Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240220-en -
resource tags
arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system -
submitted
21-02-2024 15:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://go-link.ru/P2YXa
Resource
win10v2004-20240220-en
General
-
Target
https://go-link.ru/P2YXa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4668 msedge.exe 4668 msedge.exe 532 msedge.exe 532 msedge.exe 3136 identity_helper.exe 3136 identity_helper.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe -
Suspicious use of FindShellTrayWindow 29 IoCs
Processes:
msedge.exepid process 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe 532 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 532 wrote to memory of 3244 532 msedge.exe msedge.exe PID 532 wrote to memory of 3244 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 3196 532 msedge.exe msedge.exe PID 532 wrote to memory of 4668 532 msedge.exe msedge.exe PID 532 wrote to memory of 4668 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe PID 532 wrote to memory of 4976 532 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/P2YXa1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8014146f8,0x7ff801414708,0x7ff8014147182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16947318365838993303,363343385794945622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53300b8028991d6e234684db7803b66f9
SHA196df26150566233e1e0201bf17b4ea896861862e
SHA2565b7786b5ae4ba62b88bdbd0992a8fd96b37e4c7068e2fd23d0b33acf769d00cc
SHA5122f2dff4c24d4fd60160f70d544059bf02eca983309ff46bb7a1cb4d7c413e291c1520842e1922be55a4058380cd041cb6b4d9e70cdc5e4e00880fe13472df031
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a7f6a4b84d93993fde98d6553834416b
SHA14b4a227af10826f5a2f2e9b232ddb0336b3066f1
SHA256843a9671b3fab9337d8d600e170f9ac8b200a2faf63b5a8cd16f157bcf73c21d
SHA512ccfe39c47109dbf71c74ff6950526be7fcd521462f80e69e27388a9757d7f1adebf5f723c46b1631ffe3e2b4aa5829655d556bff8bd7e0f9f87fca46545bfb97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019Filesize
121KB
MD52d64caa5ecbf5e42cbb766ca4d85e90e
SHA1147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001aFilesize
119KB
MD557613e143ff3dae10f282e84a066de28
SHA188756cc8c6db645b5f20aa17b14feefb4411c25f
SHA25619b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA51294f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001bFilesize
115KB
MD5ce6bda6643b662a41b9fb570bdf72f83
SHA187bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8
SHA2560adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
SHA5128023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
432B
MD52a5f89fdad137d797e69cec7e0d3e0a9
SHA1129e0ef3ffb2fadc796532c4a878cb2b7442de5e
SHA256f3526bd8c226bcf3cf72119f712d18e13f71cb8ccbb012239a62accefd9c90ed
SHA51247c04c934b16d7a89449026a8ed3736807bce777252a110841b883074acea0ef656f874dd59f118fd8b33707cba97fa7b81bbb4d4eeacfd6272eb003c55a1abf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD56b8e0de1a297dd22b077afcc12417832
SHA178d36002b1cb92500d62ba53af290d2f63359d32
SHA2566f2a0b6b01e84d77a62924c9b774f8fe578d6527c1f8ef4753e06eecf5c3f294
SHA5129b8c9cabf758c449ef7edf69b83cb121f35a4e89dc50bc2854cda379a67cb09d8454855223cc44c254e6348f848206c6dd706e0b656c7533f05926b7e11c7b38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
927B
MD5e4c6245bf16773364c08daad3f6d6ed2
SHA16f5f6990f7102a7ca8f30ba78673c05455e68624
SHA256b30b09d8f2e23934dc5a178999bff29337c98bd48438614d7a4fccc604f2eb9f
SHA512a5016f8e3129f6a02532647c54e542b31eb770019bd2bef443ef5e3f5b8173320d9bcbcae628bb82b5a8f75fb86292c0352817134b0d359f25c7e3c9c8060754
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5581e69acdba7b550178bc5c45fb62d23
SHA1186fb23a0d2bfebe58071a171f3d947fe84c6b5a
SHA256d930c4b0b04150ad57f288f7e7f4ee4c4b7f21ed12bfbace4a9620bc6ea6d90a
SHA512a73dc13bade82c8a0aba6bb3b27192d9dc75c22169e9bfe1e286a17d0ca7485cd9501c555025f98796c21b15ae7c0a9049232284984876e5e8b947309706452e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d3996a640df07c69caa853d88a13e4e4
SHA1c65a403dbdc90f8b6f11cb69460b1d4f312fe064
SHA25675873a0431c55d411a43dcddd93e90f1d241eadfaaf07ac2aa1cc060aabe83ea
SHA51280ccf3b227b0b643ab2ba8030906cb882b22b88ec1bdb2dfc937ade970e2d1ed59d7e271f72871be4f01c7c8313397a4e2bc8b38e16906c3c8d505ac651e0bf4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d3dcd304fcbe2ce7940fbec816b50970
SHA1f6e0e095e1319c4f02fd16484005f17e7aae4e4b
SHA256573e34ba4b4943cbfe747e108d5656657f728d1c535dd53b1dfc9883d97488e9
SHA512d27f13a658a9a34269d6076c31afe94dc571086729d56eecdcf098c2eb38d783dee58d4d5ffa74f4c8b9bb47ce6cf9614f6290b1168f89f04bf68605213cb573
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c2fb1276e09afe74681747c1c1ba1d0b
SHA193891799babc81a84bc5f35e2853d9d3d308a701
SHA256ec8de38bffd884bae55c7fb314abe5b88481a025f9871249021ebb633aec9abb
SHA5125fbfc8ac3c5a793232c00c9c71449e97f61ac945eef6e6d33c387b2b842eac4af16108a7dbafa3345805d75169b424574e455e30601576e47d587bfe25b6d4fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d16449cda360743efda77ef41d90acf9
SHA10453beb8f2085f2b23cdea493155bbcbf933d636
SHA25635259c1b77aaab0735253d75d64e244baa0e468ef6fcfec67e6200b6652111be
SHA5123ce5aa0cade4bd7644b6379336da5275edd96da5738b1a63d422cc141b0fc99e5b50c1f9095be5d3dcfd8c74e00cde94aa8d8acafdafc87fa417e24a54cc42f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5f003de928b3ac7e775278f86f9bfaccf
SHA1154fffdf1c3ff766c538be64895208822f8cdc37
SHA2565ab21a1342196167227ab2a345b7c90aa7af1af7fa215249c4d09f0a8d1ac4c6
SHA512c7a0f84e99f0bcd93bc370eaac954b4132dcc17485e6975c70992517a1a1f57e65a74e5fa2f3db7b7f5ec548b55fdf457802ca2512bd497ccb3a0c51af43884f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_532_XXNZWCNDRZKMHFTJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e