hxxps://goo[.]su/1sDvE

Resubmissions

02-03-2024 22:43

240302-2nm7vaaa9z 10

02-03-2024 22:40

240302-2ljrmsae47 1

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
02-03-2024 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/1sDvE

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1204	msedge.exe
1204	msedge.exe
420	msedge.exe
420	msedge.exe
4000	identity_helper.exe
4000	identity_helper.exe
4832	msedge.exe
4832	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exe

pid	process
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe
420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 420 wrote to memory of 2984	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2984	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1352	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1204	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 1204	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe
PID 420 wrote to memory of 2024	420	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/1sDvE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb8ee3cb8,0x7ffcb8ee3cc8,0x7ffcb8ee3cd8
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
2⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:2220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
2⤵
PID:708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
2⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
2⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:1728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6124 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
2⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6996405259729388686,8089483255310096115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
224c27718e1596d58aedd84f76d73fe7

SHA1
2520aeede54f0b9432e5e2ad57861b13add4a744

SHA256
90712ed856878d096b40eaf9fe1547adf8cfe46b8ff5ceaa466f04221a43b248

SHA512
1ec6809a795a6eb1ccdb060002d7b65ab288f18b3cf040bac363c0d1d09166044428fc90966e3031046480143355bbf75a0b7519b78e0aedabd575151aa6ba04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
3193a28408d1f4a087189a3fc161f9bd

SHA1
8f71a88ddf2b8b2f3cc27573cbbd532ca7224793

SHA256
e8e019eb6399b46532a4fb0a06e5aedb63d4c16b72073a9309c386ce1afed1d6

SHA512
327cc51cb1685095aaf304f71bd91c91560dd7ff2426de618a4864cc170571074ea4b551026ea12abfe9fde08996cbb9ac213c0ebc76822906cf9e9f0c4def4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
6253267cb1a1fe293aa63b8d107f4fbb

SHA1
152850ecca6b2fef66b5ae457ca1a0089583cae8

SHA256
bf6031948fd36cba74874c2b0298862f5a196503208c63213718400e0589c1d8

SHA512
748c5565f9e98499fe6fd8bee09bd2a1ef2514fbbc842c9325cf5dc104d228d6623ea95bb0102a3690d13b7cf9103ceb9dd710d5ddc2ebb25f7932dd444b5759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f1b7284f54474c8b6f640179380c2696

SHA1
a43a782ca7dad50418086eb3292620e6a2ca225b

SHA256
1fab3e029520e8612becc98d8d2d289f5c95ae1264c7954e46db05f4fbda9d9e

SHA512
7065d8bf6056818ebe140d94dac527c14bca95fb0b5dcbca897e02be7176999c0127b75afbd15778e25b8ef3603d6bfbb53d2d618520e11693535ed91de4c4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9050c9283e390193ad3db1ece52ff489

SHA1
7b6c59ea5d077a76635518b235f31da7fd07aecf

SHA256
c03affc3fbd44d5e0d8648ad8fbe055e668110993c4e0847e50920a903adc957

SHA512
c55b9c82e28f141d86b835468431c5b544ec071547a5e834ce4da187737ecdc0c0b7bf47136ea491d2456e987982a5c958be6724faee38a7a145c248659b679d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
f70f985c3a3870380774b18cf1f59f40

SHA1
fc768789ec7cb13a82ba98e1aa7a5512b1361b98

SHA256
0d006dc3cba392b2cb009ee97a9582bda941838cf4461f9f7febab56484abaab

SHA512
5f225691136d512bb7644d82a020bf5df8ef1db93d580fed87e840791c5fdec304caeebaaf49ce00144aab68aab6d92e60d59b7af7d67ba4f7e420f6db793cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
9fab6d10e65d3e22316719dfd1df47bf

SHA1
8e462c19701976bafe0cc41c31ac89d3f7e19d41

SHA256
61cef0299a7d2499f6e0bc136a30bee40a6b8f924a658904d634bdd04fec34ca

SHA512
a323043361cda079819ae18b28f258d434d092a7d095e92073d02af9cb2d4f6d45db82b467dd5dbe2512ebb928f1acf0de6938403ce7a5b3087b782ae08738d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
10039834760ac053fa78cb88ad6fe1d5

SHA1
559a1c75b8bebac0b93031a4752dde2c551a860c

SHA256
489c8188297e9a9cc55a5d653ee02989cea14b12e143b286594599c77de5944e

SHA512
9be8217f94aa388c5a454b2e769783cfeb94c5411cb1ee3871adb6b070c21590912130f46f9006bea346b52ee455ca309e0ba29ece10dda39070eed06ecaca45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
2fe7e5db426f092c13ea9efb83f4437b

SHA1
da81795494f61def263d3c4665bb8a0bf6d09505

SHA256
62ad010e211e03e4f1aa9f256ed83a9a60f9b426570461b358b1bfba37fc9527

SHA512
cdd012c9d7e6a187ec68398479babd3c1992368123cf878d3c6732865cc30eb9425d56bb89de8625164915cad2470ab1e2cf87201220d089ee4848b6c5d12c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
6041c2e45ebc9692cb00f7e546338ed1

SHA1
84eb2ccb14265a3e6e46090000d52d1e231fdb60

SHA256
72ada0b79fd36f4a9bd381de9adc6fc4bb78991587edb9829bfd6accf9c05d6b

SHA512
92e5a742c3ba66546941f1080bd00f6c85f40dbe53af8d6d9f282cdbe775eed662b1729f2b541bcd38fe610085d6b73f2da53725045cb6976c2df10f6763b360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
5911a533940c88e5b4137c8ab33c3a49

SHA1
cf6268d68d6f739ef6c2831087a03d54a6b8d43c

SHA256
1dfea5a7a89e68324fce799afb30ef6eb94a41fdb8fce7aba3f2313f97dbe7cc

SHA512
94e785280c605cd19d02c1afba120678801884b29d9ab2dc7f4fb9d5ceccf735bdf2829b4aea2cf86fc9ea212213c962f0c9c26b5c570dbf78030e502a98c64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
e8fb2df0b8cfac1cd3d73474f288647d

SHA1
551fc74e2ad3f779b5f3de648dee20bf6766a982

SHA256
223cd18fc5dba4129a3a92e7ef41ddd250b85b6ef90c0b755fc9bec62e0a7669

SHA512
3ac12e4f8abecd11b61ffd34373bfd5a3b7198eb493624009d99f98f816692951725cb46190222ed5ea2bb036653cf369c94deb53de598af9b3fa2fd4f188025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
02f784215cc5d6dc125ac19b59404287

SHA1
3c10c4e6260e5ba3766308222050a126046bc8e6

SHA256
c8a0882fa1f1a0a81b57171a830875e8ffc47a88b57a70f08efb343f8db78b12

SHA512
5b12bed7e1defb95261e7d3b474daee25b1671f04ec9fd6069958107749dbd6685eb51b869acb109561ae404027b4feae5bee979a76ec3ed60f1d7483b846063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
f0a40b8bf981a554b8de7cae519c04cc

SHA1
c62895b40b9d8e3be4f38a090fb8f4e02f92a31c

SHA256
b0b216629415cc146bc5498a21769be9c48cf86f9f08e17ac2aa867efe458e3d

SHA512
69aaa9b869ae54647c7192491b9011fe9a039b433b2d9ad01ce5bddfa08861e87da98458e9b8f3d5ed56f0d07904e7d4ff5d43bdea708634f02d1050ceb2bb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831f8.TMP
Filesize
1KB

MD5
be5eb3f27b5515faad6767b28bb583e2

SHA1
c277e4b922b6992cd012f6d14ac80d531f2ace9d

SHA256
3973b07dd173728f4238386f5701c00ef7b1de8ecccce46e88a0890b985d62da

SHA512
fc930fa6cacf8a3f7077c766c831da228b7bed82c6a7e858f5a0e36d4984d9eaeb8760107235d7ddcc497baa8f938efac63bda2ca98f0c925c789ed5d3c61786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cf71c35a813a4ffa1eff1e32a87ee781

SHA1
8ab7d5eeeec7f48437fbb688c221775afa9b71de

SHA256
7514b736f0fffbdcd0c7e870dfeed1636adf99988214d2f77bf5b0b5b49cb2dc

SHA512
e39b2c51ed03dd6ddeb20bccdcbd4daf16950bc1e105d7c47f96d66091feb5cbc73539410e26b544188cda33311844e7a607e06df65bec40f960e12012857c69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_420_ZAYQEBXQNTDLYXZD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit