hxxps://www[.]americanexpress[.]com/Tracking?mid=HEICN030202407010337106174081484&msrc=ENG-ALERTS&url=hxxp://www[.]americanexpress[.]com/mexico

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.americanexpress.com/Tracking?mid=HEICN030202407010337106174081484&msrc=ENG-ALERTS&url=http://www.americanexpress.com/mexico

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
2580	msedge.exe
2580	msedge.exe
3760	identity_helper.exe
3760	identity_helper.exe
6064	msedge.exe
6064	msedge.exe
4648	msedge.exe
4648	msedge.exe
5860	msedge.exe
5860	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 4336	2580	msedge.exe	82
PID 2580 wrote to memory of 4336	2580	msedge.exe	82
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 2972	2580	msedge.exe	84
PID 2580 wrote to memory of 4192	2580	msedge.exe	85
PID 2580 wrote to memory of 4192	2580	msedge.exe	85
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86
PID 2580 wrote to memory of 208	2580	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.americanexpress.com/Tracking?mid=HEICN030202407010337106174081484&msrc=ENG-ALERTS&url=http://www.americanexpress.com/mexico
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa993e46f8,0x7ffa993e4708,0x7ffa993e4718
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=2096 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17065563930562606607,3539512040338061837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2e5aaa60-5e3d-411f-987e-23e22dd44fed.tmp

Filesize
2KB

MD5
e4f6dcac8a4aeabf569be8ba2a2eb87e

SHA1
3e7193351ceaf97ba89f0bdf9f53529fb1bd1eb9

SHA256
66ce408278866024d521b65a074e333824d48277634aef1e166433ca521ecc78

SHA512
3cf046a89914670fc623403fd5ad4d4f2edd2ac052951044de0e204ec48d96d26c082fafa72e1bc110dca1db1e9f5610acb71b97acf718302a293f9348656fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
908db96197793a20a9ea1a0f7849f60d

SHA1
ef790a741154fb77b6ee59243bb3c05be37fae86

SHA256
5d541ebac6273e915d9491a46da9afca5655d631ca8bce32fcc4428e1148ec80

SHA512
011e4dcc36bc4f1ea4b4ce5966d2cfda07bb54132d1e6d9b5485ad9fda3f53225ae599defbee7568a269d34bee987685d2e4488d0cdd6fdfe5f8030bbf19cbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
15b77ccbdbba69c4e1b9d7ebf4c15488

SHA1
425f5ed5a4e197d4449ea5195ed5b692a2ae3592

SHA256
8a72216a028c76f272ba174282979b00d6956b6698f4a31a1f59fe70ea00e207

SHA512
45e44150c96a406548ccf5f479b762ac24bd9bd3d784a9689103d06037321f51ff1e7ac76e9ef27001ecc412b478acca462c2c50cf5b0aaa4b3042e649097596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cebb985b26c96297112f5ffd05e034d3

SHA1
fa6eb1e10acd5bc49d12360fe9dc2659e41ec7ec

SHA256
1fdf6315649be6391a6eb27fb54b604e879ba336e33c6a89b9f0a2f513c00e0a

SHA512
dff2fb3e47dabdf4a149f6ca52ea6a4d090d0e5f8165baae1bd004d10b46eb42b3b614dcfe5efa15ef3ebca8349c26060d94a7fd3ca7b74ca1ede6772f47b509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb5e4c28fe0db3548ddceca4824d284d

SHA1
5431925c611689a0d96793066341d3334bed3be1

SHA256
36cb64d288af3356dac49ba20c236914760e59189a5d05d9043bb1e40726a5b8

SHA512
f02c5731e28336bc2c1abfa6a981163f37f977c3cd3e7637e1c9dc1be450c22e588c9a37cda85c1987cbd18e3c000b86c920a5bb52fa015e6081d4a545bc6acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
29fb39a465af48a63745d9e6c04738a2

SHA1
664930c693724d1862e1cf7b7422aed3e1f4ee55

SHA256
add805895e7ff9f5657354705c2948f31a0d1019536f731605d67b553920325a

SHA512
47c2faf1079948fa6fca7822ef90f16a788098906a2c3fadb52777866268fc1e74d3c87eb3cf666ee1cb3233f9d577ec4503e5eff62a4fbd35deef74d3d1427f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
314e334cde4b71dbb06797ee441d8569

SHA1
f3d507bc06f4f13bcae2a05f22b9dc0d1c490827

SHA256
b7369844799ec4165c88be3ec7c0f50f13427c15f078fd97d48d89302761600d

SHA512
2bcbbb76b672c5ecf4d503563fa9b499eefa098361f368b412901b51db326d810282473748fdf71704ae61963458c063b8c1a3fe446db639e1f8e8798d8e74b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\76ee287870b26a99cc483188ae1312bc8a955882\index.txt

Filesize
159B

MD5
63a0b0d46e92c242a68e252f58327373

SHA1
336d8d3fd4041e7ea2f66004d29c4208510d8553

SHA256
e57c93181fec09f1196916bfff8d3935f8e3ba1e85f35c6aa88c1c779e2c3749

SHA512
6acccf8da5928cdc00f4b378812126ba4f27066de0c7dc7ca71ddfbb23342884e33efbede950927717e1d59104765703556191abda2e5ba3ed172fbb4f29c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\76ee287870b26a99cc483188ae1312bc8a955882\index.txt

Filesize
166B

MD5
9acbe5558464b964d6c5863492e76477

SHA1
494f0f9b99d892bba0061454d0cdd80b633640e7

SHA256
fcbbbca6f3090bf54f2c66483fff8c75b7630d9e5c6bcbfd09e2e8527655ddba

SHA512
be15a57abdc6e405da5d71d88114f8ec8d21ec38fdebd89eb22f1fbd9db7cb6bc695e8d0960a31d2e942905f67ada3f469cdd9654470acdb37044024b218acc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\76ee287870b26a99cc483188ae1312bc8a955882\index.txt~RFe5751f8.TMP

Filesize
100B

MD5
a6585ec31d437e81d4d7666434e1c87e

SHA1
fb6759f4f352bd222d4028b67e094eca26b5c822

SHA256
cb57c8cf6dded9eaaf669679f7d95c979275ebdf3bd422c61c702bc8818ef006

SHA512
b5c9ad6c970328ef3f72f95e21eb90f6f506453028b346a9abb99c1b425d102ccfdf1f1ea9f55bed255e348ec00a7d3cb59a2919963a69008f4fa07b816f9554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2da218acbd4c4dfa6082cd37801551d

SHA1
a09e6c9b03c33fcf15db0c9d8cd4fa76360b3cf7

SHA256
d98f1d7931a6ac23fe0ab6901d9aabdb3dbdc6952d6327808d80439fa0ddcd55

SHA512
9c40d67a7d64fae792050cd294017807c6a14753c1c4fa3a509c61bc767cdb9fdb66e1d689832abc1e4344bffd984b03e714b777cb4ed9d4317c331511610e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57b3adaef0ca255aa25c76578bfb0937

SHA1
e7639597b4a32b62ccdf9e3a4dd841664a4a44f8

SHA256
0f9797d5537bce512369e775a55eb1f2ce8ef7f794bc7325bd6dcd000fb04543

SHA512
cffeb2e508eff2df0f6bac2257aa5af89990be99e539774f0fae62aa5dd2185add435a3e00ce1b70743223c9d5c9deb9bbe78c914f17e1839efe05f1728c2ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d0a37f8f44cb53ca892baa3f385860a

SHA1
ddbd2c0278445fdf4bd8a33e6f965762625322ba

SHA256
4ad18c4deac29f7e7e4b49fe74b1ec4234457d6a352bac06f47b91c6bf14282f

SHA512
27f258c82658b0ea3d11e1df455cbb8a8042ef24107a743ae2ffafab44877be150ff77259a237b21c0a6966eec219e78daca7dc5a662c7a5eaa978a99f90dbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
394a7ae25afa705d939efb862d9e5a4d

SHA1
787ad525f93ac98577ac225b9c31f35a020c9df6

SHA256
40149e477dd81474793756ad9d8461c1ae7e8504e52d7d3cbb989ec52ecb267d

SHA512
02b8af9ccc261f323961302af0b79671c4ef5d420ce48b050f157b969386b5821bbccb9e9aad384bf6b406a75e8a761c5a4796f55f59ea61b2fb7d74b711a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c56888b055ffdb59cd440ad4bdef248c

SHA1
7c8c4a32aaee0c583705c42d13b2bb522f19f40d

SHA256
96674bfbc0fbb210da4b81a6d0e8b70075461daa852ed89d0abd78b0c7170985

SHA512
4ad0db163107d30567d99588eb67c3cabd4744bb4e39214ef5c4124faf17765babb971232ffc9d221b18d9f52289b8e5b6e775df0c0c5ef33ab929eb7a5be486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f32dc18bb1846022a7ff6d6d0591b509

SHA1
f6b7b4203a67a5d8c5cf475177308fa999a1392a

SHA256
9a60b6327c5b5a9c409f2ac75cfc7a5f970743712757762ef91ca068c72dc52d

SHA512
184043c6c17780864c6cf61678fb84eb64bd69e258ff47a5a2feaf585cf215217133a582f531e814af76aee0d0b08b6071ba2899698e41da0b3d4b31170b2a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6ab0a6a46e19900754355a39eb0cf1f8

SHA1
295798be80bac935f01951589eb10505562deb30

SHA256
47f61353d82ce233a08eeb99ff023709ce2252d1e9633c598190c8694d59e441

SHA512
57b1b22553a7c4bb4bcb735f3860ff8efb878f0335c9e20b158fb3a0bd59221b8397f10082198b556caa9ffa77b4ee076524ae6dc83672340f9139c755d91e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
220595c3d7117b8787b7176026090672

SHA1
2bd0bd9ef4f6ec36b68719ac8a538c28f4a89349

SHA256
5d28bd6813063abb3d2abc7e00c5e31183c9dcfd712005c0809a8c4c72d58430

SHA512
36ecf561cd2de2ac4a007820e59f54e90d2fccbbb0d8ae442a1e60b32a671d231339db7c9a4379643dd7628ce5c0c7d01a9a0e0298d8dc3ed29b00d148925322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
887e5d7a7c473632320c4a719d55caf3

SHA1
804ecc66710960339afa7127bb0d30218f9e0913

SHA256
074e52a8481168498a877152f80a916d909120f85eb6a294d9d340032db68bfa

SHA512
84eac2fa967a2cc7e207e7fd48685c36efd5df252854fac95903d6ebe6f16bf209e9fc100fea4b241f4349a0aff5dc54fb4255d8fcee59c93d3cae224c17be5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0ecbfdae16694cdfd81594bceb71c97

SHA1
7d0b2e6362bdacbf187ef1ea5649030dda98a1a8

SHA256
efdb2770fe0421369e981aae4480772cbcd37df63e3b16c8962c8682afe3ddcf

SHA512
2b2769064175a7619358314f753f6eddd0ab84af86e3eb4769c66139dc0952049f94b387f09e5293ea7dfda3449f00a9dbc78b0cc5aa06ec113cdcd3d34a371d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13b2af87c4910f109e8ef92e54c75aac

SHA1
be352eb3b1921c32b6ca9776dce38f74b9d5cff2

SHA256
c3410b3717e7b0ed4695a25d0fe28b4f4846d1985c22979011070138604e1c08

SHA512
de29619e53d1aeb731a56c1635924067bdfb4d21152e19f7cd1bc2324be0c91419699b79c113c829a1f8478138cacd894153428628ecbc350754005a53475385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae03.TMP

Filesize
1KB

MD5
914a5d4f3195695ccced4904cd93e940

SHA1
92a817099490bcaf62ffb469dd1a8c77241195a6

SHA256
d0d75e5b0e58411325615f6c962cdb6223c86d055a54992081515b1cbc14e1b6

SHA512
0674a9a6e43f7def2de666fd3cfec0f6971d93f93a4e33c96eab3ee4a4d58f3e68789267526f89aa2fcb69b3ac2de880d501008a4ea3d186d13ea9e157ef3973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
411b570d07780404550a53397b394408

SHA1
aefcee670e150b8121eec57fb7093877c945a43d

SHA256
79a839c4f78409a15253003fff3b471068454e5a40779a747945bcf7c86b5444

SHA512
93a0435abefe00f87038f261accd17217320ecd382d4248b51b5f9d7780bd84c6330bd155ab9226a53386e371e4b6e8efaed8f21744509e83906ee27a2012263

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 352727.crdownload

Filesize
141KB

MD5
6606230ad9ad0f10a9dfa036fa9a0a35

SHA1
637f1db03ceaebdae2219d799d24838ac79518a6

SHA256
8194868b0b1e86c0b84744d3a41456d5229f891a1bd0ce677ecef815271167d4

SHA512
0069836ddaf79c0c1eb79029ea69cc5c57aef6e8b625816cf252eedee38442e0e42745ad7ee1c28af7e68a8943fc5a53d9c1e0fd6a4881f63108630be6934d3d

Download Submit