hxxps://pypd[.]paypal-mktg[.]com

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2024, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pypd.paypal-mktg.com

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
432	msedge.exe
432	msedge.exe
3624	identity_helper.exe
3624	identity_helper.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 3096	432	msedge.exe	82
PID 432 wrote to memory of 3096	432	msedge.exe	82
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 1632	432	msedge.exe	83
PID 432 wrote to memory of 4656	432	msedge.exe	84
PID 432 wrote to memory of 4656	432	msedge.exe	84
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85
PID 432 wrote to memory of 3140	432	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pypd.paypal-mktg.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab23f46f8,0x7ffab23f4708,0x7ffab23f4718
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5269218481118432380,8357967037290097931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
215KB

MD5
505e09c540405320839973335aaad8d3

SHA1
561984af748d012a17097f0217aed1cce9df9b5d

SHA256
73725bbd9a7e1963f9661d2ea919fde145bff986774535d28ba06b0265c6e5f8

SHA512
aaaead5b0d3a76d51618bfac3d9675fe9d70be5f9ab1c5a1945335712ec7dfdf6801674c4d8ebc88d8c5866d766d4ed9e7cecab5cfc7d7da07563a33fac7ad96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
3fbf28bdb56ed49756bcf269222424dc

SHA1
a8d9e73f8e5c05e0023baeb35be5c10ff6ae10f7

SHA256
f1512b73d97237f6c3355d652e92e585943b1248da1a10439a3d507cb2480966

SHA512
7220557f308c0946f61eb71cadf3e3d9b1acb8dc0891d5cba00151adbc9344c09a5540ab018ca63c834066a262e99e4de556bbc9d20dd398be1dcf9f6dc8ccb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
feed336f418da4c8ef33b678efd1ab41

SHA1
35ec7a00069f2331ebcfc28d04c97cfaa241cb97

SHA256
9c30c4942c5102670c156280e4c507f61285a955da42d1da87c7986388bf46d1

SHA512
0ce26e055e2e6a565d3f6436c18a41db20f7c7773a1331cdbe069a1a92dca4cf6b57c71fba910bef46bf39983d4ab522f82392130fdd114bf2915c984919607f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cee13abe50bfafc1f83026adfbdb42a4

SHA1
4a5f1d2244acfd67996dacfc3b3370fd67be0ada

SHA256
8cff0814dc10abad1b3b14c9363e025fc4d53a6f14d2077649145034defd6ec0

SHA512
f96d3f2db8ee965f5e2aece10820bf1dfe73d7b9d885475b22898fcd6b5db63b75c63aafde4337eccfc51e235c8e9099ec2e8708dd62f8959e939ae35269635f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36b183945d69f622e8aad7ecc8e72b7e

SHA1
f2079852170a1f982086db39d194e208cabfc184

SHA256
2ad8a7f973613f47f47b31404b5f11f4134530b49e83728e420fd7852ada4f61

SHA512
bc6f32362e0a5805ec3f9ce4f366e162c54b311e6f248ee6fcbe42efe5bde78d9822dd7b70469751ae76fe1373826589fe91670958690d0b72abf67a3b78d868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3afd02eb675ed8b2c0cfd9107154acf

SHA1
3681b8ae9e09833f519e46178456eea4b54c37e5

SHA256
87eec5831e8f3b3b1b3bbc7aa1440ecab31df33df6c2213ee8d46e2869fdc1c4

SHA512
5c19e64a25e172af1b5561a68037ae4e8afce49d07b9ef448c1b54474560eb62c9de6594288c6d91a8ed46f561202054840833c5dedcbfdca585c8feb755397a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
a613aeaa4acf9cb8e5105e0b360ed03d

SHA1
1ffe7bc1c76ea8b2da158c01a2d02fbd773759b4

SHA256
1c6246c256777197e370138b7c6885216aa8ceea5db0236f62534c0a8e1431c2

SHA512
b71049b90e48e8118a57bd5658c10c5214b0832b0f267e0c2aa6833d4aaf5d13c5a122a4ce41132862019ee10ea65712d7ed5709a0d23c566e9fa74c499354ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
61bdbbf4c10e3429db768b512b9e7d73

SHA1
4c585b14037a5ffc546899a4db97b30f94bc19a3

SHA256
cf7785c315e6ccd9c92701d6d900e1408bace2ecb57d8eeb062fcee517048592

SHA512
d7474ab35f26f43a27e3ee33854ed5a130f596d678b57b36e5f1c1e9de14c257448f11374470e175652929e673cba0e544ecd5bab33556b6b3fab17cc04ec1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
25b10bbf4531cb76e66e80680b7d6fe3

SHA1
a42f4dede6c26f437938f47f8ebada808a4201c6

SHA256
0b42d7eb22dc27075b21d338572d571cd5dc2cefe70313bdb80864ae666865e0

SHA512
545585194e162d148de790992516a7dca012e05fb804ffaac4ada3e32c0e6003e5c5b04a32c178b57d1c0bbd7640c490d5ccc2b991c5108f733ede47b8ce628d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbe9.TMP

Filesize
704B

MD5
15777ff8e568d6b3f3c5a729ca3a1a2b

SHA1
0d8185e6ce639e63b5d18052284d8669838fc9f7

SHA256
83e737a7a04d5c8a81440b1ec77bdd594fe51c7b800f430d2fcdecef97dd4b00

SHA512
8e31a9be86a81e33e783205f425b5286a65cc1165968e985cc1e6ef3def1901550b97708058fe029ed279f9ebe426f889da942a8eb3f8b078957c0fc7a837af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
348a1e89fda11b5a08338c1aebb0297f

SHA1
1647c15379d20cf64a266f2f5fa4ddf823356c13

SHA256
4402534790e3a4863807a2954212c574f4d23a43940c8f18159340b6a05eb8d4

SHA512
759f32ee07b09aeaddeb314f0babd2cc083e253e531aa08b32b6ae2ab810c26bed99fac272eddc2af10c6f38647505c4ed60a7a504959fe11474188f2c531c3b

Download Submit