hxxps://www[.]buff[.]game/

Analysis

max time kernel
257s
max time network
289s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2024, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.buff.game/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
4256	msedge.exe
4256	msedge.exe
1780	identity_helper.exe
1780	identity_helper.exe
1932	msedge.exe
1932	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 1244	4256	msedge.exe	80
PID 4256 wrote to memory of 1244	4256	msedge.exe	80
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 676	4256	msedge.exe	81
PID 4256 wrote to memory of 1612	4256	msedge.exe	82
PID 4256 wrote to memory of 1612	4256	msedge.exe	82
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83
PID 4256 wrote to memory of 1940	4256	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.buff.game/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa3e153cb8,0x7ffa3e153cc8,0x7ffa3e153cd8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14577102076382001253,5605242635739875895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d1c9dc578f6dbdb338d0527a6e549183

SHA1
0d74f276b47f3fdacef615bb3031cd3efc8948df

SHA256
c29fac62d53737813c7ba1f944646e36f20fdbf6e145899fcf0183dd119bfc3c

SHA512
ee367186a76c4e8a2e6247d29bb6da47e3c55d90b11739893ec197abcdef86cd0f2671e4c23a128c38441bec53bc68232e3ba72741727be25118a18f01aa72c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82b5fd3f8d2ea2fd6951bc89e6d93bd7

SHA1
1da5f7a71c52ab740cd449aeb847996416638773

SHA256
c18386df1c67d48b39e6f11ecd44f0bc50d243af5200ab6649fb110276c799bb

SHA512
1050a8b488388d97c4de215541fd2b33705c28060c2489fc308500deb1b8104367f8e637aebee8b330e33aca647a5ce6c32c5083aa7abdf1eb90284700dd84f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d23d72b09e448fdaac4a5efb63971285

SHA1
2915d48017e85df49208c52dbada3deaa38dbd39

SHA256
daffd51054af94a6875fc1d05cf84f772b9aa6e0379566ea44954f54281c6434

SHA512
386e46ce8b645dee0edea21c95a3cd302070f56e05c5e2f00150408a4b0b422a28848da5c9cfbbb7048facfd0c87e2502fa024db1cc89be83720178cee2a3c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9781297d41de1254c4259b6c118b4c5

SHA1
52dff0883de8f9cd191830dab830677681d6b73f

SHA256
15db61578d50fafe2390e2ee7f8525fe211b9f65367073fd87b6b332ef65d48d

SHA512
3c8c98ef5c50259e313bdbd288591420b23442abe0fafcd37bdf66a760c49db0dae8bf3e10946fbe0bb29d3299c44480d9ebae6e5a917b7f5faa87f965b75db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
80a43956a7baa67bbca7d9b23774fd19

SHA1
4f9b6ba8a45541d1ef00749b0e24e97212d8db98

SHA256
5ea949575398075efd8a59755e8002c95c5e257247e3ff11023acb142142bf89

SHA512
444edb641d2d95aadbe84250c85feb4872987cf3715616e04d2b3669c43249dead6c7b2152807dd91fcc783c13aa034558cb7534b4590323bb7151f5c77e1816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b03e945ba6c89773faab0f2af600e62b

SHA1
0b5f7f628e4570a1d9d788baa97db17d1c666707

SHA256
c8dd13d8521a29d8a9d9feea3e694ab9e3919c3b0ea3e43bfac91b66d2afd15f

SHA512
d7764931bac57278ac7ebcfc57f87a7b806eab21bb2449ccb23fa10b74af330da9c19deda8a8e531b6568829723eb8f7ef3106fb9f4b49dec05c0773a9aa86b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2c04fe6a08fb4a8366594e0ddc761d7c

SHA1
da0089af2cd48a023f41a763554405f38bd0027b

SHA256
8d7b4a0fc9ccf27c4a3cf90af280c5de4792a983bdb47dc09f20c4b294c672a6

SHA512
86149300f2d1fa7484fbf0c50c851db036f984c54cc9b119233f71b79e04c599d2240f72ec64683f5d9385efd0c58a41b73842470bdc284b9e104744141586cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
796780c0a77043e1e1ae49667a066b94

SHA1
05b2eedfad8ee7013793f84d255a88ca47b5b6ea

SHA256
95ae3582da0405f68942f8aab772c2c0e742188a57fac3ef552d444cf3a24725

SHA512
9d1180d801a0db79cbbdc78ca09ddf61d8c82b42791729fc473058fe2c2f98f31a5ec0b66b9a5060482ca0f0be45050e5d7f61c6c1c478e76d81f01d01adb86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa5e.TMP

Filesize
2KB

MD5
0f5de08ae13bb360509665a2dca2b834

SHA1
f3c5b2df5501666e359a4c33d6bd326529e643e4

SHA256
4d0353479498be3e9ac959dfde7ecf4f6bf987f37ff2c1419c0213e56bc5ac89

SHA512
20610285a3b3a2de19302fdbaa7943599f2b3e843da1fb53c85a9c426637844e0a8a8ddf617851e25bed55d64962063e36e2045157f5c43997b4b2cf3326d77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6f5201c4dfcc124bf3bb22fbb994731

SHA1
60773f927b0060a1f391d6d003795c888b5581ef

SHA256
95e6bbd24d9e1c0bf4c7723d83ddbded70cdb7e437ac36997c4e20a02a3f7039

SHA512
922a5e4b9397deffafd69e27270b99a3f13f1877e7fba67a098c98bb3c63fd6ab77574fc93764ccbfed96b0e7dc1c3b9f728fa2df665cf4b078ee293f39f5a58

Download Submit