hxxps://amirnaz-sarl[.]com/hereme/

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://amirnaz-sarl.com/hereme/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2768	msedge.exe
2768	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 4476	2768	msedge.exe	86
PID 2768 wrote to memory of 4476	2768	msedge.exe	86
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2888	2768	msedge.exe	87
PID 2768 wrote to memory of 2036	2768	msedge.exe	88
PID 2768 wrote to memory of 2036	2768	msedge.exe	88
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89
PID 2768 wrote to memory of 4288	2768	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://amirnaz-sarl.com/hereme/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb03046f8,0x7ffbb0304708,0x7ffbb0304718
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11148286536384091549,11782465899057535204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
99d1b34b1c382328e706317933614cef

SHA1
d0ad050d6d8c70d7131fba4bcc00df665fadf660

SHA256
cdd98d551908418e8c46a7c113879899ec2281a1a5528cd3c24f5e183f51ae31

SHA512
3d218b259af214d71bc67571a71268eca24a484650fd5e2854c8cf9fb53225ad91de2318c0eacb75e60e3eb882d78410d364762a23ea65508a250c09560bdb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
737B

MD5
2f84475f2fe39b2b0266db899d3ff284

SHA1
1f05da6e5c2b23f59244591f864b2bed0b988dc2

SHA256
36a52c2ff8002f02f7bb3c0da42e04d7d49c0dd190eb4d1b432612fa6feff69d

SHA512
616bd97af9407971e28f15f14255f2a2e77f588c54a11e3db6176a44b6cfdfd0f922a63a90440a4faf04cc5b261b23cf2b8e40b9eb0217eed7f0d8f6980e3717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dbaf37cc7edb8172d3da2e3135eb9d6b

SHA1
6081ae1b349cae74a97c006a010a860d7b266f0a

SHA256
fd7e336aacc6ed14b4a2aa8cfe836605ec95e901db65b48042f2a232a6e3fda4

SHA512
1f386d4ee4134df3de8d815420072b6878011941f4f1c655a11b54bf8873651fc2d4a108ee2960ec1c5289d193e9bb121a7f40bd1b1b8b2f24010162f5d3c9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b55ffded8757fe9e129f029a9eae6d2c

SHA1
efd65d1ae73673bac7e350ae63b22bed69c6030a

SHA256
5069df727f968eb81fb0c032d094ab0b882d14d263f156ac9e1105c33746f2ac

SHA512
12a51be9431d3417a434579abd1bdc25d8e47442c430f646474ac3731daadc3783d5046f527e8ae9327e9bd9da6c45a11410ca87e7564fe071845a1518719e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
664c5f10356dd6f6658398d1c7d895bc

SHA1
253cbbc3ae4d24f79e9572f1031c503f9e73fc84

SHA256
18acbc9814e6d8075b01ab8ac18b930735ed5805a9fcd0f57b26a72c973822eb

SHA512
b929ed00edf194fa466322b3f42e46beeb5ba0d52fd15027da8c73e2d9619fcb4e57fbb053784d257d10fc08e597c224698d3be16170eb4f59383a32ce0fd83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
365B

MD5
25f05e01cc62bfdb0d1659b59161222e

SHA1
92e43b811a732ae8b6793a195d520096b3202083

SHA256
21a4a0799fee8866f3ffedd6bfb5dfbecc31663e3f6803856d0d88e815b22c01

SHA512
e5410494e841128f9dc1f7118f6ec48e5fe96df11467bfb8944dd39adc9603a5edeb03cd54ce62f61ec893041aa714c2299dc579c9f88e10872001add5ef870d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588edd.TMP

Filesize
367B

MD5
b8d6c1f66d7ecb1e5b61ea9261ce5b09

SHA1
7dafa0bbdef58c854bc3a6580aa6b5ff79608a32

SHA256
151260c25977fa905ee1032858ffccd98650aa41385ec4b488df1b547e63ad05

SHA512
a4a728f31a7760dc1fcc1a90f1518ff4922dc054e49d0c72a629ecf8477fbc79445316a3ae0a91f16f38c3eb76f013f9265dafa5fd0a48fb891674296a42246f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35444c856915b8fb6f3243d4dc0b05b3

SHA1
5891fbb03b2b637295dfdd68def5dd1679d992ca

SHA256
2e57c13ac73704a56aa34557dd12dfcded64890bc262043b2d5fdbc3c2769bfc

SHA512
a96c7f71bca55d3eda9c97c6bfce6411f10b756394b262f13c40ff382ac481d843513655d901f6e614db1eb608dae3d26e3c83876c51a8c7d01fc532cbb41ec9

Download Submit