hxxp://fmentor@easyvistaremote[.]com

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://[email protected]

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2476	msedge.exe
2476	msedge.exe
3696	msedge.exe
3696	msedge.exe
3664	identity_helper.exe
3664	identity_helper.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4596	3696	msedge.exe	83
PID 3696 wrote to memory of 4596	3696	msedge.exe	83
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 3620	3696	msedge.exe	84
PID 3696 wrote to memory of 2476	3696	msedge.exe	85
PID 3696 wrote to memory of 2476	3696	msedge.exe	85
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86
PID 3696 wrote to memory of 5080	3696	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcafda46f8,0x7ffcafda4708,0x7ffcafda4718
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,5886008614956419021,1155396639697964277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d5eae2c1de4d3c17705bbb31870cd819

SHA1
b879a21622ae625384025cd8ae763e598826441b

SHA256
7d01a0bb380cbd874f114a1abd1344ec52d257b0abb644b87d0312b8fc8cae3e

SHA512
d4903d0498c40af8c112acb176ff8bef4004528864e8c4c0ff9e1411d2c5a5a774d8a4fc03bd06f72e0fbe4c70f6d3b6e55b83773cba7700aad37206338a921b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9b4e7823cc5524f2c9e746de680861d7

SHA1
71b45f5f1843883af678a721fc2733ec1aefd590

SHA256
1e7d76fbe97afb8510ead7884a12833d9c962671333de2ff3d64f3591afd7971

SHA512
86f60bf7597d0a95ca7bc0cdd54d3c5c6be6dcb0a49f9b25f12e8348288defff9886ab852db6087037a426a3ff2f78e1bf7dbdf72742594dcd6376847dc22727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f53937116408adbc25c0dcf5a4ef792

SHA1
492623de761d29dacc50920c947c7deceb1e47c3

SHA256
778f466752558bdbabf8ee8f93af82e8f9ff3fbf8effa6f4990fb1c5d1b9f545

SHA512
a1f0e34da4f664c6f1462a8f8b39f5bca33e68a45a1021f2e4bd4c620794d8a926d0f96accc16ebc184f2cf276aab20256f0d89332a9a25adf04a96f3b6b2651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
938451da5b6e4f0acdb88c9e52ee607d

SHA1
4ecade329c0054013457df844a5357b2351df983

SHA256
edb5b2a3c8137429f859d376523d73d94e04766092e2041612287aee19687592

SHA512
0d9484d7a7b9fceaa43002d45cc73fbed9d1eadcd91e4b19a44b06b7c8c1e86fac40140b7d62000888db21a07c5c11cc8d002ab64086210a362ec33977a5000a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
235634e4c0050e701b7e6d5814a1f8c8

SHA1
4cf8f80247c5434604c1c4ed72d4b8a37c1c137f

SHA256
3575de8a7bb12e14182f4ea97813c803d06c676baf5dd85f3ff4bf584dc018af

SHA512
5986b32f48140a3edb103840f8b5af8f3c3d000fa4936f794fcb419f48f853fd00a7b9806081f3dfadd6a0de1663e37b0583c4a30515ccbacc2193c62699847c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2b01f342df0d4252dff0f6cdbd0f430f

SHA1
36aae9b38861341e10e154519aec540065de54f0

SHA256
7ebf2cfc658816af7b2325035e227aecd93ad0881950a68d255ce2606e234ba3

SHA512
c06d6c77821d284e55aea9f883ac653c84eaed6bc141a9ca4d66a41631b96f5c9b33cadc445f330b39d5fcbe3521add4b71b715d21312fb3a4b2211f589a406a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581c9b.TMP

Filesize
48B

MD5
5a36bb4a328bd14c73748c3ea6de5e22

SHA1
bdd21371f2d6ed5134884b3ded2baa118a78511a

SHA256
800f05c3d68e7873f5aae0d030ba955b10b29876b96438c9ff12e0b057aff4e9

SHA512
771ef29f086b9519a36e52de3c1fe6dd1794d23d755aecd317e54764c253604b879dc2e23a71598755e49a53dacd43bcec4f2fcf7c34f0f29ade8a294c909c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
666f917768200db382ca5d451118a329

SHA1
444530e064c85f1649c744edfb30ca90a1bc00b6

SHA256
efa6f5328d9bfc5ef622ad0a4dbe32d86901c478288ad8c74400c74fef62e20f

SHA512
5e24b5fe8b26580d07dc3ca066e4bf5c83f1cd50de8dcfa6f03adf0de094452bfc565dd916c98b49fad01459ebdf626fbc730bed42ec0b66a54fd70b3e69be75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d3bb.TMP

Filesize
2KB

MD5
cd39781360c291564127eb677e97ca2c

SHA1
3083d938e505af0e00c2af57d75b6809d51b450e

SHA256
8eeff38611ab959f1a5236cccc2f123dff60fc9ad098f1035d80ce5bfa1087ca

SHA512
735ce76fdbcb7a443e7db0a39ffa0db1e73f4f0611b9e76dc87ae8ff56921b93f42b56954bd5e429407b951263402da19b7c5181495ca5a19812294278d09a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b38c7b71642af50bab581c1a467bec8

SHA1
0eab420a28f50deee2a61c4134446e608f534470

SHA256
4eea528c02c3d00d99da3862bd3eddbaa531925fa71125716028b98bd1179699

SHA512
0de3f198dda778ef958267dd5cf7f9e0da59f7e85bab18642de1ee623ccec1500a5a1832381bb3e749034ed30808b98956fea04a3678f5a51e4e6e8a2aa9e93e

Download Submit