hxxps://www[.]abnamro[.]nl/en/personal/overabnamro/secure-banking/recognising-fraud/fraud-by-phone[.]html?ext=reply_valse_email_telefonische_oplichting

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.abnamro.nl/en/personal/overabnamro/secure-banking/recognising-fraud/fraud-by-phone.html?ext=reply_valse_email_telefonische_oplichting

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4448	msedge.exe
4448	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 1740	4448	msedge.exe	83
PID 4448 wrote to memory of 1740	4448	msedge.exe	83
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4524	4448	msedge.exe	85
PID 4448 wrote to memory of 4984	4448	msedge.exe	84
PID 4448 wrote to memory of 4984	4448	msedge.exe	84
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86
PID 4448 wrote to memory of 636	4448	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.abnamro.nl/en/personal/overabnamro/secure-banking/recognising-fraud/fraud-by-phone.html?ext=reply_valse_email_telefonische_oplichting
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe69af46f8,0x7ffe69af4708,0x7ffe69af4718
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
51b169a46d90d414afd03f8b4f02a298

SHA1
b6526cefdf1fce4acd8e363f802dd37586e8331d

SHA256
d6a38280727c88324ea67ef0165f2a26c1561af984c7dca06ae08999f733fe7a

SHA512
681584fbebc02a198bafea9b926ed0f632604afa64a53d3db39e52af664a4e55ce9592b658b5c86a1cf4faebb3dc23bf3ef9080d124bbd54c71061f1a199a13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b3293d74f9bfe3b546e19c3886135397

SHA1
810402d4808a10d971e3adeb02f27bc64f2cc391

SHA256
60818a9f7954963b7d4954295e59196666786f2300147c65755e49518c51de67

SHA512
65eb6bf5b0d6f014f6c53bcac89006fe3f4039f1b1ba91911b20b6ff7ec08d8e3a2d62e4f22e5d702cc9c1c3f441a65fa7807d4904df3856315f986d3915552b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3824bcc552f4aa10952c9ba714740fc

SHA1
010ff18c76d1d73c7540683c1ea6fd1bdf79f6b6

SHA256
c275fbc11b3baf4e6d86194521c9022721c958ca49b547b2b400009469ad2503

SHA512
075d779146b2ac5d1f399f3014991da51d9b1c83d98794b3111857e24ba5ec08f83ef93275e656ef585bfc1f9fab1f9bd6c4cd6d79937cac33461a53e3562874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1dff0932bf0edbb26a9f00f70f46d0f

SHA1
dc521a23e4f3e52e8db1e7eb1b17e11f548ab3e2

SHA256
ad45c62a9bc45956884cf4920e7d3b79c431edbac5493fd19db644b882e87037

SHA512
8d9adf4dd2acad01baa7521995c0275e63cad29835adb1a735cdba8b9eac16c2d0a4593ee9bd5b5b88555f7838025548acb360c808b98ea5b3ab2b046e82ac6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b5149680f6c7814d134996f77f1ba71

SHA1
f808694c47b2e78857529ed56c877a9c23fcbfb0

SHA256
6ac9aa9d07fa09763bf50bba8d6ab591ddcc1cdc71ff6cfed28906abbd5807af

SHA512
9dff36792ea09fdafcba6bd81100a2e78aa629b71e3cf45278e3612434e137ecc531f29562828a2ed2aff866eef2ccb5d7cd26723bc36588cbf8b39b86060dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec156c807fd679e554872e32a4a257ad

SHA1
49a1ee7c2ea2f18ae7f220740a119e3264326fed

SHA256
2d1e11d927c8641a1284d3bdbd9ae173e14b6d1626d75e32e0253bba1b0db409

SHA512
9ac32052499907883eec6c1e3afca878690607887d4fd9fc95ba7a230e8ca8e9c5c1becbd357a9579220b6e4ae142df51736874f04a1eee760ef9571db3ca87e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04befbc10cfc3aa361e8447f7a1c0f34

SHA1
0384a5536190a1966035bbe789147dfdfe954d32

SHA256
b1e20a0dece9b8e8e4677995a55d4dd5d1dd664a64e198c7683a012ce115e8d2

SHA512
c21dd6a9694d53cc0c936fc13d8bc77586e677c2131e33f0cc1cceaed0968f9424146d53573a79290dc43f66f596df8ba89f94db85310d9dbea660790ae9dc28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584040.TMP

Filesize
872B

MD5
27a8f8f5b5f6e2cd7e54529758256a34

SHA1
373a281d2521c65f42c1088fe73aedcde70e907d

SHA256
b57e1b43dd81321c873658636878a3117b6d0e7d6866c3c968f2a1a7d7df5d00

SHA512
b8acc75512bfc811f77a41b9b6f7bb515ad05b4e3eb84cc48dc4b14b09aa05e71375139d4d27297587262e7749cdc656d442938417e5867b0caeb6f8274182b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b9b79e2be434f1dd9357d3de682f38e8

SHA1
b31e1c230a4833ee7fb7348dff630ee7c87ec327

SHA256
3f9bb965894dbae577948a9071dcf5863e590ead4ad44e12f7c88617b1d2343e

SHA512
41629e4807cb779c228d04e06d06a8b1a38463148c204f9dc2fb1f386e453547f2789170322c4a47dca5747bd36e9a03a017e81e34592e72a3f45457202e1b42

Download Submit