hxxp://track[.]azteclondon5[.]com/tracking/qaR9ZGxlZwZ3BQL0AQt3Zmx5AQV0ZPM5qzS4qaR9ZQblGj

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://track.azteclondon5.com/tracking/qaR9ZGxlZwZ3BQL0AQt3Zmx5AQV0ZPM5qzS4qaR9ZQblGj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3920	msedge.exe
3920	msedge.exe
2068	msedge.exe
2068	msedge.exe
1104	identity_helper.exe
1104	identity_helper.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2068 wrote to memory of 3776	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 3776	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4052	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 3920	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 3920	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 4100	2068	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://track.azteclondon5.com/tracking/qaR9ZGxlZwZ3BQL0AQt3Zmx5AQV0ZPM5qzS4qaR9ZQblGj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3e9046f8,0x7ffb3e904708,0x7ffb3e904718
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9258059179696916509,1371045173304401492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
211KB

MD5
290ac10d66da3cb9aba57ee1007ef37f

SHA1
255679fe3a59ba134cfad8a393950f64a9d5543a

SHA256
7461d630487f221997c6e5bb2b2bd64c0bc4cd17edde99ee39a931f685b321b9

SHA512
c31afaba926acf8f1849c53eb00c99c778b1dc9acdcff0dfc6ce1182f76f6bdf82749056b186b123b475361203249cad88fabcad1367c61354704d4839b06133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a462fb1400ca9cd087fe96c66bca140c

SHA1
c5353b86791b2ec575452608eee24f5f6078fcb4

SHA256
0fc87579930e5f479609e2fac0308abcd45869084057b0a8b8582911467d1ca3

SHA512
556a374c86ade66f5b3bc2e22094e7ee97dd62855ba9ab325350f04cb62c270e5c50570c29b19bbbf8b35b5342feaaa06f4025442d5428a5b1338ebdb7d26f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c26c1a0ccc02d2acc7cf9cb24df6197f

SHA1
90395fc34c4c600586d5517cb0602683d4cba2d1

SHA256
6c4e53ae5388e41a6b0baaa7998bd3a434e2b92321545df39a98f6d8baea6690

SHA512
10b9c9ba8284450a6a46607f0552dbed164f95e879bfa7de7493ef593a4bc831275308e3cb616a033eb96f62b928bb5d4f8bf857bb93bececba66a426a941fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
457B

MD5
50ad079e41a59617c5615f49df87fce3

SHA1
454fd466af2ccd2a62ae5f359de5a1e0eb9a7041

SHA256
e0d90b40f047f84866ecf4ce9b61fe69ce6b0d885462412d17a98eb3d5c4ba67

SHA512
d784d2aa5dd86a16e5d671e3c6a3f4f8287d612e6c68daaa47f40b92f125b31bed52a32192bf0b7ca253659f6d330e1193561cb297b29870db36b1366e83845e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8b56882a186037c40be23698710e566

SHA1
2788c1813042db20e2bf11514e05ddc4ca77be8d

SHA256
b68860ad06e57555731012fb6532550955941a850925ec0d92e4345d945cdfdb

SHA512
ef68e5857767fafeb28252b2973b4135d17f9d3ab060e7390931ce4cd39964566382ace14b36a31f9c056b9ba7fcf46300ca7469166894a9ff706a2c856ad078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bf258b694d7bce8b0e7da74df15d0a0

SHA1
944dea2b70dbcd228aec46f87211487985bee6d7

SHA256
98d3b2a87fe9e81b38f6def49c3a804fada597bbf5708625d45cbfce2459b7a3

SHA512
f80700e8f7922c4a08986f417bc368ba45be52119adee1edeceb11ecc19419650fb01fed95c6a712e0839b8716bd3dc52b959336c4f1db3e04a2d0856e0e15e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9300fa004ade45c2782d4b7a1ec6eb63

SHA1
3228b2938fecb4117713ea54a43eb96b4a47927c

SHA256
54293d0a9b13b500057f9e22ecfc35d6c7915b40352b2f01788ddcc7f2b96839

SHA512
8263c6a4028603686da547a9d1f1545a1f8c546f2c6d6fd33905f4ac7e8b70bf832036cc8dc176b2c3c84a0ee956acb211c44b20c3f1c12bde7f1254497eebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e8eac28ca9fc201ef8309f9eef535754

SHA1
854dfbbd2e983824871f8f4dd462ccbfe6f27524

SHA256
2905898923a8999cbe91602cdb5e5fef8393c38a28fae2dbeece8ee1504465c6

SHA512
94474a3f0b9d5f9cb65f408668be1a46aafaf271def91962ad182ce59f0de11f08951fc463857e1a53369d569e2ccbbdcfa8eeedc3c38ba68611d32fa8ba3497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591090.TMP

Filesize
371B

MD5
87ae663e2e89b91f58c68156d38982e6

SHA1
760f690e7c56b2f1a8cef2f072a0dc7e3ac438c2

SHA256
df436352923ee2477ea723c3876411d1dc7d48a625259bac3dc6c21ed0f00638

SHA512
024f7fb770d06f534291bd9beee6227119173d7d0cad2964b0de032447a5e20538e79d058c1c148eeb659361d1d04a4518cbdcc3eb1a17d9e870f64b34e455c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5aedba20ad40e75a7ad48b544a148aef

SHA1
c7c6c09d2b92b8639e89cba605aef34d753a9bb0

SHA256
63f966c207d16f1a17b728b03ba37c45e60dd23e1b88169c69d24f4fb4cf38fe

SHA512
99309a47ae2e0c4832cb6e3a680a6c400d5786e36a587e635a6fa0727b9673db13c35173c5234d19008c62bdc2a4d26f3bacc90d4e3c1ba1cc2e2d77f0b2f7a2

Download Submit
\??\pipe\LOCAL\crashpad_2068_QIPPBMQKUIDKLZII

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit