55b0247b9b574978a4c9abd19c3bcc04ea78598398b9f8aeb35bd51cbd877576

Resubmissions

22/04/2024, 13:22

240422-qmp49scb3z 3

22/04/2024, 13:20

240422-qk3mkscb2t 3

22/01/2024, 15:42

240122-s5pybsacbm 3

16/01/2024, 17:21

240116-vw6ktsfebr 3

Analysis

max time kernel
406s
max time network
410s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
16/01/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

documento9030.exe
Size

6.5MB
MD5

5098ffb7635e3b87c1476aea7d24a5bf
SHA1

50fa4755fd48e1b22a718b6a90b46dbead28fcbd
SHA256

55b0247b9b574978a4c9abd19c3bcc04ea78598398b9f8aeb35bd51cbd877576
SHA512

95822f54872cee4b78b3956315bab722e8623a36c3627d9a32a614aeb4b5be2adcf2a88592dc2d05f2fe97c8e9c234062983a6a396bb72a034d0ad0dbc24f40b
SSDEEP

98304:imMbDvtv04eVg5Vy7DzGMoSICiEdefg5SVdO1rjFnW:iJb7df5Q3zr3IREwfa4itn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3032	msedge.exe
3032	msedge.exe
1124	msedge.exe
1124	msedge.exe
1548	identity_helper.exe
1548	identity_helper.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 1340	1124	msedge.exe	87
PID 1124 wrote to memory of 1340	1124	msedge.exe	87
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 2268	1124	msedge.exe	88
PID 1124 wrote to memory of 3032	1124	msedge.exe	89
PID 1124 wrote to memory of 3032	1124	msedge.exe	89
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91
PID 1124 wrote to memory of 3656	1124	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\documento9030.exe
"C:\Users\Admin\AppData\Local\Temp\documento9030.exe"
1⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7.pdf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee01746f8,0x7ffee0174708,0x7ffee0174718
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4680 /prefetch:6
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6548984864062161476,1293147669750400981,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
86fd25bb1a0f32c07a390d31e30fa67a

SHA1
48847263c5508ea221f10a6fe2f7925eeb191e25

SHA256
2b469891a8fc3908df93114dd6e5a8c927501499ba8a05bdc62ba27c50c263a7

SHA512
f747148448e3f0b843314aee1accaf2db06fa4436dbb6240ea5633fafda8f5869e11650bb2e7acf70213250c1514fc0aaa5c58dc4f6d474b45e7e6be55cd4738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b9cf78a29e63892b3bcb45737b2234b

SHA1
a459cc1503e4b737277797d4c0659a88c4728abb

SHA256
5812e62cd95263a526b94677e5effe2bcef3a7620e6ca87f862d7479bf65c151

SHA512
ec2d5334a5e772ae22252f218776b942d1e4496c23cb88fcc2e02a2c9bd5832b2c50a5403168028c168b411c1fa6e0a8478b6646547686219b25ff66cc9d6988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bae9b78fb7f15791435830d91d40020

SHA1
683accfc1d26ded25e502968d4ef88558ef8022f

SHA256
705793869c4a9cf84f91dd435926eced30cd6a1a95afc41f02d12e9efc058f6d

SHA512
95412656785371fb03bc7279f460844e694c71793f9ce05c00bacf710e3e3d0759c1b0c5c04b63227ae4e63092dc207c1096748946e38591a59827a676c868df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c01f3da1e6870ddd5ec33bbf2a38c26

SHA1
24ef76323988b059cf904a4a6386924ae37baf2a

SHA256
d37eb700b0b9262e35a3dfb12b6115976ebde928891516e3b85cd67f801dc54d

SHA512
c2ed161862895ab623a8f7a34f6bf6c94ec71792c58bc6a398a0f187aff8d66dc333ac409a7f2cd1c56504627f39bc309d4390954ee9822f5f09db1c37cd4b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cac619223801154630855c28395757ac

SHA1
a19772720f65d6dcc45c385f6636f9085a4ed5b6

SHA256
797a02437893577159cbe7e1cbf48eede825d089716041db4930f0d1da4d0e80

SHA512
4d8eaac14094a7eae7cf4436955a9f675663172cc39568c0da3b8bb2ad8feae9e5eff1606bac62c73b3c94fb1ece66245e8e0c5d8edc59068301e30c788d8773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12bb5df2059ba2b98d9e78e82995dde3

SHA1
e8a611951bd6fd3052ee0e2647dc3202a0515c38

SHA256
bc91463e313584c2be7061ebe8972f6d8ce510473ccfe8968535c741f8638963

SHA512
a4e7923ec799f5ad1d096d87a3ccda9d54e34a511b43242f5b1c408b797a721f4c9cbe338d2662dda39079f79fee52d1e8b086f43b5ffb0707b444347365f903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c6113df6b42c1a7fa6d3e20bdab8f31f

SHA1
79397c87acc99bf75c796dc901bb9052550888f7

SHA256
c63bc1b68f4adc468771656869a009d82972ab4a9ee5990125ad6fe3ead2804d

SHA512
55c0f17bb497858971929b2941224373d83d3738ef254060944a6f0f9bc0bc19d588d54acbbecfaa0c1bcce3e496aa38eb86b44f718880614bb4f2f3283c8af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7.pdf

Filesize
1KB

MD5
3834e6e8afcc0c220d92e6d0df9a3f39

SHA1
81aa78c36d60828fbb412ed109df0faaa1d659b2

SHA256
0ca9dcb05db92e9537069be7826a8c3b4228798452e3f66d5a83b537198abcaa

SHA512
fb61be51728f5397fee926d660127fac559d2a151c8eba96514f2dbac7b4c0e1ba1c6418ae8f521c96b1fec3d307748859fc1b1e1e853d2b99ccc9d4d6f410e9

Download Submit
memory/3704-0-0x0000000001540000-0x0000000001895000-memory.dmp

Filesize
3.3MB

Download