hxxps://go-link[.]ru/jgBb0

Resubmissions

10-03-2024 22:46

240310-2pzx2ade8v 10

01-03-2024 07:47

240301-jmrvjaee75 10

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-03-2024 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/jgBb0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1260	msedge.exe
1260	msedge.exe
1440	msedge.exe
1440	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1440 msedge.exe
1440 msedge.exe
1440 msedge.exe
1440 msedge.exe
1440 msedge.exe
1440 msedge.exe
1440 msedge.exe
1440 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1440 wrote to memory of 4724	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 4724	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 5040	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 1260	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 1260	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe
PID 1440 wrote to memory of 3472	1440	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/jgBb0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd64b046f8,0x7ffd64b04708,0x7ffd64b04718
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
2⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,10472289132762428181,6897430956934756383,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4900 /prefetch:8
2⤵
PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
b9120366f76ce07c7fb6176677103a24

SHA1
3a847cacd4518bd0bf55cedb2f97f2ebbb125d3e

SHA256
7e50d5a26e250e4bbf4ed4db4cfe511d96661960ab7b7f5e7998b857817d8694

SHA512
ee80a237efee1e778b976588311510e77a4b94a3f9970237b413a98a7b808b31dce576d03cef11eee58f936a0d3b94dfc722114e651a96fd7d4ab02787ba1c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
5bc96b3e2a8a7b8addd0b3a7d2da419a

SHA1
91a723b86b9984d4d507dea483b1ed61ef043c4d

SHA256
6e43f6be0b6eb7b77556f1d728da2947f27966fb2c358b6cac76b56f45e2bc2d

SHA512
783bf1d9901be678e7eeca2fbcb8aca93211c32dbc757879f9c3c8f08ca086f7d781c0089cd126135bf55dc71dad063d1870bc011c723a5761b25e53abeef3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
9b35a1f92c7c5193cb999dd5b8acdb86

SHA1
ca9b49869687435461ac76bcf24ae157f8f3e014

SHA256
fb6fa506e2015fc72576b9111f1732e8d3b7076c0cc6a7a07dc227b064120bf7

SHA512
d3b8fb41e4aea1c33fb086cfebdf8efec970061950d686b5e542813b972505202252806f3112146314cf45d427672ca2a47407a7ca2db54115375f2cb146832e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
7a0b62883476051ec762800fdcb7fa68

SHA1
32aaaa4c3ee0b9d8cc4aeb8c9a1486338550532b

SHA256
264662ecbc04bfe1221422e2ae9d8e39ceefcb9bfb36f115f89d29dc27663d50

SHA512
8a561dfbaf3b281158bdabe545caa7ac6168369e3f3162247e2cadf3d0a22baeaf76b90ea0fb0c27505fec776d438478784a4910c646c31e7abda0c97161ba32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1a1a6cea18d31740fa82c94e79654e8f

SHA1
3be98790782bba6219438ae62771fee559e58d71

SHA256
ad84a274789dd77a14a0e6af543b6ec63b9ccd522128a8955ccffc0a86cc9fa5

SHA512
268a61fb76a6cd1318b9b23643256e836d6e153d60a700a636579e0f27e403aa649d5f78bae4bf7ea58b4ef0924cd289c080ba7e0e26da7e5cf94b87a83ab15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c4cb7ce9b8723200ed8af4432089f334

SHA1
8b13326da0630685aadb735f6ae3a19413de06cb

SHA256
803c021a5dffb1523073830d41939aa9c7330b1de7fc2799b872b699d10b924a

SHA512
71270b31609ccfc34dcd2ac44e2fdcaf96b5d854ae45c4ba0baa8161c5f7989116e94f8d7345845c383c07e81f4ea9f25bfaad67da8e1897ee156ebb511fef57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ad1cd925501d01672c2dc3ed8641f4d9

SHA1
ff324f17e9c6a5d9a15021d78eab3bc5e1636f66

SHA256
284bbb1a65796278f52f011b1b3e0af866eed08e0e1922a54c3b74b2c9c2f768

SHA512
8f32bc8a3064b10bb10a39ae9b6fcb4ebe7d3e4a04f95538838feb40f7c2fbea3e64fa2a8a02a912ec8de76f6e4498dd658ffa92d1fc57724e7593dd990d0a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
695e806630c0539ff16f976ba06f30d3

SHA1
5566e5d960f814b191e07dcc802aa1db07438706

SHA256
fc6e083acac8e9529d1f7a46c81101a51d60fcf5503baac7b905fb487ed1fc94

SHA512
20eafe7a7713cb621c7b3c3c2cc1ebb8c2b65b5cd9e0c4ed7d7bcbdfbf05c137f00ce5e9a1b1235ae586dc187220f43b82a5037041959d310d3afcde2ff80c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
868B

MD5
7b081f30d076f5e8e7d0466b45ee32d7

SHA1
29e450b41f442f6c9a7305db7985cfc7a377db8c

SHA256
1093d13647bc2c4cec214f344644d50325a7a57676692821b847c65232d46c1e

SHA512
57fd450e2ac7ea541b27a51bbcc956186718fe9b1071dcf09c75411a963bd1b9c6bd287c180b9aa9b40665072dc32d01ff20fb971b86853779aa8f212115c1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
d72a03306d4fdcc61763509c0b403a85

SHA1
3c8f72a5598075ad29f3677b463363ada605f51d

SHA256
fedba2a1476c15aba14515cd9e2394d52e47712f161fcb34bb43750c80e3e077

SHA512
3ab1e4214793c46563532ee0a06792a5262168af95b82c415abd538095e7ac7094a7505a050f25360ec634397f4be79f2518540e4b48e3c6e70c47d8d64675ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ff4.TMP
Filesize
539B

MD5
00c2e1e3c01390939d55da18be6e03c0

SHA1
c86b733f0a346045a5423d95328e4a058a604401

SHA256
0b9d5936d2b9e550f4bd05f75303c85d2ef5f5f701e7a65fc079070fda4c3a88

SHA512
5d12e89198f73e763c0205626dda33fe380529364a470bdf522f03bf138d072ff84465e3f1b5f13942f0df13be90825da55d6e874274ccc98b318a73aff97015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f91c90b7-48aa-49b1-8272-75a868dc0f0b.tmp
Filesize
7KB

MD5
f95a60e225b44cb7d86b9ca6d3d9bc8d

SHA1
c256ca13ed5ab992cea91d5638d63af7788ea445

SHA256
9db39a272c0f56741ae0fc2f8fae820dcadb34fc3d20c6326d30f38083a54e07

SHA512
d4dd2e1e4a26c92dd258686db9a8d9cfa9eb826234c6638754e63971e029229645425a186f2e65f90a8fd37fd7c96e0cff40a26138ed677060a705b88d963a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1842caca267863e1e8a25fa8dec0ad9a

SHA1
8847b4cb32fb327b93a87e669a612bc6bb302f6d

SHA256
2ec074f5db151a42b1f7cddb541b4bd0920eeec686f76b41acb2057a21a8d1ce

SHA512
5a16e68f76eb4b932eecfafaa521041585da825570bc11537d5800fb851bfb0136f6c382755bd5e9efca5a5bdf3dd50fa089139a06f3a62a1b1a26d8ff343d22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1440_OAXYATFLANTGSBFZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit