hxxps://www[.]paypal[.]com/invoice/p/#INV2-33Z3-M7LQ-2Q46-RXSD

Analysis

max time kernel
202s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.paypal.com/invoice/p/#INV2-33Z3-M7LQ-2Q46-RXSD

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4280	msedge.exe
4280	msedge.exe
1596	msedge.exe
1596	msedge.exe
1620	identity_helper.exe
1620	identity_helper.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 1856	1596	msedge.exe	82
PID 1596 wrote to memory of 1856	1596	msedge.exe	82
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4236	1596	msedge.exe	83
PID 1596 wrote to memory of 4280	1596	msedge.exe	84
PID 1596 wrote to memory of 4280	1596	msedge.exe	84
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85
PID 1596 wrote to memory of 3644	1596	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/invoice/p/#INV2-33Z3-M7LQ-2Q46-RXSD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f7dc46f8,0x7ff9f7dc4708,0x7ff9f7dc4718
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13128103964721525280,7551769834005412340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
642e2e8930d9fa52c98625e42de4d2cd

SHA1
1db1ee379b4012ded612a71e23281bf322eb19d3

SHA256
8a539036d026a175e97858cba18410fc7c340f409b594c91339af57ddfa5d98f

SHA512
871376c783a70a004b28f7b0c29dc977bcaafc52ca2c68d9b9c67710df3062a711333957404b08046c9defb9fb70e29ad641b6121210f9265c35c882f6ce0df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c003b7055f6a9c46a63115e9a9b496e6

SHA1
b8b053dda65ab12d7c6eba8f36a0a0605a9bb5b0

SHA256
e9f6b9aad48dda5e3d67b6d8208ead6034f315ccb2176c8829743026d136786c

SHA512
ef8165a626b4063c096e5c003794d6eea5a9a8597c4b248532e89b81858e845ba481afcc0b1cc7925b25b58010f817980c09ef9581a06f345130693776e20fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a51942f1a38c818cc4d6c70c4cad7961

SHA1
1d7862277f40622059822e8e4c0208af17161c94

SHA256
8b196d96cf667c4df91b13a70138d7f5d5aa2d43a4e9c1e042fb12b2512740d9

SHA512
d3de7419afd915e40fd75775af93f1cf4abf9a3ed24e9011f501fb7f5f3c8097879871a0ea2508d1a344c3b06f174d928d22b1b48b2bc426bcea050b1867e6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca61363b11661742e18c33f1031293f5

SHA1
f3fd1aba948e87969d4cbd441dc2b495753a3161

SHA256
f85543fa8ca6ad4cf999d4424471467033e1db101d9f38477188f8d357975cb3

SHA512
8884670ac794cbd5aef4af7a5f5b993f273da111d04c1c0c0a82593e233cb42356d3da0ee3a1821099a59a8e6409d99f45f7302497fbb5541e97f00fef719148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
433b8ebec4d9880e02f838c7c685048e

SHA1
0cc41e6375d38a849fb39670e2ef0945f8b7be58

SHA256
60f4b6e54542f7d6c2e38efdd147f06e279642fea81f6e9be11180645e8202ad

SHA512
44e3019284b34e5bc2c8dd5e62acae447aa9862c8c97f6f939fe890f12cc91113233e23fec13f2e76f0ac23038ee6e4189fc89cf9ec576e7252204856d2cccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de6efe7208b362cbc5fad49ce83b5555

SHA1
3183ba80418bdd981323094e99c155c260eddfab

SHA256
592530d38da3ab9487d89be5dd059efdc49e78a1199e723dc8c8b83325ed0b7a

SHA512
79d3cea646b73081f5fa70ac57bbbf5b13250bf0d9396c5476a6ebf336e7a03cead38b2fb793f6611710b873135aa754b5b49fcad2e4419d7fd2c3ad4220a85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f575e409824a3d7ffbdb33c2091afd0

SHA1
039f31a5aa5050bf0d205369f948a7d515e8b4f9

SHA256
605a7c0dd2b6f4e195de8710e1a1b8ce860ff1dfc32650f6cf8e66ff5ef3afe5

SHA512
6618bac7e799298092bed460cc54c133d1efe1c7b55f6f5fddb10b3138b518a94ea465449838a0476b55a2697a48e27419ad17aed0e59e5b617a40ba4caa64d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad2a80e5419770e24d0545d59d7a15f7

SHA1
8671ebd7a6776580e62c060e7db710e69d384cd4

SHA256
929765f964041a67586e7b79d3dcd44caebeab77ed9b9db58112bb6f4f583644

SHA512
369b8caf5d094f6a9d989d4f523bc2590292510ffc0e8174eb6d8638f921bb28789d9b82fb50d8e3a949058340c10a0bfd614d9e4dba72424253f827cc0cd21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c05fc27aba9a776192513fa3445a6ed5

SHA1
e693bcbcd6b3eb1456d69b9746d8bd4d19585c30

SHA256
0a8d131e2887e2436757296ef9c0759ba95e9038be0152c20cd53e844ca5c41f

SHA512
e9455866f77a5b6829c538469e9d53af0d8b2ca8926ea5f11e8be413e10bae636c4c3795fa3fc865b4376996cda9a0b98376899ed9460ffd6d67fef888ad3c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b05.TMP

Filesize
872B

MD5
fd1df17ddb4ef76d8d67e055440db05f

SHA1
ef1de20bae30e9380d63666f04f7213cf26e1207

SHA256
4a2bffb8f96fac2dcc99c784feb44046187d3a9c9c64e14bb4505569932ea359

SHA512
ef5bfb8b094c1c70348ea9bafd95ffbbaa477cdeb490adbcc0f9ea74c5d67cd4ee51ed6924b82364094812237658474cc6d032c0eb0b4791c07c908174783479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
343e07196c48708f5a447ef1db147fb8

SHA1
9f1b3643be315171ad2a4b0c9c9d845c61acd96d

SHA256
10345a907563ec681bc68ae812bd99c7e8809971b9ef44e1228bcaa30bf403d4

SHA512
23717f1a41b8207ea1a5e585dd6b9382aa6e8e1dd3c79d7662d83798a31952050a4bf4b26e8312dc49a267824eee678d1484031ce572849ac13f73da35be400b

Download Submit