hxxp://abnamro[.]de[.]com[.]rigsave-trade[.]com

Analysis

max time kernel
538s
max time network
583s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://abnamro.de.com.rigsave-trade.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
1380	msedge.exe
1380	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 5080	1380	msedge.exe	14
PID 1380 wrote to memory of 5080	1380	msedge.exe	14
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3460	1380	msedge.exe	28
PID 1380 wrote to memory of 3160	1380	msedge.exe	18
PID 1380 wrote to memory of 3160	1380	msedge.exe	18
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27
PID 1380 wrote to memory of 2408	1380	msedge.exe	27

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd2a246f8,0x7ffdd2a24708,0x7ffdd2a24718
1⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://abnamro.de.com.rigsave-trade.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11809458076563105272,3881312728034644377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
52KB

MD5
cdd448ea4cf739fdc267c805ee4e109b

SHA1
470aa8906f5a6c70591b01049c4a25401687e1a0

SHA256
333a0990f6540f95ebdf29608452829eb34214ce6aa4406a3f1b8a15970182a7

SHA512
363c527c04190acadbec85c3832b08b02e7c9c0d16fb28a6f93e6c751cea07fc28fa1d5db50bf3042dea0f45a523b5d1f805e21ba8a6fb5f0f5c2b7ce043b12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
75KB

MD5
59c654aaf480a04a658ba70a99be9f7b

SHA1
e99794637b0f4aeb5a8cad516074b141b07d4de1

SHA256
f25eb525be35b7088f44be2bf7329b3ce1be0ca3346ffd2350e9dbb267cc88f1

SHA512
e07ce48d465774994b999bc8355b45bc4c2cc7df3d0aa7a687ddca314aafb272adc1e2de0af20bde6656267c765678d5ae5a4636d34775e6693ba2f8ea4ecc22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
68KB

MD5
f4fc3a72c1f9edf17820cdfe6b74f07d

SHA1
32a72792ed4f01d422375c53256d70b8c999d150

SHA256
a4eb9f8f535cac4a0f7e4d1cdece60a5f47f5935daac47919b00121044da55c0

SHA512
27582947cc2d24a38fca7a0286819468a2b6b8c0c5ba45ce4bfe4b931a7712343e74d905bcef34426a5bafcf66e7ac50e7c9e2bd76b4636430455472dfc34329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d499695efd4b5965528cc470e210051e

SHA1
4c1c2ddc2ee0b51d90464b155ac9a4c9ae37488b

SHA256
5dbe15a51931fb40f3c9a9e79b728f4169ca560d2e721a1ac3263c5bda357688

SHA512
08abc70ff03913f9d175202c72ed6e7fb6418bf3d0eddf1d4ba7f3558c31058b0ff141ef29a31bcd9fea40275ad86615a07e453dcd8330b8b973075dba0545dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0a5cfdc599a8d29_0

Filesize
284B

MD5
9b9cef32b7bbcf67b9145dfb847f7c93

SHA1
0535e155d4d1e077cca7cfb476d1f76e31fdc6f5

SHA256
ccc4fedf921b76689636fd75366f27cf46f5e21a7e82406839aab83f5d028a53

SHA512
03d03bf89b1a819fe0f29db43e41d1954b6c6c87d8e9ba24be59368f381739788f6e539d6a910a3a11fb7c2e21c2c03b5030b2a646c182557b6ce64b9656db4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e5a55697be400d567a5f9c070c87c04c

SHA1
fa26b61a3f99a0841aaa1f32aa80249e48b5215f

SHA256
6c9163c85fd15ee25808e6d90cc05c6026d0ed9c6d71d99b1d997024d4659cca

SHA512
a91374d122d232e601e868ff7e7bee89d6d97a50c25affd4ad22fb6df1ee6f5223c876adefe6dda0c5f26a63fb82f3156217b39460564b47ea45cbeacf95e001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
65d1fd69f09b0aefcd8a18d6a746f23c

SHA1
002af9ad26bf0166e9954f0fe27a5b3e116f8e0e

SHA256
5af0eb16aa28f94645c90fb0253e8d69c812732e13cb9e95e5b088a54506eba1

SHA512
21f445f0d4881e4cd46a5e00562c3e1a428e470d83a7598a7f0b8e50c845181926d2a73f07f1251fc759bbb39a9ccc3392746eb28b314ceaddcb98b68d437481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c069a45a44b7429fcd96f844f93ffd15

