hxxps://goo[.]su/1sDvE

Analysis

max time kernel
272s
max time network
281s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02-03-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/1sDvE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4948	msedge.exe
4948	msedge.exe
3584	msedge.exe
3584	msedge.exe
2328	identity_helper.exe
2328	identity_helper.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3584 msedge.exe
3584 msedge.exe
3584 msedge.exe
3584 msedge.exe
3584 msedge.exe
3584 msedge.exe
3584 msedge.exe
3584 msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

msedge.exe

pid	process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3584 wrote to memory of 4936	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 4936	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2220	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 4948	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 4948	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe
PID 3584 wrote to memory of 2200	3584	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/1sDvE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d7a946f8,0x7ff9d7a94708,0x7ff9d7a94718
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
2⤵
PID:2220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
2⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
PID:2392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11563818591614451868,2096997550028702157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
88KB

MD5
13a6d74ad6b98b7194ac1e2bb91ebf9c

SHA1
f4e125f62cdfdcb8774a8479ce7ab070c88815e8

SHA256
57f0940477fc9fec40f298c5dd6135c961d947d63375f0303b445d22346c8930

SHA512
155e22e639e7eb54ead79ac114e5bcbcd1169359742decb7a62d1172cfe6e8a81002fa28c1a68ad80d9a6dcb1da77de4030207ce3b756ed7f2ea7f5cbf95ca51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
888B

MD5
95b2679ba517687347721dd42e8dabe6

SHA1
fdb825cad12ce3c4dfdfc48604c0bc8e77888078

SHA256
9e8615202d221de59f3f58cc1b9302fe36b1a8772bd4b4941805174fa86792cf

SHA512
ea996b39aa96d216f3c0088471ba11a4d203290387f645da140f1467be7c3799f16229a81687c548b22279afffcd6ed3219a2c622ac6a68f14ea3dd72d09f5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
e09774b7e001b1203f15d43362f19c3f

SHA1
819a97f730fcff7e64dff7b370bfba1ea19f7cb1

SHA256
c61c7cc9075bb3f3e87de02017153c0858758704d77c96d919da8e041ec505d7

SHA512
0229c5dac4d7126843396b5f72190dd900b490b134a3dc938b4eff3c0c1e11f87d7df57c695e37cee2eca4eb0c981924c6d027f83f5cc76f824d6079ad508fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
13c2187cd5b0513d7a842e7cc94103b1

SHA1
9c35f05c5ee9a3e44c4e229afe25dcb0accf924b

SHA256
69cae9b9af3b039e654f4fb64da86b381702a0935950b3afc5d57591b3bc63a4

SHA512
eb32e2b10d5afc4eeecb739ff9edb026452c2c208dbed29eb389346f3058c1b9337ca3234165682ace78d14fc85f2828ea6fddcba488325e19f2110a84ad352a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
60dda0a6401b9e489d018cbe21e90ac7

SHA1
979f49f452e4811e827292669b924b1f6f5669e3

SHA256
aa644aa62f333b27933e43a0112fa074fc15ed1b8e4b04f270eab9e2642ee938

SHA512
c05f8f4b8ce549ca69da4cd0182513d333a59862cd1add02229d1706ccc280eec26c992dfdd1b466d93cad0b01fb87fb22aa637dff92443560f783d397e6606b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
09f5b216ec42a0a1f0295fe37d41fa1d

SHA1
b876667bb56ded236bf9388f0729fdf264af9a0f

SHA256
6162a069bb0de2c7e78010a5f527a77dcfb842ae2d1f264716ff77b1fd908b5e

SHA512
27aeb3bc42be8bd4642960eb7f64bc84f0eedb38bb16686892fbbb067388480a1acafc331a4cae0d6d724a820c2dae12950255592cd7c6938197248cf6b5b957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a6698794846eaf392cf41cf42b360006

SHA1
29aa48f6d93857abfa9c406b7141dc955fb68c8e

SHA256
cfb3ff48f5fee5858c18b1442580f392ce25e15244cdf7ff61bcd6d0e2b6f108

SHA512
75bd465f61f7b7c6f06be30c2c298258895c408adb3fbeb1ea0050b3fad45a1fae73a07028c36e88df4623915ea38a0285bec77aa942ff3171e1ad66594b2163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
e4a1efced4588b98888c7225e9cd7e42

SHA1
d38e48359b2cac1f45d52f0096e14e31566273bf

SHA256
862f247a1d3425532a79628e2f00d44da98ca190d83e203cb31c4065adcb52aa

SHA512
9a4ef3d1c3cb629bd5dd5fd58f55700fc2d984442a76fa737db3e42a8a365e8ecc298ec11b7490b775d19f22c99071ea9c76200f3a407e0cb1fee3d30930f5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
2e2568a548beaf4783e52097ef7aef13

SHA1
13378258ef3ad73bb54a17d92d5559c944117ae0

SHA256
0561211f75879e0c0a3b6798b6f6b4496a347c040390c88863bca1827e7020b6

SHA512
a4698d0f0f182cb231b3dfab161c808ea5efe645564aed68be8433423aaa08f03fe2af0a43e79947a1f5d4153f6fd55871b5ecd3b24222eab43e169200c9add1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
b4b654f94fd48c12a535348aed7c3f2a

SHA1
4956c2707b6368498379f64bfc3a29bb95453231

SHA256
03ed6adecae27eeb6fc83e5e13e22b68e29ed175f76ac073d10cb209bb3b4b48

SHA512
aa012024384514ccfffe53cdbdccc823437cdb0354a44b4740987ccbba753ace1d1f87c8dc9bff5e970796d7c6dc6167b243f23425407fabbfd3356c34f82203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
deaae4b7a328328772301039c41d6a0c

SHA1
630a5b7558ab223dbd149ee98627c9c8d3a99123

SHA256
afd1c86647b4ff2e6b892d13eb663c341989c3cb8c2529eaa5103d9853af2ef5

SHA512
837765b9be58582fcc5772679d7ed8553b0e4f3ec63d330a16297daf0fbb673b4144e3e95ddb82a7378d3f0342b2b48582fe25459ef867041b89739826bacc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
535a28e5213d30a9719b3fae161a5fa3

SHA1
7513d2403db4c14f2155acd5c5399cb62306d0ed

SHA256
1d80197fbc9facf9ee3c47a47ddd170b5f3f454df2c3d127b687f07c834bdbdc

SHA512
b0b4651e1d77cf059bb3057685c5f10b6dbcb59a989062a07de5dca09fba80c8a672736a2cd3a2f31a298458c2da12d07b81375b5d4fffab95566dcedf5359bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
574ee0eb9a9591fe895770096d862981

SHA1
79c1852b91b3c8a97efce8dd3c64ece64ef739f4

SHA256
db04bc475ef00ca60391bba6745316f5e7b79923a3f135e64ae197112159485a

SHA512
1928bf4df1f36cef041d1def81b71c897abfa2e90809bfd1ad04c65a4fa0301e2c5f9cd4a21a0c6b03abd480b31b412d0b43d21037ed6ce8a8bb6fc1afbdb0f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3584_PSQCDPKDKWOXWXRO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit