hxxps://www[.]linkedin[.]com/company/winvic/?original_referer=https%3A%2F%2Fwww[.]winvic[.]co[.]uk%2F

Analysis

max time kernel
153s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/company/winvic/?original_referer=https%3A%2F%2Fwww.winvic.co.uk%2F

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
3084	msedge.exe
3084	msedge.exe
3864	identity_helper.exe
3864	identity_helper.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe
3084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 556	3084	msedge.exe	88
PID 3084 wrote to memory of 556	3084	msedge.exe	88
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4016	3084	msedge.exe	90
PID 3084 wrote to memory of 4012	3084	msedge.exe	89
PID 3084 wrote to memory of 4012	3084	msedge.exe	89
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91
PID 3084 wrote to memory of 916	3084	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/company/winvic/?original_referer=https%3A%2F%2Fwww.winvic.co.uk%2F
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb4,0xe0,0x104,0x40,0x108,0x7ffc89b646f8,0x7ffc89b64708,0x7ffc89b64718
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13622721092640882721,12040312545066930922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c84f96dc00dc23476515155b5f67fcf2

SHA1
7da54d3acd98b3bf7c911814009e6058eeebf82f

SHA256
35d814e7dd18e98dcea2f6d93372bdc6a7762e996afbb4cb4b2c84859153329c

SHA512
1f8ea75b50ccb2b355fe66d23e33fbdafb66cde751f42419a5b2d4628cfdfee890036ec786449aa39134787ea0916b3980d95580d94105dc962febaf74f4f90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c2708576a4cc4b1abb063083abba08b2

SHA1
18d1895a999f91006606e833e7fc76869273207b

SHA256
5b328818c7587d88f3dfa6f9c21714656fff71e8a99697ed4d0453bd6eaae705

SHA512
9f31958f6ad22c12af4c953da80b18062f02ce7d82add2de94c18f375c3354417f586520ceb75e2edd337f2354a8d99657020573bf2209698d584c0b9e159d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f05336d6c5f13168cdef39b459e5ef08

SHA1
9c3dc0d4f74f6d43e5bbb84a3558873f222f00c4

SHA256
30dea5e960aaed0dda717ccaac9d81542befbfe9b5de96f9f6f42c6619da7b07

SHA512
cee528f46b52e2f846624206d3a35facdbd0f55b77a4921676fd09e7ccf95cc2d3ea7f707f492570e77e13a2616da3aacd59dc9eb4cef6ddbd664545f972ab46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c67a6f79aa2a2c36fc13135207ef46b

SHA1
171724318679e78d4c6a0351974ddd703e88f872

SHA256
7f537df5c4f81a76c768c43d0ed61d8bbc49cc34c015e6e29a1bbb107f89d909

SHA512
5ab25d07d59ef50472882a2749050892169e49b14a808650ba6d62f9159fa100831b9baf1cf0eee69e9fd57cb6542af4d76e7fcbbdbf98d2c3f198f39f6aaba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9581ce22b0b803ed879b09b6f96ffe3

SHA1
c62fb8b25c5ff70f13626018079ed110c9e15515

SHA256
77702ed2fa6f13ddf1a9597679215d52308422f1a449f83399a13f715371294f

SHA512
ec13bfd67629258919072d7eeb06df179447f669f269c0fae44df9dab5235efa581aee0e9e07e0c241efd989a04f65279ddec94cea2096303c6c6d40e4e323ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c47e8ef794095e52f3a72c27efaa15ad

SHA1
1c0dbf2da320a03845eedf850069d5efb6be1616

SHA256
3b30157725d69a1132b60b6182f35fea149c92592531f58b3f3adfa4fb73e245

SHA512
3a4fc5398a1a63d9dd8f28f9467eea0be3f30279b339fec6cfe1267bda86561d5e113d3b9c57a5f9713d47e01704dfa64b70c417832c5673f144cb237dd7527e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
a3202015e23a5d5f835fcb9d01ed0ee2

SHA1
c98a20b3459238869c0553d5af8c0b72417d9456

SHA256
8fb3d2c7b8a45df5cdd8c970800eec5c85f32d73c5c8e5a5cf7e1f08b2d40d30

SHA512
09eefb575fdb6e58ff4d368776aa7c16993063f7731acc03a98375947269e9dacc705b42b3b8c1e67601e4631e25ed50cd240feb0cf407d75dbe786ede584109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
f3510f2ebe0f7614b00aca20fa14912a

SHA1
15339e2396dfa5d91683cad2ab301602cf819163

SHA256
5019046cf2493cea72603bd4bb1015b173bc34d355822610876914b91887cba1

SHA512
8ee20faccb89f1be2cd92f05c29a8e97591f053137b2d626766e4d7cb512b9724f3a11bad1f563820b7b97d9e6ba405bfbc09a7b7604777b0cfa975a3656e7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
89f4e96cebeff9e69be0761e7e3e687e

SHA1
981f4d3fa2220685eff8f82a11cb20e38b6eae0e

SHA256
7225928a0e52eaae362d7edb7ca30db42495ca3862af1b5f377d135f06918d28

SHA512
a7c05419d3928dccb2e164b4af4a13e79354aabfd056db10039d4f7686f680fd9eb15b3c6b9a81ff5b7b8e673f94a439adace0f244f8ffd236e51b0faf6bb4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
d7993f7da78daaf10ded278f0d5b0657

SHA1
444963b983d851ee073a266bdf419e2b4008e311

SHA256
a2f8c01510c189edd8778cbf1edf638a6b76c1d528ab825a272a3923d208e603

SHA512
26936d24947fdceda39d057cb3f33583053e428db073553a3e4697eecbf537034a44f064d302c599c011197649b5945a55e64ff6a4607677bea17afa948c3d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
ab92d643d7b3c9baefc383a2a394ff5b

SHA1
1c2e6329e3bc3ed197f5ffb8ec10cd617f9ef9ee

SHA256
bc9fa332a29e5258d1638707f479871ec032b20dd9dd1d4a2a82b8bb9a4e8361

SHA512
fc78500b52b7fc25f2b4a16c6050368af8076a48c2a82df897dad371b799298c002499e76facf064a40806310fd804ce1a77ac51efa1a4269f8dd5d2e00ad7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
6c18c532de81ad539be25ec3f68b9c72

SHA1
27ee38d9d5616fe14ae01450d6f8640ce1613884

SHA256
a3adc4e92ab383806d68036c29efa08ad3584181dfc0e574263850691d41ab4a

SHA512
7ea98d42d194c2060625bc42939bae7e23bf5e6b0cb5ba7802d45531675cfb90d9ef05e04109db274a0bd4f71e02e9d62706214e99410fa4fefe62a963098d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
fecbed1ed19b816fd019c696e910c644

SHA1
35b041cc53c44a160442137c400fa7fbe39bda00

SHA256
ec13c2ac740ae37c2567e8f9c43646c174abde1df11a0a9317b1874f976a9c13

SHA512
cd65da97dae50aae00c7c564a01eb0f9751bdf8959aaac9a0b1478599aae687c158d71882b5fa2eb582312fca0aec14b7d6d4c670ac5a6f05a418479e46bbd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
0f817771489e1489bf17c0b044019ea6

SHA1
844fc8698eb44fe8b98b078cbf685eca7674f2b5

SHA256
cec3ad7baee120189ba301896bd21c86e54166e8b8a636d2afa15607c80d48d9

SHA512
af4b4e5916799c747468b423e7ff70cdf1fc06ef56961a149f7d11a5a396f911186b841bdc3b298ac20b986a759e22e1ab070e9cdb209da4c224796f5cd2780a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
ed67aa4baf5c59b8736a9e404f87ae6b

SHA1
837bdee574b8789eb6caaa980da66879f1ac732b

SHA256
11fdb95fa4684e434e07823657b67005b5c827d3e6d5347a46eab773edffed09

SHA512
cfb868c16c58a8c89b1a681ff8d8c3401593ab66f398fd448055510e6002109e95faf79414f2b8ad00569f49b172b35c24606d7261ec0ac1a98a45643b3685fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
2958a676b47c94b52bbcf06fe84c135d

SHA1
a2af2c516e4516e672ee0e1addc4f093f48406f6

SHA256
9bbb71dcef983cd50cb3123f45b4d53de8a35aecf112bd5d5297ead76be310ae

SHA512
6aaea202a9d7c3075dc4c61ba3537c9dc960e081156e6695fa3790ca1bed4ea9d4ae6d4b6a9d5409cb088db9811628fcbff511843c27087b30d36021f1575458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
7b40c9a8bba329fcc61d0640f4bea0d4

SHA1
4db0d4692b2aabef9f2092a9687a132ab7c82ae0

SHA256
e584c29c62eb59bb31792fd519c430ec86840adbb8e547afafec23fae59b5aba

SHA512
6dbeaacc3e2e5463c17d56412321b6334582f74ca0808e263492a4a1a9b9b57e7d6d1490c321607948ec9f26935177dbb3dfc21d75664d2a6ba66b5cdbeffb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5863e5.TMP

Filesize
204B

MD5
17cd1e0d8422de0fc7d9f34ebd0cfb98

SHA1
b8c72bf38d46b6add45f31e9c6e50aee6178106e

SHA256
cdaf634bde0766e307526c633570a7ae01bf364d00b712d30d3009c3dec1274e

SHA512
ae142c316c82cabfd465aff31026d0fd775f70c957d3a734be69d458ad58faee3f3ea25ec2e04866b3b3e6c76f28e546fce20440e7735840c7ef57f1623f9c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
99e3fc22e2edf1fc2e8aa767e6f319e4

SHA1
065663ec95d8c6e3d090121e0729a4268a07ea87

SHA256
dec345d0f7e45b3fb1f735609d7d94fd237e5643df670f2d00f4f5725a89b7cf

SHA512
498d9d32abb2682d8faee5d85fbe8e63913e13655feb7b6e00db399c8b3a19449df3649186448e68d1f549ebeddb8ef962b9913558c2daf0243a86d1bc88c384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d82929dbb29614aef790feef419c0eb1

SHA1
5328ce211090a310ef4fca15992494d8ef24f495

SHA256
c3ad3077a22053c159c2783bd5e7d7895295b0281f5f9983d5b9210118bbd702

SHA512
baead1ef6f02a2121b53c65ef3ffd89e82847afd75e1a96a4cb354759a64384a7be71f9e508c67a2a52473755fe082f220b478041f2eb9bd94ef3583c1661a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a44ad21e604f35c45846caecebd8dd4

SHA1
2a6af6c2fae6214c23a43cf10f3ca396f83a18ff

SHA256
4bc5192c608be2373703500e45f28a1efe6ebfabf7f734de8e013cf88bb73525

SHA512
537df769d1a42d2975ece0816bd62468bd4ce5bbe54fb784f80ada6f7515462e60edeb171f34fc0dfaa3fbb4bbf29e7df45d3bbefd88c85fc4f3cc926ce25617

Download Submit