hxxps://start[.]ecornell[.]cornell[.]edu/e/44232/2024-07-18/23j9c2q/2886873912/h/ATMpwTJbm1N32oehzgXZznTLQeNo1uedEA7EulPHMdw

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://start.ecornell.cornell.edu/e/44232/2024-07-18/23j9c2q/2886873912/h/ATMpwTJbm1N32oehzgXZznTLQeNo1uedEA7EulPHMdw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
208	msedge.exe
208	msedge.exe
5980	identity_helper.exe
5980	identity_helper.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 4464	208	msedge.exe	84
PID 208 wrote to memory of 4464	208	msedge.exe	84
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 3588	208	msedge.exe	85
PID 208 wrote to memory of 940	208	msedge.exe	86
PID 208 wrote to memory of 940	208	msedge.exe	86
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87
PID 208 wrote to memory of 1972	208	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://start.ecornell.cornell.edu/e/44232/2024-07-18/23j9c2q/2886873912/h/ATMpwTJbm1N32oehzgXZznTLQeNo1uedEA7EulPHMdw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8791446f8,0x7ff879144708,0x7ff879144718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2320099749650353974,14361098783145223755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6292a72f094b4c9fe6df821ee3feda92

SHA1
1a49439b528429fc348dd5f1a735f8caf07cfc92

SHA256
abafc0449eecaf8ab09b57dcf97f0810d04bbae769d2dfaae93eb5cef9ba1c9e

SHA512
0889c12ab06a1ec57323c3efde8a342450be2c67b4668e85725bcb4c130a46d7d7be31f2494e5e71257805e8712fffe2220a7bbac781c24fbe2557e4598b7bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
be699ebb8eb954fb27e0a56c908be9b1

SHA1
c35894e39712cde07dcc401fed49af49df8e9fea

SHA256
5ca4b38cf33f33785646e70e682989b848b9776410129537130c22143ef082a6

SHA512
adfcbbfde3f62e89c360c8e1935579bce09d775f72ad382244a7cb5adfebc571cd0d9e912b90a6f47eb5d31caab976037dd10205bada1abc00c034469f33730e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
da16c6e96f0d61665b8819fe11859ec8

SHA1
c30481a8c1ac0f2d7ebf57862a4b64faeeaa74d0

SHA256
eae6b15e8f65f2606235bfa6778befa1801150ece165f4a30fea5b98955cb780

SHA512
47ebb0a112eb7734ba7bbde6eac064f4aec42e3ae2d3b500bce33c6ac597b8e2e810ee668578084ddda2a502c25b60cfe6715dae55e386695b16054845cf5793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0815b03150158de42f0308193eaf9e12

SHA1
aefd145dee9a7d3e93815fb21e4ac7f71ea4ab32

SHA256
52b88df33c9d5b58b7317412a954ff1b58f0f666f96b920670eb0e1029661727

SHA512
6c3cc7d227424386f3cc3ccb5e366b7237ee02d167a632b69346d4caed89cb3d36a607128a586c60205bc10e30fa187f93728241ad236346703e7a155faedf23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
28b48332fcccfc09d0aefb08cb70e806

SHA1
4f3275f828f10eaa20dec085872f0cab2c470e9c

SHA256
b807653d7d51a27b2bad4f33790f6460dcc89e2cd9c326d3d6ed45d56b7d3bc0

SHA512
8a19e930cc3514bc3d81c088e2005c7168635fcb71c7873865ce077b002a30c7e27e0e931005e5ec65005ecf9435d69ec3c4120dd95aad14d926d9afd81b7fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
992e405aad4e3a01ec0dfa2066d2710c

SHA1
a7132612bdf5a0d2a720d1446ebcaed70f457324

SHA256
80db8579b098dbee90ed5a3b05ed3eb5d297ba6e071102489e82da3ebedb2d4d

SHA512
b1533e8d3cae1099b13776966cff5048451921674af6d70d3f8ec9aafdadc0bc40284be9c60a0948b1b245a6286de2ef343c6495b1472f2c0f922d5da974f438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8affa8e21dcce9dd9c82c2f0358b5241

SHA1
aa07d4406f23e9c6a8ecb6324ecca3646f042264

SHA256
be4f498fe2474637c8654354caec751232b897f4c49233379d82251ab5e3cabb

SHA512
073ec08f6f55ecc98cf83c73131762bf94d7300962889f6d34df3a328c0b79ae01d72ae220785994b0a9900cc6503a50c4209b56dbc3cdff32086d2e3948e0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a5b.TMP

Filesize
2KB

MD5
7d5f9340d13b8d001ce0ad81af3e8859

SHA1
1dc0beaa20ca4633303bb12487667aff1092b669

SHA256
a44398bc9edd68954cf9c25f947a024bc775d5b44dcccd203d571a9e3b01bf6d

SHA512
2c239ced1b0fed1dbe66f2b8cb22be14384e1cfc04996dfd7f107090f2d44e617e39b4ea6e9bc073c43305850ffe7dc226865afd9a39439b2dab06c7a4a1c54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d253ed1b4e1a034eb07c3d1895cd21d3

SHA1
e516ca50ca97b05cf005973b603c119296d2b9da

SHA256
1e9761af77542e3558d7e07fd414494b7056d6266ad99b5813831eefaf611315

SHA512
b80eee798ec3ba76a68f42b8b77b11b52835b5f07309c9b6e109a1dca55dc6b741c7719a88767e123cffb86f57577c2bacfe295c6420982f610818cd05c45883

Download Submit