hxxps://zampieri1949[.]com/wp-content/inboxmail/INBOX[.]html#wolfgang@kiesbauer[.]com

Resubmissions

14-06-2024 07:01

240614-htazxstall 10

14-06-2024 07:00

240614-hsnjmayhrc 10

Analysis

max time kernel
87s
max time network
87s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
14-06-2024 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zampieri1949.com/wp-content/inboxmail/INBOX.html#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

4220 msedge.exe
4220 msedge.exe
2016 msedge.exe
2016 msedge.exe
1456 msedge.exe
1456 msedge.exe
328 identity_helper.exe
328 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe

pid	process
4220	msedge.exe
4220	msedge.exe
2016	msedge.exe
2016	msedge.exe
1456	msedge.exe
1456	msedge.exe
328	identity_helper.exe
328	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2016 wrote to memory of 1124	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 1124	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3352	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4220	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4220	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4008	2016	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zampieri1949.com/wp-content/inboxmail/INBOX.html#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe849b3cb8,0x7ffe849b3cc8,0x7ffe849b3cd8
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
2⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
2⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13249214359880500223,17297529619344159300,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1092

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6f738fcca0370135adb459fac0d129b9

SHA1
5af8b563ee883e0b27c1c312dc42245135f7d116

SHA256
1d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63

SHA512
8749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
68de3df9998ac29e64228cf1c32c9649

SHA1
be17a7ab177bef0f03c9d7bd2f25277d86e8fcee

SHA256
96825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43

SHA512
1658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
26KB

MD5
e9dbd4784779b4435d50f9531fd61c2d

SHA1
6f084b096e738591f5c2ce1b042ea7abb4953905

SHA256
e8109910d0e3430370f6f49834661d23007a4412aeef31d29d0b4c26fb00fdad

SHA512
d5de9ece200450621602b985e74de1229dcbf7acbe26e34c7883d04f31630af24591f147190967dfbf4ffe1a3de0158cf2c8ca806269659852989cebb1a63acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
17a0ae64b13f98902526a2fbba708b32

SHA1
17d58cb6c4c4cac0d04801d50eeb5b2526629e6a

SHA256
8506b6412790839470af9b383bf46b6aa6a22658543ad4c3bd214aadd7c9a1ea

SHA512
399d3123d57facfc4c273f88a0b931080e69fc30ff448579ddadc48d2300829e9c1d8fd53ec872783d9a9ea2e1921f67d3df633f8b37084046bb363082a00e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
a4ed7d07d3b7c95c5a11e6966a611be9

SHA1
89529f97014a044163ce9d6c803dfc14514a3376

SHA256
7b084272e1dc4ea2267cc5701bde40b0fbe41f04c32f82f41cf7950dd5290367

SHA512
cadfbed4d1c371342849ce0788464bf7316265b48937e0e257e39a72717649e755c3bba7cdc1cef3f2abc8af97dc4601c6cfdc11e7dfbbb43f6250c519f9aee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6c844c13ec5a6188728354c1cb4a3277

SHA1
a55a3f2997cfc09d74d63288d50c79ef1c3e58ea

SHA256
7f6fc66425f285f9c27a0d52641e21c792689f35327050029654d7d4f6dd1959

SHA512
42821356ce2c5322c491ca2e53f3bcec7247c4f2a1a339230f7aeeda00ca872781f35dd206b21309f937940a47c9f6603462b72673b86c35ed770dc2e30966bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
715d812a4e54e7bfc6072b1d55015b16

SHA1
778eb1059f009bddb264cdce393c21a88d506d30

SHA256
5314d2b326317c0a2509400a043d404087bb85957cdcad6734fdff4eb35d8375

SHA512
40b66001a49ec4e3925e8972ebb1de4ca3d835f323f7d6f11e885cce77f776bc6342788297ec2fb7caaafdc8dbdc0ce812608d382bd5ed0390381fdb21792b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d15d6cea8c1bfcfb9e19c813e7315826

SHA1
e895f421b4370bc98385d33eea5c731c38c76a1a

SHA256
9c67d015d230a98ab5667485000894eb95e2abb2d5cd0e08cefa1df839f42dee

SHA512
19f6ffa868b4085d3941aabc16ba1625ea087786c2bb37f1a1d6f880c7f205ce85f233110ecfc4c40e8b634e9d6fc892db075e133e2d8f56d40a75d04810a6d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
3298e80c9fb7dbc864fd98eff8766c6b

SHA1
0cf9909dca544a21348fa160ca8ae71d85fe8c9f

SHA256
a6457f8cc85dc54b65ffe3f043e95a9c618f769d064d809b065a5922c869e1b6

SHA512
0b0a5ad78de564784713bfdb7f50fde60d76ed2d3ece487ba36606fe2512cd9e8596c55132ad37cf34df50dbf7cc84cc51ef2a96e6ac2bc5caaddaf30ce544a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
4bb1bd9c5f4a773e7d382c7e1ac2a066

SHA1
3f690a419e106d71b1a2a52f954e336a2e35d596

SHA256
4a151e1fbf54681fbbf3abb7a2158fffd499aea95381892d043d28b707de9bec

SHA512
9c502c67b8514fb53933ffcca7160464352efb875b241d5f4f701d7d2e906509412beaa878023ad95c3647b4770d66305d266874a636204bfe69002254565e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
bc4955c59b46515f628719ee0f6d7c73

SHA1
c5a961b10b571c311b65267824086b9da9469c17

SHA256
935cff751859e7ff402b63377600239ec7b558f3e5d44b6d7bb0458819ee1b21

SHA512
5a60fc29683f8db5dfaae86ce56685a3cd6a8158bf3c52fa9fa306af9355a543fac251100cdd1f591a7659c63b94712b8843dc8eb754fa19f31d5b0b71f8329c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
165af7006d3538c4212dce3984c9d63f

SHA1
baa4845310e038da38ae9e74bb87d8c04d0fb1ae

SHA256
ecc5702ae26cfb4ea0e8d158fa28f9c3f19b941aeb4b77128c3091e99bf28c2f

SHA512
6222b5cbd9a92b5afa8aac42fff079e4a29d68c757ba318bf1ee6d0b36bff7c0bb4416453260b22b6ec49e283eaa8cdb88c5675193c3de7c5f36d8d1d1e4b69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579f0f.TMP
Filesize
705B

MD5
9984be52fae5c305c05e86c4253a40ae

SHA1
92d29e2ce16ae696b708274b1994c5e204ec5b8a

SHA256
4a8675dda554a92bca64ab529782cb1065e79a9981c4381649758feac1920fc9

SHA512
65816fb6696597e7185a7699ee53322c732333ddbb8ac5e561ebf5fd54e83efea8ec3cbaa8db8e65104596dabdcb4cea48f5c36c6ba7141ffa3c7a3f29dc1a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d25061b1c4b91e5b3c61e3e63b74b703

SHA1
feca608902e9010fa8d06ccf120f7aa76d3182c0

SHA256
634ad5b513878f2d430a16dc4e8887c527662d4a9f1e3e483c3be694e5c51acb

SHA512
75ae477edd9db66ef71fa97e8aaeb0020f1a716387ea1555793c59fe7c104c19f7fce001fafbbf31176c3c417ce2092517f086d43f749bb15d6d2084e5e36d04

Download Submit
\??\pipe\LOCAL\crashpad_2016_AWYGJQENGEEDNFTM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit