hxxps://web-lnicio-rural[.]biz[.]site/

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web-lnicio-rural.biz.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
384	msedge.exe
384	msedge.exe
1368	identity_helper.exe
1368	identity_helper.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe
384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 2904	384	msedge.exe	73
PID 384 wrote to memory of 2904	384	msedge.exe	73
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 1776	384	msedge.exe	87
PID 384 wrote to memory of 388	384	msedge.exe	85
PID 384 wrote to memory of 388	384	msedge.exe	85
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86
PID 384 wrote to memory of 4512	384	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web-lnicio-rural.biz.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe86d246f8,0x7ffe86d24708,0x7ffe86d24718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6141781720144094180,4301547229480325429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf009481892dd0d1c49db97428428ede

SHA1
aee4e7e213f6332c1629a701b42335eb1a035c66

SHA256
18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

SHA512
d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
6e6c58c5cf2e307205c262e0c7e1772f

SHA1
3a1812bc235e0feb6a5118bb1a981554e82b8013

SHA256
4d3f811195c4aee3ba186e4bd78908161932f04579e876ac42e69958f68e85d3

SHA512
68e4cb73790d07c3f13a370505d1113ed11dba0f2d2acb38335de5b74701fd1b020af01ffb4627a6a48c748566578a756aad6b1bc3efcdd7e5817c3bc7e365a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d5f91c1e4af33572316fd2250226ed40

SHA1
4e340e70cf80b1163b3b2233a4efc80a31b64243

SHA256
8b224eb02bb2c9f9844255fbbb32cc4441c5591ddeeb9e4cb2751d1479025bbf

SHA512
1ad0b15038a2a3fa95ae0a293b14fbc920053fd6711efc390dc663fdbd96b7500b69e16ab54e430770e62160747cc9945604666ebcf44ccb7d9a77674e503eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
828B

MD5
97371e20143dd75a76247d7dc896974d

SHA1
3fa1ce92c92c24dd966ce7067c53c81f354909cb

SHA256
3a7601cab3bbb3322a1345a0b0b386993d34285614dd4f974970ba8334d99662

SHA512
c32aac56f382f85c13d3a321afc45252239535adb64f3d30747d27345adade9294832b4e391cbd1ee72427d61a415fcb4d76dd6b3324a32ec67ceb8f0fcceeb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d0b54bfed42368a68e25876b2649f51

SHA1
470f9b4f4b673d3700b1344f04c43890d4d3f33c

SHA256
06dd5b0bb0c678d43076d6840709da1673a024c7691feca58568cc4794240b97

SHA512
7c7fdd79839584c2e0463af14055baa0662a402f6131614c15eedc96bcecdeee4e4722971330abc3375fff58d616eaa70c9848d4f9bdec0bba4f328d079573c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
144c9c61994f62763dfb42da6df2e978

SHA1
2ffe76940d9549fb7b60006435a30ebec4a09742

SHA256
b9735cae226884a21014789c35e4f7d375b62a829e0ea1217f00b1170accc85e

SHA512
603f9c682604492b57080359dfbca323af0e455af0134a407bc19de2ca358d737caeb5565c6aa9a98699afef78ed88cc6bbd080a2dd7cb9eab8ad2a78bc369aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25be58907ce897a061e17044be3be111

SHA1
e6c28730324b3b152d722c7424453c20e14cb749

SHA256
466433e7a3419060cfe83bbbb6b75245a83780c202731f5c4a5974b6d459b0de

SHA512
df5b00fc7beaa1c1c22c7be90b8a700f5b41b9c33fa6cb1e584a7cd006c521ddb7742ca03c5ba38797a393958982a2a8e2434cba41d8f8f3f1b17cb56ae9cad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
25ac77f8c7c7b76b93c8346e41b89a95

SHA1
5a8f769162bab0a75b1014fb8b94f9bb1fb7970a

SHA256
8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b

SHA512
df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
0d359796d17e41d16e4cc6f2d8606337

SHA1
719a65c625778480386f8bff4dffff23797d9c71

SHA256
b8103a1f45857b7dc09473dc6704aa74cc8792bbe83b1562e2127fe7f9332ab6

SHA512
e7f1014dab70aafc450a76528a397e186853fb294eac08a1828e65c2203292da3f0e4a6757b993378158e462879b61bceed29daf7e98b1eefcaa375cc3a79d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f1395d1e24b81345e1f02825cbcd12a3

SHA1
462424b4d126ce1347f5cc9db5766883e93ed6c1

SHA256
69a6a156d461c8cd8e0a008177c2748beea9a559a55fbb1b21222fa4926e82ec

SHA512
3e3aaa33601164ba957e526ead71385072f2b12725e40c35b8d7145173c1269feb809bea6e009e5ff9a90604ec7c77cbb956cc454b291cdd3b58a43acf09164f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
a7a2804c66535253979990c5b3197ce0

SHA1
c1478aa2f6d487463a963d3632d6c099c9cc2d32

SHA256
1a2a6691f9937ac420ed7058f6e03db9ae18fce73ff172a337b83514711b8718

SHA512
a0c27a12010f2d4bea7339e3aba9049df4fde70f7595c4fcf099da4e10285a506095e9d3dbb6132ea8fe77afe2b24cb8788cfadba37260e121adfc3c766eaa63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
edc29571b4792946257bb94dda02ce83

SHA1
53f09871fe77720f96be8f217bce6c5691be3f59

SHA256
bea28df475d52bb9b04fbdedd38f9e6a43cee51ad958aa7281f0710acd874689

SHA512
440da6345b6208ec97ad850cf3f1ba2ce42e0c58df4e31d2017681d8f9025d0c100991ab5a63b29f6f0aadb1d86ed75335667fed9577feadbebdbebe35921c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
d406167139b776c0e3960df46a87a163

SHA1
b9af4f3649eaf398103e283c8280d372b0add7b8

SHA256
ac90c7386972b2640dad1d0c8fe9dad5311b8e40c577aca006e74399ee6a784b

SHA512
82e9dbdd2cb095c4dc42a326325b6940bb99fc886f11abd04bb399ec18c863563ebecbe5115c0c133fbb5091d8d56558ec1ba9bffc98f9a7ef1c66b653cba1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
746a88933cb47ef7122cf46a2d0d8a8b

SHA1
4f503678af05773a590d2ea528af8dd785b1bb84

SHA256
49c90140230f37fcf092ef520c2535dfc9c27814dc194c734377bf6c2959dcfb

SHA512
f7aac00a2fe510181d0baa1c5af0b12ccba346e0ae0d3af89ecf05ae1ec9a630130f90a9b2cf98c1f01dc7d2c5a1440762262566a8ea1d31f44de3b33cd82890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
1dd0ceae4628d78569d76fb1f16e7076

SHA1
9c2ff0486ef218cb25985411d6c8ce673f5e1cae

SHA256
c6e2a255b8c3199eca5bb1f5477420796a7a6bb19a9e1de4d5185007b0323fc6

SHA512
503d6feecd144574406c537f61a0e03bf5ff99e0e6118a212dd16bfdbd45484e58c726757cd4c466bb29980aa9526d4c040d76e15ceec099c4e01a749e0f438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581de3.TMP

Filesize
372B

MD5
bcf439bf4c6292df44f1077c09b941d7

SHA1
3aea5a37ae4b6cf5f7ddf200eaa3a13743281bc6

SHA256
8856d54a48e88e990de804fe776e7023bfd91d1206dad8d2b1c0c71044fc7910

SHA512
03a1e747a36ee86f016bc551d20f7f47e2883feecc1a7630c7afe69a8f4c9588ba5318a71ad4545e9cd7069ae501ecf3adf362cb3da781052f87f4bdd152c491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
605d4ed0622f2f482027065a394315f7

SHA1
428f9b09e38129cd39eb053d1fc826f02d755a66

SHA256
98e8155f5b1788d2fc94c1c27df21f67fab9c16a6885c791262394bf9db283d7

SHA512
c138aff4af61ca5927e34a05850a8f0107d8e691aa1696a3fa74fabf7f833ec7daaa692186833454104589158c2828f8b3fb240fb9d9aa60d9944695c6f334e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc8d19d96a5189c01f753170627ce600

SHA1
02478cef9c6dda16e7f1fae0b925acf920906e6a

SHA256
c5beab7b01d98033571e6702f4a58634b6165280b675768338bdd4dce3e8424a

SHA512
04a404263511cea63cd164d8d9101c0636e0b1a21ded91a5176e61275808bac51ae524ea7f22d53eb2ccfac74ea0c5c57c3fcc21a0f15fc3e21f71ae02810068

Download Submit