hxxps://go-link[.]ru/mBYrb

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/mBYrb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4976	msedge.exe
4976	msedge.exe
3212	msedge.exe
3212	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exe

pid	process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3212 wrote to memory of 2008	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2008	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 2620	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 4976	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 4976	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1720	3212	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/mBYrb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffc4746f8,0x7ffffc474708,0x7ffffc474718
2⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10990974557728841984,12142914352200783878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3300b8028991d6e234684db7803b66f9

SHA1
96df26150566233e1e0201bf17b4ea896861862e

SHA256
5b7786b5ae4ba62b88bdbd0992a8fd96b37e4c7068e2fd23d0b33acf769d00cc

SHA512
2f2dff4c24d4fd60160f70d544059bf02eca983309ff46bb7a1cb4d7c413e291c1520842e1922be55a4058380cd041cb6b4d9e70cdc5e4e00880fe13472df031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a7f6a4b84d93993fde98d6553834416b

SHA1
4b4a227af10826f5a2f2e9b232ddb0336b3066f1

SHA256
843a9671b3fab9337d8d600e170f9ac8b200a2faf63b5a8cd16f157bcf73c21d

SHA512
ccfe39c47109dbf71c74ff6950526be7fcd521462f80e69e27388a9757d7f1adebf5f723c46b1631ffe3e2b4aa5829655d556bff8bd7e0f9f87fca46545bfb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
45e0e00500dc21e6aabb63296ffb92f2

SHA1
815a546566799f403337af8eaf267d0c6dcf2b1d

SHA256
5b31495c6076df945c323c1a0193d2134a7c08633872919e90014a1a30935191

SHA512
6fdcc2165a5045a5a776367ab00fab6729a2607c280ce8fcbc3065c2bb49f743f9cd5bcfe47aae270af82281944fd73a8ac3e300bb8ef9515b5ca1b8d7c14b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
eeeff20b92ae12cdadd5cee431dc8bd6

SHA1
3013ee941a6793f96915e46893da3e97808c2e25

SHA256
14918fd74fc79dfce9ed2fce31345b3c887b5d0dd77176601ed189e79fd2088f

SHA512
3f07156321c59eb5fb4e891ba68de7e092bbc866141622b3fe71c421031a5af12fb50fcf48e424a4764f43c96f8346935f7b1a74d61b1b3c4aba7ba4e643f3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
878B

MD5
a5af792391d55f339aea0d674b5625a4

SHA1
71462383519ba01c7571dd4f5af4be6455f11610

SHA256
039f23279e1dec67983743dbaf853def4ec7f5079a8c1a7412682208b509a09c

SHA512
525bb7f1b905e5948bcae2a4a360619c59e82ab061c8372fc1bba41b47ffbbf55301ede00cb37e662990a16086d68de03bdffd1fd49c6015215cadedc9133ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6ce95b95b1222de725907d9976ca878f

SHA1
1a86ad1852417848be15d3c4e1e64a339274d8f7

SHA256
8a2612192e4c6a53989ab793d7b57db97fe53ca5e1d96f7384b9d81e9dc1c9cc

SHA512
9d1dc3faf5b73bf4c2bbe795237883d34cafbb91b87adef5458b9b8f1ab0433e6289f404e81a0cbe0b047e1768caea677cac9caf10c926b8ec4c15217ddce9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
37c67f9171dc994ef856f583b8015351

SHA1
079d9ed0daa42c393d8c8fa18dab54fd58d880f6

SHA256
f7e0a833cd43477b32b9d7ff4447c9f2ed0f79b87d1e30a9c834fab0b4e19179

SHA512
630a6515a2662b5a52803adf0c4bf0485ad6b05280919112f109ccf9a94ebd548a9b0bc11d1f3df2744ff66ee9009216d65fe889b5c8363f701028a432bc9108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
09027dd35999859e99d32a2da219f15b

SHA1
cecd4cc8870918491590e3b31838f50610e9befe

SHA256
30f4793d930b975958d86ab5752768f763fd39015663dca633cf3cef04a1b1b5

SHA512
dcd80c935ce67fd59fdf93fecb41527b53ed4058e073e1bf14a69eb2e848f8608b523b54fb2c90551ee73ec4a2fed1214c7357d7c7f630d1d5fb050e930f0430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3619afa4b8bd0ac0a95ef57e47d7c377

SHA1
5f3ef3d5c7ca65c4156d7ad1ecbbed16a2673d0a

SHA256
49d0d7a5c022a358eb0c887ff71ac53aab0362eab0567b7e0d10cdf422265664

SHA512
bc5c9aa6dc30a09410919871b31e2632478f819fa0be0a78a01932a3c7a5d2f9348b39299ba13bff0a90128743f031af1dbce57ba10fcfccfaf1365c41a39813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8de4c2804cb11bb8ada000a05f5506c9

SHA1
d3a8e489b264ecde0c6762f558e33aecfc214be3

SHA256
68458c0d0ac3c6f419cda854ac4a68bbdb9a794a6fdf9725dcd0d9845c4952dc

SHA512
2df206a48c5e2b7cb14ad1755783520cfc8bd14ed3867c8644f4b42df7c5a48ff1d171bc9de9f2882f279eab502b5cb42485398964e3af7b6ea8ffc0cef6e4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
61ba9d3bba8259d79811cecfc84fa128

SHA1
ad0da72976815fa203c35092a06d4c401c13597b

SHA256
d6da5e9eb0da78d84e2244d28bcba7ea32e3924dfdac70df9b60590b37f99591

SHA512
3886375f8a9fbb69c0d795e787172a635c0d88d939ce51dcf50a0d018549848b06fc6688c58a34d4c154285f6c2292216b338b6ad07b1f411c4643937c9fbbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c85.TMP
Filesize
204B

MD5
21148fdaddf8075dd7dd5410611a9107

SHA1
b17fd0a21f1e7dd57674562fa34859a78d1b69fc

SHA256
ecdf1a95346e14970ca687d10d9cf986cb8ac96f71f681112ab579ebd4ca4a3c

SHA512
dc035fb5056b47744ad924c2239264f2556e09110d7fe2deccdd1b870e5acc17500152cf219f814c607fa1d07038074fd3e0be0d6923196311026ff25b491af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0995cfc1b70203a38d12ed713d4d432a

SHA1
9dfbfe132a266d3760fde7c98355bdb59a574d8c

SHA256
89f844a09900b03c651e7cf32bb7ecafce78f950a0f26d19a1e40b65a1dfb249

SHA512
7f6e343a3860bfcb1f4950a481fa5cabac95a9f46b93457ac33db4c5d9fa7ee2e16f5bdcd11654e5a015e74708a82f2c39cb0edeb592d5dd5087bd579930d9bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3212_LSTRCNKPWENZXGCE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit