hxxps://cmesociety[.]com

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cmesociety.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
2380	msedge.exe
2380	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1404	2380	msedge.exe	84
PID 2380 wrote to memory of 1404	2380	msedge.exe	84
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 2844	2380	msedge.exe	85
PID 2380 wrote to memory of 4088	2380	msedge.exe	86
PID 2380 wrote to memory of 4088	2380	msedge.exe	86
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87
PID 2380 wrote to memory of 3984	2380	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cmesociety.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd50e46f8,0x7fffd50e4708,0x7fffd50e4718
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3838308034751896405,2557276524742770116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\82a24539-c22a-4211-a080-219ca03a3ffa.tmp

Filesize
11KB

MD5
a4692e1176021c28a6d1d8eea30aa06a

SHA1
47ecbc76ea48a4e4459a95d74df346f61bfb74fd

SHA256
8bf154c9302aa8fcb3fb6fd83cda35c501751eb53792ef0dad2693f12db2fbbb

SHA512
1745028e6a5a53d971fe8ea5fc1296f4160c39a81a0a996a4aae25fd818bfbb922d336d5d9e7aa61a64218554df86bd6fb4351836a4edbaa2102e94fd5557941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
28KB

MD5
c8c68fa975358775b49764afad961906

SHA1
46b946bd4a30ba4d045aad4baa5c57ffc8395ee7

SHA256
9e380bad5662ff6964c6ebfb271d8e9b4a0a7381eaf02525c2cf5f4cacae17a1

SHA512
b34384a7c95e8fd6b4fb7f5d4d71a4bf048f532f7e0a9ea3084033cb94f577a86f78f4dd8b0c572fc8f6a528aab48485d7aa05c7f3a81dcc214baa5ce3484cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
65KB

MD5
5d779f54500197c7f22db19e2d5b2712

SHA1
8d2d9ce3f98f6c9b36237ade2f542ddfea3f07a3

SHA256
eff3e68884362d5350756b1f716816200ce93c393202f01d43f8a18f41b315b0

SHA512
bd077ab617e88ca0709d61c3d9f54bda2d04eb6918bb6844730121d60c1f583b2cced588199f2a137d813f4067f326c0cc88d3e3b1b843b137fb8520ef778b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4872367dd7f28a473ef7004d21ce270c

SHA1
bde7946e3bcf5dd2041b0ae8c9c461c0f0a847c1

SHA256
7dd4350b25c1ee8dd514bd0ae00a9f014074c17a5ecb0017f8e100edb77cb0e9

SHA512
ca5ab8155c89fecfc3bd66860db691883c59a24858a2292f1f4f1931c9ab89f44b18d3c83735f8b9bc750b8dce6965f34bc5ff0efef5e54f4e31f755d4dcf0d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00e651134736399867f48380d376b2cf

SHA1
f453f8b1a25324e941bcec37798a9428418b6974

SHA256
405562aabf76b5fda0324c3962e17781810672dff09bacf076c83c4b7e7bfa13

SHA512
ff7d2b15e3b51f64424f0030bfc58f2575c8491f264907682a5fed3f0fecf176b59305c00f06cabffdfdb2ec095614ca519fb90ce71a849e174f4f4f91142772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
80a972e907638cfbbc446756cc91cb62

SHA1
10a0debd9f4ad7adf3c6f28e37c964fddfe11fbb

SHA256
642d254b5b1726fcb230adaf5d0b21d254210c332df5622482fdbbf6699dd5e2

SHA512
b94ed7d3a41be8b9d0c10198ab7e9549ed89e3a9bbed3c3e3fc9adb6af77d2b4c914a6f5f55b5a2f3c5345e711d3cc2a5f11cf94e56b18c2ad42ab60085629be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb8ef3fbf275caa2a6614693e4a506ec

SHA1
727393d1ded49ef61a46a99cfe294dd8310a2331

SHA256
f743c7490540e2a0016f6b4371853509c7b6b568e09abcb003b74ae080723705

SHA512
1ca6371f7ab229c08c0b585ab9ff44a4298117410e6e464c823e4998211fb6c22e5913c03a152e83529eaab347b3ac8149db4d3d1d00a8a04ba9712feccd70df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6fa995bbcf3fd0c37f3075181194ae85

SHA1
1fc2f683f14095109306977834c05e13ad2faa81

SHA256
042db0ea6cb40989f74f4b2e723305720af62ef32b7b05ff0da4abd6800a5f77

SHA512
bb1d1e28acfe681c3bfe5b3bebe258ca73a15b58b878738f1dacab36c655a8cc09372304f95420a5afa867a591d9c52c5af889db0cadb75f30a7547d2d97ee39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eb842c5e4e551dec8c663855319b8682

SHA1
d4ee02e09c83584eb984dba239a467f9b2469512

SHA256
25f49a79099b5b9bd42bc814a7a8ef9870e9c2a8be05ddb2774b7b17229a43b2

SHA512
b9d5a557f21b216bac9d6283f893d4b4cab1e607688e639081008f74ad900eb6a39566ab27f51e5f08a11bdfc2d54ace1ec63a42c11ccb7d9ae5a469ba75cbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
070d09e2da7521082d2dda92049cdb68

SHA1
d3211c7551aaaa488623c1ee56d7dac3858cef79

SHA256
957a85921bf102ddfc8fa801c5f38a382e20c2606fc629292a839cb7b71deadf

SHA512
94138f395a70f540b577161b27ae0d144fed1c6c50d78198c2e04858e5eaee6ecf61a99fc346fa92a36a9093cdd72e4f0cc9e80d38b6017ce4b72c26da764dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f08a.TMP

Filesize
872B

MD5
830ee8adfc7774a423709285f693f111

SHA1
206c50403bf504244e44cb1a7aab24e9c3b92f8a

SHA256
7547971de28dbb689de54cef35d82e9201944d71463ed75b6f948953cc2fc073

SHA512
27c7811e58670557b34e5a21e77b22b4b6308f78fe75e72268ed3051271c4e862c1465e791c7143832185e21c494dc5c940994ff0d026c4eca1dce67fd8b3b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit