hxxps://go-link[.]ru/P7Jgb

Resubmissions

26-02-2024 14:27

240226-rsxa7sgc42 10

26-02-2024 14:23

240226-rqjmbsge7y 10

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/P7Jgb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4512	msedge.exe
4512	msedge.exe
984	msedge.exe
984	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe
2928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

984 msedge.exe
984 msedge.exe
984 msedge.exe
984 msedge.exe
984 msedge.exe
984 msedge.exe
984 msedge.exe
984 msedge.exe
984 msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

msedge.exe

pid	process
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

msedge.exe

pid	process
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 984 wrote to memory of 4344	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4344	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 3888	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4512	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4512	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe
PID 984 wrote to memory of 4904	984	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/P7Jgb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd794b46f8,0x7ffd794b4708,0x7ffd794b4718
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
2⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9569995601262151890,5937828863229592600,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
b5ad9dcf082f2fe4318459d778311e4e

SHA1
1063143dab29b957c68b73351fdfb0adc407510c

SHA256
2b75fa0c729d4d67fbef4c7afec97bf2d8503a209dd8ce546bc661042abf1753

SHA512
63874146454764d7774b4142980ac8addc9994263983464e7d7f11e61d14787da7c6a5f189d10c72342c67cde7d86ea1efa64d4ce07991ec328de363bf904653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
765B

MD5
548c52fb2bd62aed53c7c5d43f6a4008

SHA1
e153518e950fd738b5fb618477f550a078ad0b54

SHA256
b0ba914ec55e31bed128a8bfe379a6197d3f6d527f5d7a15e1598eb403541a62

SHA512
fce7082d75ef685a1f12c3ec9b4a3ad6a300db3892bbee61f1dcb6ff78cab2364e06b5f7ac90b95dfb7e5b2ac07285ac17088aa5c4d384f564a23f230516e2ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
695B

MD5
6945ac1c6352a1f45c3fba1c5a413078

SHA1
8648c37bfd4d51abe0a03c682770d64dde2902f4

SHA256
028ac22ef3b44ca90bb6c3b6a14ca9fc4119ee81cc735188c8cf6acb1d646745

SHA512
08a1053591d37e8bbaef0a81cc574e7d3b7e8fa8d6ad61c7e9f4477f920dc1914993c87b09a75931df39f9e3bcf681f6efc173c97bd0098a89fc3ba18b11e676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1130ba14487ffbfdbef136ad9d54531a

SHA1
1c298498125c91ffad57539c10936729c5166098

SHA256
4489c21ec0a9aceb4915927f473bf7705bf7c7691a1e2056ba31414ee31f2774

SHA512
499578cf5ef810aa55c436f0b89e8302ad1bc4b42ec704241bf2a6a0096a2fe882787c3d2289499f5a5c03a766564f714dc540f5dd86192a38d8ba6a35dab245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a5b70ef971b2391c64bfac0b151e442c

SHA1
56917701af29e1a4fe9e1d2797cf711cbd0642de

SHA256
6e2827e834b4b8f76c6782143dffd8cfe07430cfeaabd6a3b195e7e86ca7521b

SHA512
d6aec6612d6997c68e4a06fc4964daebf175e75dd1127eafa38f6ff915467b817cfdb4d11e5b1d1a2722343fa81de1e0a8ada77f47d4844626ad03a063db0429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
55fa8bd6ddbb76526e8b181646c27bbe

SHA1
06bb4928e9612ab605289072026bfd62c5375af5

SHA256
4b17d3902ddbbc54fefb0de10b3fb0c3eb7511d80b80bb4bccb59f922942fca5

SHA512
6ff93402327af69550e71e1d23a54c7839369e1b9a10eeefa9f86e6b4409ac4ccae4b37a89f3b409fda65e45f286af0d51f6c4324efda76f535a9b812771a433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b1742554e73e9cf765adcb75b733af63

SHA1
8767348cd0b04c9d78b0392006d072cfdaac3a06

SHA256
7729f187667bc63e0a23dbda644eb6e67c816eb02ca96670bfb12bf808cab10a

SHA512
9d9f45d23a2fdc865ca9ff9ba41abc9ce7beffaf1c93ea190bbe23feb34306874ffc351a478ad6efb9e811d3af16fbc7f9a53a78363e619cbe4217169d03df7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f8bffb8c4bff5a8f2b7adae6f8d55ffd

SHA1
b487ceac02f6102cc78d1280415688a3c9a6f042

SHA256
8e4735091d060308566ef0f3019eed391ee8b44d4f2719c26be4ec7d65637203

SHA512
790962b904c3c7385a164ecfd92a7503c2761d811d3eb5c2dc05673987104ed8678edd258d9b76221494e8313c61b8fec96780ebc66cbc38f4f3c65ee1bafe86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c89dd5152c111032f8e712d29f5ee0af

SHA1
0d9159afc7216b5cf0168427f58bdcd3007caaea

SHA256
290b697ba12369cbcb0836c41d098f2facc2f89f98af10417c88ab771c5f8ff3

SHA512
11f78835084c49a251f25373139fcf178583dddff31b8d3ddc5be0bfe6823dbc4069a1fe4a2965c60acb1fd8d93aa5dcd6df210c097c1e408877150dd46025bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e7a9f132c0c76197de3f54d3f48e8bc2

SHA1
65941062168359503c4054ff19c50f96f9bbeab2

SHA256
111757e63088fa76d7bcbbeeddc8b89e770c7242ca2e599994d8a2b5f61cd1f3

SHA512
c5547792a5fb38a14bf31b1b802fd9f79e64dc442a96edadb0ceb2d02243bb05bec1cb93485313814628b982ced2ca9965bd7c438e9198ed3f01b28c417665aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1131537ba8e1235acd40b289f2f2b7f8

SHA1
62b9144e1a0b4d6ec48376892ca47a976ee706ef

SHA256
5762b5f9affe56312a57082d519d2342a4c891587a270ed02d414c32b1de31dd

SHA512
f1777f7756e2d99336798095680cfd5178f319853b23a1f2109b5687efcb489b38ac84a91f11e67d23d1abf0b5028229b8942e99fad8b8979b7490ae5ab96e53

Download Submit
\??\pipe\LOCAL\crashpad_984_YWSOAEIJRMVXLPRH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit