hxxp://abnamro-open[.]hgmsite[.]nl

Analysis

max time kernel
87s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 08:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://abnamro-open.hgmsite.nl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
1696	msedge.exe
1696	msedge.exe
428	identity_helper.exe
428	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 1784	1696	msedge.exe	84
PID 1696 wrote to memory of 1784	1696	msedge.exe	84
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 2668	1696	msedge.exe	87
PID 1696 wrote to memory of 3836	1696	msedge.exe	85
PID 1696 wrote to memory of 3836	1696	msedge.exe	85
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86
PID 1696 wrote to memory of 2180	1696	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://abnamro-open.hgmsite.nl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92e246f8,0x7ffd92e24708,0x7ffd92e24718
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1898326699471859943,15807153883290637845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
29KB

MD5
fc3a54126b60aabb257a03ee7368bccc

SHA1
2a52d4a13d6025b116c7e2670d8f15b00731100c

SHA256
2403e1a1abbaa8f911da32a55052a95352a23250d3caf33cfd9246e4084fcac2

SHA512
9ad6ed709ca7da4609e33758d4fcfeede77b7a56f5f8fa2919073695baf49211fabf6905be9ef778e0a060cd11260d0e6eadf4fc0f056dedcda23140640a6622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
68KB

MD5
3ecea4d5636a8e110d8e7bb00fb01107

SHA1
fe40fc623e210f76ed60be4d58b83f2732a0ca33

SHA256
ddbbf9dfa608f892c4c89a0758d7720c7c17bd7621133d36d10ced3ed11cf6c7

SHA512
b75538a911ecbbe9f9567d08e44f03c01f003207685f7fc812eb2426a85a247ad3fea47fd197fdf4bb4ffc52d1e2168b96970c88a97db64636d039a549d85875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
129KB

MD5
bcb0c68d815d866746f00bfa608bd09a

SHA1
93ff5f252b4b5cfa1debe072b53d0799f20c9407

SHA256
51a060dda4163297319792af645e33bf12269e554cd8e1e959f5f59f3a120574

SHA512
f4c29500bfea5b4abd8a797b9d9b422dea83e606666d558f160ce25720c1e366325f96a46adbe65180943de0d318826daf7190e0e3830165cbfcda210775d6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
39KB

MD5
2a78615f64fe4d98b0285daedc622c9b

SHA1
84375e73431825658c77e02a19b59db97269fff4

SHA256
4e59163c417fe483249618dcf8f76863ed937b489b5abff479098fb6b8651db6

SHA512
80ed1b93bcd44822edac40412fd4dd422ffa9b056feba3574a94c88223340d517b10baa83fb5aebb4eb57cc8563b5d495475b2286e5819dd04d8a4c7ba6dd764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
78KB

MD5
8e1ed89b6ccb8ce41faf5cb672677105

SHA1
9b592048b9062b00f0b2dd782d70a95b7dc69b83

SHA256
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7

SHA512
e2f6b4574cb1541dff6852d0af44faae80286110e8451841eade4b53ebdf31150602640fe1bdfff41459ea4ae884d14d115fbc93b30d199c87b88f5d07e4cd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
76KB

MD5
f075c50f89795e4cdb4d45b51f1a6800

SHA1
f726c4275bb494a045fde059175f072de06c01df

SHA256
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

SHA512
5f4f35e9acdb825a245e678a834b2bc6d5c302693fffc3497717024c2d8385ffdeb233d4d7f368f1356a2adfcaab0a89157edbcca45b9f310f1cdd7f44cac955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
50KB

MD5
b904fcdf1c4c6059fadd6893a7bc7619

SHA1
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc

SHA256
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

SHA512
1d86e3c2e83265db1e9b244b749dce0bf39944302ca01ff3123aa5f1cf2cf562774ba344b9d4b2c65da33126ab0a5d80e37d448a794dce7f9f797f9544938503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
18KB

MD5
2cd1a49f39f2bf06f69f625860314004

SHA1
da4a607f795159b077622ad4af7a5ee790185020

SHA256
57de8c6b888bb67fc961fa33d1ebcd2f6294d1935401dc47db726481e026fc91

SHA512
f2d478d3b20f887220cc5ebb7a794c4ad8e789127da1bf071774ba178a61808affa7efed347e2229c85cdd1034122c2ce77cd415504df6d9bcf2a6ac8826fd65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d92cf03298cb10f3e7b0ba1a73f2e72d

SHA1
50d91afb0ebd1cf2c76c14afe60ee12b1befc45e

SHA256
e1f6cd656de6a996789387cf80eba987b68eb249ea4f00dc3e0a0abb1cd062ad

SHA512
cf2ded5c2d4942925bb10d347ad1082ed197f98a33d261920e6a0a22c6bb926fb032a56c822b46085226d3be3b46e4a2afe7578d1bf393fe6b4b0fe3f2d0dd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
520d2ccc7811157d171ff1678cf7a901

SHA1
0ce478abfd6aebafbd1240d0099c56b036dcabe0

SHA256
bd7ea342a34b7475fbdc84a42a625e51bbdae0bad6271bbb529cbe2c2926635b

SHA512
4d409ee921edc3c017580e55d3087b9e78eccc188b0738346180aa40543327d527c81000e90a2d267d535adb9d70c77bc724910655b2d8095dcd7486abcb0312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
677B

MD5
a27d282cc894cf8711f879d9f4ef624e

SHA1
387d91c778ca7dcafdc234461e6c879a8fd4ed13

SHA256
0ac59bdee543f5c4cb51b02f7fee99c53638cdc3f816249530a932a686c5fb7f

SHA512
c58f4eda0f7730532ad702db605fd00c1a03ac36b6afb36e858c27959d7d94fe6c187c7b2edad9081faa5a0782381d0024607128dfc6e79deeb740097476528a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00eead1b03781236fd268ed8431ee1a1

SHA1
6bcd3c4c9aa73261189fa226f56627ce8812ba0b

SHA256
a7829fc7ace93e4c1f42f096dc834f4996747feca72b66f9fb58c2e220ba107e

SHA512
c1e8617bc4d4b2d11ce918c5cd01cde0b2741a6882c4f7798091921b19934de750f737600d613919ec1e9d43eabd1291bed6c829b0ba59783e6942fccee98a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6edae4b855296b6966efa63c89315d92

SHA1
1c747e7e822238b5732260234134d88089c5f23e

SHA256
dab953bf9a43461ba628d1621b845c54d937360726a6307b4c55ee90b82bd728

SHA512
069c1840ce8b3c1d57f1c9af811b9bd2808ec62a8f8438e81e3d601c8d6a6cc3c614e3deb09c0df1d945d9269794bcb61d2ad80655982fedb020ff1a747185d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b04989f7d694be7e1e08ea44a98f0d64

SHA1
1f3a395ea6f58390f97aea644d0df47d2321bfb9

SHA256
420df25604b86ee3db82879d766cb72703c8db32eb1e316cbe7625c7839ec605

SHA512
4bda251f1591c81b57640aadd3996d1fd8e0df5147e35de5ccf1dabc348717ce10868b1f5bf4b13e9f3c7dcd76bf5c4aa9494159d0c26d823d4fdc2f2a5bcef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fc904c09f54a8e293e3c1960c3d196b

SHA1
146c7705ba47416a4baa7e08e52c8c1c22cf20cd

SHA256
66cf93a6c87df2151b6e1b11028bd3cc27b4bd6de1576d475e40bd1cd1c84405

SHA512
76c30be28581ae4d2ea749e61c4220e5f944035978d96d7391fd2dea588ec23ed13626e896c23865d38df39859c92891c04dfe8d7e5ab81a658397938394c070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a9bfc7cf84c7eb93e5d47bc0f2143615

SHA1
fafddd5b4aca0118d232c92aafbc5169bbc27c6a

SHA256
23846898f40e8f88bc009e8d9c6a4590293f9fd689fc3537713f37cf557cdbcd

SHA512
7fa791d77225bae16556de56392eb66b1b60dbab70137556969b33e39d174bf3871731e3015ca06cad18d40beab4541a5e8547ea35e347947cac20ca5afde70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afc8d399f018a70c3b2e4163ad28ce0b

SHA1
027d71a3a3c8d14dbcf61b049d4f127aa27c2b0d

SHA256
26f885eadce45503be1bda41d6d800bba6e458cb1ca43e72ec066bc41c504af1

SHA512
c047d9d605cb7df2717c4598588398154c4bc2bbf73c1d32f842a45ff741fcac312619a373882b5f74c25ebad8055736d13a2f449b032cd70555834e543ddc3e

Download Submit