SHA1
e5def0bbc72b6f1559990c8ead8f917e9892c66f

SHA256
4c7a17c8d6ae0f78968bdea0beb9fd25c51697d17703ccd54aa091746a8d653a

SHA512
27e0fcf92b8038b44875299026998a9c00f46ec512aa07a22b8e3740c402ab1a17818f7be3105b7dc900fc0746d72e1c3a78d7934b555317c289174e3fc16a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a65286d5a58d83eb6a3114d3dc5956a

SHA1
3ec56b095c5479a02b5dfce7f4c04e401ef60bd8

SHA256
1134602df8d40e814306bff80e58772d1e56ddbe19d4ffa9853bb8ca473fc4ab

SHA512
e0ce5c23a923a78e63df238526f4e29298dccc625a4382d16d730020ca169fae750bdb3d8ce2597a6b24f0016eb550f014eb0f1af7ce8ef9a4fb71d7a3cb3ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
91e6b3c5bd78506b03af9617da2320b4

SHA1
c1d5a97db9e1dcc63e9577dcf152498ba5ecacdd

SHA256
645ea7a7d682cd44942be47f1650ac061aa9b26c8bae195c456fe624cf83769f

SHA512
31add8ede39bf256ea6059ee6d610ff8fb1d7e57c3dd67502e480f01cf48e0f5cee65336f532e346d56d6eb95aa7ad03d6f896fdf6dc745b4478217541d1d38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b0d2b6ee9b37c39d7d159992e1eff418

SHA1
296cc396146c284149a21835b720f7e2490474bb

SHA256
3b8fefc6a29fdfcd43b4bd1771e9ed9e907cd10d9c31d0c50b503622cb02a151

SHA512
521eb37c22565d1fe443487a6638d928361b84fc45537fb899c1e61862201b1b76e4bc844542d702c88f93d15dc12b35ed96390745537a625ffec9c3c64fc235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8e011ab02b76449c5c8b5e3af167f2c

SHA1
73687f909be4389d295a6662bc110858feccc633

SHA256
e403a1bda825ba1fd86c651d9a2f707c5e7f28d8f9faef577b4c45aaecd94d18

SHA512
3296c877c3e7c9a9e0ef0006c63d203546bd454acfa9ad5a4756986078c296bf526f1604d194e06c6b810869e8482f1497b44ef4db007ca4b87bef2431a17440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22581dba9b753111df84c182049c1810

SHA1
d3a38d7a775cd012ffd0855f67c683187656196b

SHA256
0abbe3a699091d0ab78ac12f2fcf6514e34b6e4cf9ed2f0e8bda7f9d4eddbaba

SHA512
34dd56505c224ccf7f7ca7994082dd25ddd2593030c5462c58e3d1b1443089d01b11016ab3a97f4ff7377b332df0b3f9f20d2c00af3f1ede69e269a12a419189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
948acdca518faf79b3ba4f379d0ab2ec

SHA1
8e786ba3c03412a5ece8a0f74cdcc96b9c7f40d4

SHA256
67a7c366081f6966bca1d78c00eef6cc9d73a740b919064b6b3be272f2fb1f0f

SHA512
c2ff5014b5a99333a3d1796166faf3f6d8b1041739dd3acfbc42d557b24e152147358857a65a1e73927e836be04cd46a46f19ee61897febd6ff8a63f0de1476c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
979dd629cdccea6e1d1ccf05d26fc057

SHA1
1762ec9b4c8f6f9b2721a5d212aba61e004a3e5c

SHA256
998e918e8b7086c8368d23f008d22fd2404222bf059b8a837873bfef06b745bf

SHA512
b5659195ea610d9418d200be97b5307071cde6df11542306d6ef446c4ae69c5b3bae7b8cbaa44fc106eb9fb33b8a90bd20c3aed6cd4092fe421ad7b9f68ec0bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
458c044e8150992556d4bd7789909a25

SHA1
e7c48ee1864e1ab1f536178377ebcf2d785fec5d

SHA256
f452bc5a9ceb95fc49d3c81c7f01bf2e0116443caee2d3a24ebcfad2d33c1bff

SHA512
4d4cc2dfe8f2ce913e92ac322932dbde90c091ed39509a45381ba8019d321a49aa3ec35d6eed4088322eba412ce35b6ed7eedc726211cfa15a160e05df03ac4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3627afc4c9ced140433ad0d38b00e1dc

SHA1
78e106159968d0fdc63f74e0d10c0736197b2fcf

SHA256
785301e83a7da351016e006e7ea20a55d088ba491f2a00da072520dbc7ba5520

SHA512
90658a213ba7dd0996c73a047ad9aadf3d03fcf5326c7d68f26cb21b46277424281f8f98117f028a9270445deca0f8afde1fe557b5df9278a4c917f3c9559522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7dc7ad86f80eb47e804f9705c88c06c

