hxxps://go-link[.]ru/P7Jgb

Resubmissions

26-02-2024 00:21

240226-anpl5agh2w 10

25-02-2024 20:25

240225-y7hvpaca51 10

Analysis

max time kernel
120s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/P7Jgb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3484	msedge.exe
3484	msedge.exe
3524	msedge.exe
3524	msedge.exe
3584	identity_helper.exe
3584	identity_helper.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3524 msedge.exe
3524 msedge.exe
3524 msedge.exe
3524 msedge.exe
3524 msedge.exe
3524 msedge.exe
3524 msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

msedge.exe

pid	process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3524 wrote to memory of 700	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 700	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 684	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3484	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3484	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe
PID 3524 wrote to memory of 3544	3524	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/P7Jgb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd28946f8,0x7fffd2894708,0x7fffd2894718
2⤵
PID:700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
2⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
2⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,17286558246591485487,10923036430326037445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
187639d2f6e40dc7aa1f045547b76307

SHA1
b88b8d48198cfcf5f191bfd3e3b404ba96e7133d

SHA256
cbb62fe3272d6166b4d95a13d2ee54fe1954ebe423bec5d099fa3270b0de7bb2

SHA512
cca8f460f12c0d43228fd4d1162365ddb66880d03057d3498f131ed640a8ec441d729f8b87c56426b04cce9acc91b671ca656abf7f876d48a9c714937ea8618d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
a5c022c21a9a2005880dc09f819ead71

SHA1
2b8f3618e9f2a5b525f649a49d3ac6953bd604a5

SHA256
4c61cd421281feb7cf8fda0a38c112fa8ed993efbdfb0b1d6aa1ac4b52e634e2

SHA512
a7784a660fb76b34f04b8ea5aa7dca39ddf04f207ec9ba298c66d801458bf9ab7699f5eaf5302e73d9ab09b6ad353899fe8aa5b1a93d5c3823b12037ba3eece1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
789B

MD5
c34ca0334282335c567df2e7634a637c

SHA1
bdc47edace6d9d3ea670b3a2f66fa0f5ec844fde

SHA256
4e135bb1d7a176c0177cf499d6ab704453d5446d90bf59dfa9e3b87a114f03a0

SHA512
b9ae9a18b58d42cc6d3ed6620d1f130d4b3c48cfaa306e4096e1a96b4f8fde7586d390fec7d92d0f462bb9feb827bf903cb7a08b8e052d98037384de4e6814cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
94c056388cbf59d746808c6ec13efa73

SHA1
ec9c7a0e467573b1666a259c4d0fec44c30296b8

SHA256
ca736f30513ba3840dddb0f180ae1e0e4a88fcae9c6282025ba33ff10e06b2ea

SHA512
f4e6d53e2e3cfca33c2c4a754fb53c77ffc4a208257cb5b628ff3204686cb2b2b25bea8623449155bce641d60bb3897a8a1309acdaeec7cdcb592e9a6e0f3796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
53fe67947415f4f3240adf755cfcbc11

SHA1
b6312ac2fd2da1b6380cff3879b8f0222a5d1804

SHA256
2e6fbaa51d86e63faf0ec068eda2bc439cccdaacffcde8d06c1bec039fefe99b

SHA512
10716687a1d98e02196dc2ff4997e5af7963de758f84d734d9605df3f5e4173a63a2ebb6566ac5ad7a851dc0c16c8478a1edb9399490744a02031ad30fd5fe4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
780adc7ba603fef6629f7b33a7834dfa

SHA1
51de257dc849904e9824e7843d4c4e9c2de75d56

SHA256
876ef0cb67841c3a59d2e3717da766c00581de795b09a703889d85aafe25022c

SHA512
f795c18db6cf3420252875578ce5146ddc77523340db23e28e08da00af5130af02b5067681fb04fab38c82a0949511aa6b5db2c168c641ee9696ab8987bdc8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0aa27f40988bb8843ed497571a929244

SHA1
68a9cac9792a82b2c8f9d55dd1312ba16c298147

SHA256
71221f3c9964474fb6aba787b3644b635da81e1a42134641eb5fd74b765a4345

SHA512
ffdbeaaf56b899935a41770ad4dad288f6a425849308c07543b6ce9087b97f9d4d4bd84a9e212e5dc26dacc2ce8ef45f2477591081bccb513296ddb8eb0529ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f6b44912d62b8a605e9dc427d8001e76

SHA1
c9bf6dd6fde70e73a70e56e0c8611c924343430f

SHA256
26e2babab17582ee65561307121cdcb96646556d729763ba606b0e4c2805d56a

SHA512
af8bcd34eb8c9d9ede8b73917e02867910cabccad0216b74aacdae6a2729b8f15097c37770ef69ce80e957eb805bc073b9a9f7a3f28f66469ddec7dae9f4b1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
66641054cb2d8d6be2306ce2e43a1df9

SHA1
fc732e85c04b1000994c6ed5da752fecf5204637

SHA256
3b1985b29492ecc08b059896c502ce94f7f5f968992c671591fafb62160bb9c6

SHA512
39e4b52a350a6f603f51d741a1fab75f11266be43824a1a69869f388230f074e10a92eaea256f13f049d1da83877d818ed7b83bcba54ce6de99defc1b59d0bb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3524_ACJPBFUQUPZCWCTK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit