hxxps://banrural[.]suemp[.]com/

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://banrural.suemp.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
5000	msedge.exe
5000	msedge.exe
2568	identity_helper.exe
2568	identity_helper.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 2020	5000	msedge.exe	84
PID 5000 wrote to memory of 2020	5000	msedge.exe	84
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 4912	5000	msedge.exe	85
PID 5000 wrote to memory of 2808	5000	msedge.exe	86
PID 5000 wrote to memory of 2808	5000	msedge.exe	86
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87
PID 5000 wrote to memory of 3416	5000	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://banrural.suemp.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce28e46f8,0x7ffce28e4708,0x7ffce28e4718
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15310401277443541535,13800838789021354608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0f805f05e2fb4faf0492faef77dffa57

SHA1
6fdb0311c21788dfdedb1742ed2263a603d7a803

SHA256
71d2aeabf6f382ce1626b941f9eecb0c2e7e47cd50dac2b0d8f9ffae9b616453

SHA512
2a14590e6509c44d239e867c48fd738dfde1cf2b40fb29ab2e7826078347f2b5ae5aeca90cb84a171acd17fe8d3d08ce109ff1a511815084596996bda1be99ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
c67e2a18f6d79eb643fc02a4d1987d7c

SHA1
cfc186bdb0f0ce0b2372643503ba7f73e103a4dc

SHA256
801dabf648bd476f6f5cbe1398102789555004f78e16633ae1bbdfd5dd225338

SHA512
9b681b8202e54c6e6be5222caac0856bfb70c82a902b4769011a8f43c32171010aa7a6d0ddd9f6e2d0ba377db2616d01edf4413f56fe972fed8f7eb5c09a42b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
25465b15b7154c9e177a64ff47c53d9b

SHA1
989170c2af990e76642d8e40203ec8e4aa9c6034

SHA256
a4f52834957d6aca6e8014a47ef0528112d6cf31ea100d0fa7103775ea6ceb91

SHA512
57edeab61b3ce7e445d1eae762ec504f343ce9d8b87d88e1864c4c0815cd87e59b0e0434314b693fa79cad7ae32184cd6975081f83622d8fcbccfe272ac83e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14399352760f508bfedfe117e0437ecd

SHA1
7ef4033c378eecd431fe002478b644ab7d59d5d5

SHA256
26ac8d72231c91ea90f11d22cf68e282a98c59baf9b25ef2379c2328d06c280b

SHA512
c888526055be5f13b9e8497f8908851ae947a6a1b983a31c6b29b0a232e1bbe15b0a477b5010313806a188c04f144637a81d47633646ff9b2ac2dcfe13a1d50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d2eb5e64d0bdc68cf0a10ea21df2c39

SHA1
f98269d819c6d15be8175a25372713e0ca62aee5

SHA256
1b90f4d5fea2c65c7232b35909cc8f372122fbb0ac962b2e0f7c0a312aa03ef3

SHA512
7e14165e4f8d2dfc40f998778cc25b92f5dd3e8b41cb63f43c6f5ae144d82ba980aaf07e52633d2ed80ac997c911fc9085065aa12986249438eab776fd3b1051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9e75754149872e123f11986c2d9e546

SHA1
64c468786d0835b0a5b65133b369c83553c6b7e3

SHA256
65b1637a6256aa0ea79844f1bb19459355220bbb7621d5a879abe9aee433ccd7

SHA512
96f9a077b308b81bef386f1d503ed5f70c74817e7f76e831817316fbe63ccf2012023314e4c51953b55009480a1748c572f680e0fcde5c7efddea0f1a9778e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70f9238bb9ce2ada0aa67bf477e4007b

SHA1
ca2d435a5088e7986f4d552fb2215b76d407d6a8

SHA256
a411b35656cf55b88230bbc35cfb099031461b04c6b099c0a49ef67a4698f5d8

SHA512
27554c90472cc689823cbeaabf71b1b9c76f44942c41d3561eada77f3737fafc0d7136854bd609c87bd22983373a623b9de28c676a8eb5e7b0a573cf356ef23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
03297926b753ae5883c44541a0c25e7b

SHA1
a46cbc9ade133f1879bcc2b8c4c9719640288f52

SHA256
1b05360d7475a27541435593f12c058be6b43fa3d3c498dffc1445e6fd3f9879

SHA512
0067d2362eea4b5138458a27ac64129cd61f0de30af50178c9a19c6ca8949f823ba7902649d5f32038b754f574a0cc447cbcaa28a4e215e3a5cee163bb0302ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
82e67f1e2d601ea2efe92311f962ae1f

SHA1
82abdb4ac3f08e2abc7fdccbee6d0540721eabe9

SHA256
dbcb709d3ca5c15da60d78670826993eade468a09fc128c0ff57322e4e1cc97a

SHA512
54a4b426eb16ec494a341454e65c089a7479f3e6d1b1b617afddcdc0e4079e481d644f5c35e020dcdc29e3df2721b217702864bc3226b22242aa004b19bfb724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
12a25d106e7ccf30b968bb4cfbc3955e

SHA1
1debcc554b20602506857ee32303232ab90b860f

SHA256
7ca61b778c4fd97f6227a48fb41be5575ff53e1c214cb1c4ffa74e60157646bc

SHA512
19a5271e7c8908edc8a46929732abdee3f54a09b4c8ed3bf48075741124052cabd6a906d6d3ebf1b73359ac598b7750f10120d618a6ddbb7bd6710b745c67042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582565.TMP

Filesize
204B

MD5
778a47f68b09da34864f453da1bfd999

SHA1
56bd44019eb47697cf4ffb2f7d8bdb03b1b45de9

SHA256
f82356ca5d6cf134382fa8e7bce2ca218e76318e9061644162d9bb1e8706bb6c

SHA512
13947b1cf1deac759c95ed7cf2c7ca6f56539f717baaf8104d372e807a7ca10985b30e06012f71b51d63d1ef53559993685a7da5ade2135f5ca2e7c8be88ddec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e700992e-1a9c-40ee-8d16-9d51f28ea927.tmp

Filesize
5KB

MD5
92a235e2b71d2b32fa51bb668d3c071f

SHA1
6b9aaf6b966c6bcf6ff17dbe7e12648eaba09b62

SHA256
55b322d3d2a562195961d67d014ad4984253a1f435235d0d175c3cfec60ff7a0

SHA512
ffb9d469ff0deb3efd694c919602530d0b5e654c8c5f73afd66f60ba07f1f07ba28d3ed1b98017d1746dbb099fb79b9f8800e038742502fb06fc8550eb3f5cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88d4c17ae5c4d96461497c6505b0d99e

SHA1
cb8b5e969258b15660b8ed6514acc2fc42423259

SHA256
3aaa4a957b162d267a310c8e8ebf619694ac9b05f770a18fa44ece6ee3070260

SHA512
fac64d2f3a555b15b1bffe4cd142a4fffb5b1bc48852347481a9db2a4191e7e0dfd6c2da60ad741d9fca694afddf99f29fa05d5d9216b20a77b3ebe7cefaae44

Download Submit