hxxps://ay[.]live/C2esma

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 18:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ay.live/C2esma

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2568	msedge.exe
2568	msedge.exe
5008	msedge.exe
5008	msedge.exe
3344	identity_helper.exe
3344	identity_helper.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe
1688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2280	5008	msedge.exe	81
PID 5008 wrote to memory of 2280	5008	msedge.exe	81
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 4976	5008	msedge.exe	83
PID 5008 wrote to memory of 2568	5008	msedge.exe	84
PID 5008 wrote to memory of 2568	5008	msedge.exe	84
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85
PID 5008 wrote to memory of 1556	5008	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ay.live/C2esma
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e44346f8,0x7ff8e4434708,0x7ff8e4434718
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11410771348006872021,2869817237663331697,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7b9f0fdd4e89c762a419fbb832b91408

SHA1
43ec1e871c31f6df4729865171f4c6799edd422b

SHA256
259be06302bf14a5e475a5d6c81cfb9a2b3e74e2f7c391faa27b452fe0a69656

SHA512
5d2c6ce51b08a9a785f088b87482244ba9243a11d8005949e8f9ffc8909aa3da25577506679943c8c35fe78f18c4f06ad36ded9bd3f658a2ed6a320c254dde80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
0e39bb98770ce598200588d3018ca983

SHA1
dbe34ed7ad788f0d1a32928e3e84dfb957b55cc2

SHA256
0079ed5172aab326c81c61374c93d0f840954b0f756364a202a84d38ed3efc22

SHA512
8be051fb8949569069c5cf85c932d63ad2514772238eb39fbc17db8f30414c2dea646595468f6cab296365b9dda12744329d9d5253b311ab26b601d2c4eafee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
94429e0d414d71b7d3649a233f534159

SHA1
81f66cfb480fa11213f0c8eb900a0516fed7b175

SHA256
e24363e2e6c97e29a1a2377fd52c2260a5878e073767d4c4c7ef1055d2dbd582

SHA512
f23c399ebd52eee865321368aa3e3dec4d2aca2e6369c0cdc7b36d869fd33dc480488a0a2d44764c25d3382ea431df31a8f31c90810b46eaeab631edbe098f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bde67a0d37cdca9e11303e16628f7a8b

SHA1
c152c574c8e13f006f883c4ddec0e441418e0479

SHA256
7a652137176e4ad781a8fc901f245d695978a22e8db2d3afe37a6fb789e6b502

SHA512
441e985f65312d367297211a426461aaa9bce37a71ee71a715c14bc547b6f72b36335b1bcbe827eaee115b270b77f469f273e292c4368475c3e7a08e6f3ca91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f3f210f9bf50e80d385a52a5fd2124b

SHA1
7afb6b485b72d51598e506a93005446f49a1bb06

SHA256
354a4e4aae1b44d76b810a11a3f71cd5cafdf051bda492e5f972e40b0a499904

SHA512
328477a6296f30e3e97d8b4f86a71fc77b49f730bc322820173e0714e6eca7fb29d9d8facc575b4b7ddf324b58ba15b747986a80271fea1fd1af25b26f19113d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d7edab4bb0a5d2f1fe79101e996d44e

SHA1
8f24d5399a701899fc3d7a404a25e12e3e0ec866

SHA256
fdc4500e3a58b1b2ca04b6a43cfe876467cec322183f218798532e031e932aec

SHA512
add14dc884bbc4cd7f4436ae9259f41399c31d9a602da3f49cc7f82563e705f424d8f3e94be88367a6067a60dcebe472b67a5ddc4fe0b47be976a9fcdebfed50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
b60364de4d5251988433bed77a43b8b8

SHA1
c34e4f4a7f14bd280d9df6d6961e96783b5d3849

SHA256
3ed62d7ae4c010957f320bd6e7560a69159505308a8084e14e41804b9d2ddbac

SHA512
ec39815da0c36f35a6543ed37c2149d5356991669569f9c206ac56b9b3cbc690839a0481137f43ff0baf05060cbaefe93df781302f7bea990ba09888d91aded6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
45769abf74441494cb329546c3a0d720

SHA1
100e3b661ec9a6bb583b6b57ebeb70823215488d

SHA256
3f643f26ba26623db308e6441097a73c652aa420cd6282ef121dbe34d06c6c46

SHA512
ac6a943cf651aa5f0b80c4496fcf909101ae5c4caf25d1184929153516c8daad238a8e2323e2c7eae0a6593fc151f1575c4cca2e3ef4295c2fef5a9baa55efdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58028b.TMP

Filesize
539B

MD5
87c06156146f40f5fe95811cb04577cd

SHA1
b0aa4fe661ff3b3f57b77ba39b551a1752098937

SHA256
40c682cf483b38a84c1caeeac400b493fb0d0e0fcb54f6160b2c83893a3dc179

SHA512
dc4316b2d6d22486c57be5f7a23237eb43c82fc342fd6158943a6b37c6fcf18939f125948279c6f242ec57e8c9a1ea825ded270c4ddf4c96a90afca66283582e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b3c3f4baadf95446a40307689ba4cb2

SHA1
10f81cd236da5cc36929424b541388450678f1db

SHA256
752b83b207de7a402490ba908e34cfbd6ebd9bc9ab67cbd4df81486ec3fe6f4f

SHA512
a9eca797373681697db4105acb460f431ab53fa8ad3c13fb88f1a6a523f57a8604e5cacd60ab58ef48212a4892b0df95d086bf2cfafd0487cc0f624c116ee834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0185286165103c0c000791a843e34e5d

SHA1
8066e2703592f118745d024a307741d7543640d3

SHA256
fd4b3f5af4d224abb6b5441b3864baff90470decd60e751d4036a891e2edc2a1

SHA512
42197d60898e3c2c894e672af4496e46c533a4add1964255870a346c591e164f6e2bcd10b573bbb8dc0e61461d06a554bbf28b548df1542f9f65418ab27129a5

Download Submit