hxxps://go-link[.]ru/P4YKx

Resubmissions

21-02-2024 11:30

240221-nl61aafa53 10

21-02-2024 11:27

240221-nkhlased7v 10

21-02-2024 11:22

240221-ngvrfsed4x 10

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/P4YKx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4820	msedge.exe
4820	msedge.exe
1320	msedge.exe
1320	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1320 wrote to memory of 3224	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3224	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 404	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 4820	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 4820	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 2208	1320	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/P4YKx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdad7c46f8,0x7ffdad7c4708,0x7ffdad7c4718
2⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 /prefetch:8
2⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
2⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
2⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16251304516417416778,3590977452678404034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
a7acab7ee53aa90148699042ae310d5c

SHA1
4a0a32f83de7c261a03324910004b3b493f32eb2

SHA256
e18b3dc9a66e0525b2bd78653a9135b43ac04479f12b2b16184c05317fa33f0c

SHA512
70ebaac2789c93cdeaf05c3a73ab8ede46a49232f37f5233042ffc24ae30ea6d775a5842dc49c9c649eb3a8eeb38f2a49c0924faaa5cfb936c6f1cc10b0699b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
d45477ba7e9ad6060b4a08ef6df2e44b

SHA1
fb2518def5054425279633424962d95c784aee69

SHA256
7c1f4cd023ba173a087855a9ddaa607dddf9b1058030dcf26b08462eab9fc4bd

SHA512
5d9be793db89ccf911e19aec61220cf9b5dc8437b5fd10f623901cc5253c88c3735b5d850e04f882b5febd01b16d91a75a49733193a08c056f2aba15d4fdab58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
5953714a71cf67653643e498f7235ce8

SHA1
7d214a0660b6b61ef83906715fd680cc5f7492cf

SHA256
b9a35d03cac4d66cb42dfb8940a7e1126de445e7a39c608e0e2883a064e35534

SHA512
a398def34acb217011a360f04ed0c29081efa4917c505166d7359cf9a25dee80e541b8845f16ccf8532548c998d70ce416798efb0a051a222f8f89df7f2b9e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
665538ad6b6cc7c41bddcabdc9a86ca8

SHA1
d50c6f6d5cd20252258451609ca50902c7094e83

SHA256
4f1d8534cadfc5a368c4dd19912b9c4ef390188a386e08608c1f2adf3e113bcf

SHA512
618541740903463b1d38eea54030f013f6e500ba8a7fff94ca0fd52917b419c3b6c7139d24a285c9dc724e1ddc1cadd7f7eca159918bd6f83166948730197f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f89cfe3601f9974499290fcbf8a9e812

SHA1
c5a8956b8b5538c0aa35f03026585be2822c64b2

SHA256
d117e988b37120494b5117c426f6e7cd24b68a076cf8dd7013fcba96af2f2026

SHA512
1e52bda179f1d996bb07fd3eff36728587027b2871a47012a4e60c096160d780d1985a2448c46414be88bcd2871847ad550f9c6c5fd03e718dbddf722b9c2222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1aec86ea0fcbcc0fe669e4c36c3f3c93

SHA1
ff750ae7f0201f6b892e784c3b58fa486bb4500d

SHA256
3391e9eceef0f8e9ceb7d660404ebd106ed1d2d1343aba3f0601dfba9db78748

SHA512
b07964537d328c6ca120e24ccfe8473efec9a08a2ffa8c24606782ad3396addd23d96cce2ddb23222611ce6b337ba580db8f46192e0dd990a5539b12fdb11958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
40003b7bca3147633b209502be5d7b09

SHA1
2006ac977a9f2b8496c488299a2ad514e80526f2

SHA256
b780d9b32f4d52bd05cdbd21745dcc4364703d671398187371e9abb16f6edd0b

SHA512
b23ae0197eaab77a8cfcb271117ade10a4df55ea30e42387957374c6c673a3e43edec29f195132a5614a12ac8a1482e92adc64c0519bb742b2c123ebf015bf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1a84217db60b70f2657421ecd0d9831f

SHA1
be6b5ce2d7409abcc53fefc6980f3a04f0accc4c

SHA256
d96ef847b4197eacf095ef9530fca8a9d9e7c06768c8febe88a05f6799014c37

SHA512
c271bba92eab14d4badf298d384e667523a50c608aa7572e6a87be07180a51a75985c8018ce2289fd1dd701f4845c6a99366b9faca0d3dbfa9fe957683b3a46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5cebe236096433a0506a545370de409e

SHA1
3facf2c1dc397df36beb4bc0917ef5b301ead74e

SHA256
8c1ed7ffa9e4c1acccef8f371922c36fd042356d9caafd746e8f36c20be17779

SHA512
594732054087f18e7b0a8e59fafd735e9da79864c0af7f7a3e7af9aa6deadfc884f05364295ce0b9d3231cbe54ccb52a056c72a7ea1a0da60d2bb39b42c10b09

Download Submit
\??\pipe\LOCAL\crashpad_1320_IJRBIGGQGFUUBECC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit