	msedge.exe	86
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88
PID 456 wrote to memory of 3992	456	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.maguro-pro-shop.com/product/abu-garcia-fly-fishing-travel-combo-diplomat-fly
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1ad546f8,0x7fff1ad54708,0x7fff1ad54718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14946775983904299674,2121431782755705680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
192KB

MD5
5036f7c363373f5d9cc2b6519806feae

SHA1
3caf2148a2eb7c82f9aff0f3a2f4594ee70327bf

SHA256
715c5d3e3839c1b47c3008e8a89f929e60858ee379724a20775003c692e9fd6c

SHA512
4661cd6fb02dccc48a42fe127b1e88f7e794cd4eb1d8a5a8f5075f772dad63211efa349bab579c5bb81bfb2c4b1be201c6725a56f617f8913a2235e3565fe645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0fc8b20f851b89f642cead8559fad196

SHA1
c94679d8fdca24cef3ed8d4419ee8995afe9ce67

SHA256
3fd66cb0cc90b03474c14ee5321766e768afcb684fa052445218866f630ae0de

SHA512
3d50d448778d4882491f43d761f66dab4f758cb0987bd43a5c91be4119030acaee63f081be71d08313d9b2ad5e878d6f58240e7d2488a43649dea67ac036c781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f2c3372b38eb47a05015a80501f4d002

SHA1
c4d6fbdfd0919de9ad464ccce51ed6bcd226540a

SHA256
8be9e5596ab7307fccd9ddd1b94877d4f3e2962e75c9ace229c6cb3e8084cc74

SHA512
7d7c0c898f50de243936d37cd9729e68aeab9920b00807dc547c15dcdc4326915f42cfd2b8f1e35cca3000c5581d0a5cd21688c29b1a459584410d7c324615bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bbb3615220be764f7fae46d9d1fe5e1f

SHA1
19d1e3f5044f50b5a66dd2450b4cbe5fbfb12bc4

SHA256
07d93e897b9453ff04cadc42269b4a259e0d4df34b1d76359b6681c558a6d4d3

SHA512
9ddf21833acaf586b6fdb3de0216d0758993f3a8c7c9a2cc1a2dbd207f151f43d52eae9e7eb100cedb1cc00d88ea9ada9ec5c432290ea21bd68e94e5c96ab280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f04f8f8cc030b98cab64166a5519e886

SHA1
4b4b3bff9ea287fdc71bfb86c6baff17601de2a5

SHA256
b18ed70149c5a9c27f7a4e5fbce05212375ce932cbe1a69c2a21c5d95d6462b3

SHA512
97fb7693eed959be7a6175ce729e376bfb2839952fc78a3f752a29cca9fdfa03f2ecd827de17f8f3ba57df5e89e4a02b908e67174f58da5b1b153baf5507fd84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc71c69b37196288e97de2241d911a02

SHA1
3ce066b1f5b252938b7033b74d51073615e9e8c9

SHA256
c1ec67b75bd711278473d9e60e98412d23b801d3ce94737be26884a634584e4b

SHA512
22cfa91094e3dcd30074551ffde9fbd7be6ed0295876485fe2876dce06557709a2c426ba0dd5e8ac23917f94e5665cb417148bb907832712da2ff9df2301bbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16f50a6470be4d6390b905a2c1c9f4fc

SHA1
4ac58203a8617d8ed9c25f15f8a6181bf189b0b1

SHA256
949e41be2a9f8370e03f0c8ef55e122d89bd7f8b04c08148e772a61a3bcf743e

SHA512
f9231d8504c25ea420d31c430df9f3e364dce1539e7ab30511c1629cad18718a86fc68e791ae19ac11dca0134fdc48f91855d8a58d7c938c3a7177bec61e1c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b3ee.TMP

Filesize
1KB

MD5
5f1b0ca08213c02c8308f3959ac4f15f

SHA1
b60d07b0825bafd9b06aa62050652c4a75d4800b

SHA256
da56eaa9d539a18e13fbadd71f8753f3757bf43128a4de13af4920f4fdeef6f4

SHA512
fbff6fdd600ac8d086ba54680227df89f5a5f27b12a029f2eeace37ed1928cbd01ad08473276082cbc1a12ce86e6f7fe612093384ee5b25b16072e4a3013a854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
04a47f48089d94abae5bc9b13121ba32

SHA1
e4142bca1c64d57b3c370fe4dde9d3e63e0f7bf1

SHA256
de510263c08790db664b0d5f2c0196e4cdbacc604438462a00a0e1804f3663c6

SHA512
ec9d136942acd050f785e899b4506af9d762933aa1ca789dac1ca0d0a679ee1224c70f5fc9e525a6ab714864da762c84b9db33b7e3565b64526f2427097cab81

Download Submit