SHA1
bbd870b9351a41352e4ee7f5d604803bfbf3068c

SHA256
96a2319181bd8c2fd737724de778b93423a93ddd007b05e77f3bf5270873a3f3

SHA512
594dd5c5917944262f1886189b7ec09cf1ab3a265d116d9361d3ccd84b66027daf2eaba7e02554194eecaf229999b7386da7d1da4ff4d4f118a902783381aca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f031884fbb2e150ae915e316d980a09

SHA1
ccb279be64d4a31af08fefbcefe2a46849b635cd

SHA256
aa00c5ba4c440859d414989ce803ee50c451680a75ae2d663ab112dc02228bf9

SHA512
fbaadb17767ed66b2ea5fbad2831288a3c8592efe17c38415413c368997a3ca958ccb93cc79ca6134758f87043e7d697faaadd98409190a4d882e31ea39ee6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84d6527700f2a80dda0b3c4f7df75850

SHA1
ab7d8ac93a3dbaea5a6209f274ed32ae3f2a4e0a

SHA256
e7d8b95101d2411e936376cc610198c64184f79c3b162b2ae5b8445ebbb9bf0c

SHA512
884f526411d3c88dc0b1b5059126378367f269a03761e13a8073bbd018e83cb362d6c176e039109997b03cbd1d5603dd9b5a5e59c4ca1792d7fc21380ab938e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11ea3ba8c305d952ac27015f17f9add0

SHA1
b3a19cb28580a7c080b917f3290a47e45f5ce207

SHA256
5839b4841c2b3fdd764170dc0ef8c538bc36832b70100ccf7fd5db1b71312d75

SHA512
bcbee3d9f9211d5fcc9c64f05e08ce4b01fe68f8afb48cce562243db8571acc8841c34aa67b6db06b5180ef43f73ed262f80a73f0b884cde61b53eed7cba499b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efb1dd078e42dd0aa262c4873a41fe18

SHA1
c80a514b330aa850f5b4715fa7971af72967fa1c

SHA256
2add62c7cd985b61a8cecd0ac52d4d979f1ba7291974655da114fb96a29423c8

SHA512
1fd6d2de49e21b37d3537aefa10107d39a98b403cd8ea6d87f43d69f6e7a5625fbfb7220c68bfc51b60eddd3bd83eb0434cb6e618d1af414a0ef8ce45d0aee8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a01b6e10f4c0b7ac0086ab6dcf7e9189

SHA1
9ccedf7a8e21e0e9d334840edf6da80b9cc6194c

SHA256
8f695ca240e9a1e8b2c0b34d5fbb758e736cefabbef1ec6f20fb7e623e34ca54

SHA512
8950982353d9306fac567a9744873ae5572dd9de7246bbe0468a90f28838a2a89326e180de6e841b7c0a4676f035ea61be127f8dfa1165d85e4fb1c098b61fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eab7fda3745feaf7cbfaf0be4f3f2bfc

SHA1
56aa9128e5647549d02540e68e1b07915fb88603

SHA256
58c74d84ee4aa4b6d78a10fdf9fa1d782faef920f844b23cfe12e8aef59ba86c

SHA512
518a3e2c9ea11f4329e99e4c5cdf9304ee16775da7ceac693b7421eb8bb64aea0043faef314b640c87383c2c22a3cee623ec49a293144f902e4333be38051910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab02fcfda47515c9546f43872e496514

SHA1
b6495a4ab8f014633bbb8fb76c7089bb5fcc7bc9

SHA256
dcc8adf22e54a1c4e34bf13865d8fdf4870edda3d277fdfd5770adbdc6b5895b

SHA512
f1a8eafc3c429dab6c59b3a6dbe22fa564fc1107c14dc68f8ae33953d804d54c8739abdcb04e452ae297d9c8d3055fa81a92485797fb51c3bdee4d7e85084a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b06a7d3a5c8bcc2c6d0f9ab5404d3235

SHA1
345d7c7f35e3f10dc1372021998f0a0c54dd81ec

SHA256
624a7c68372fc07dea1c8185333d82f61417cb26c30bc57085ee9026332e40d2

SHA512
9e062d7cc10fca4b0b1c2080e26b971d0244f96482c6a2c2d2b8556b239c57d220c2a96c52d7df758707bc989105fc54eaa0f02b04560efbbf96f1acd5892803

Download Submit