hxxps://go-link[.]ru/mp4Gn

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/mp4Gn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4624	msedge.exe
4624	msedge.exe
4272	msedge.exe
4272	msedge.exe
2504	identity_helper.exe
2504	identity_helper.exe
6116	msedge.exe
6116	msedge.exe
6116	msedge.exe
6116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 2312 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	2312	svchost.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exe

pid	process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4272 wrote to memory of 3804	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3804	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3708	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 4624	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 4624	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe
PID 4272 wrote to memory of 3352	4272	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/mp4Gn
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa93e46f8,0x7fffa93e4708,0x7fffa93e4718
2⤵
PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:1432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
2⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14907129059867687527,14367148126477813885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:6136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:760

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2312

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
b7caf6a6a5cc94055fee80e39534db03

SHA1
b564deb6bc0f5a231ece9c9ce926fc377e67d575

SHA256
2f61a23ac46ad3e242120f913937a8faaea61ae91821497ed405f0a6e5d0420a

SHA512
d85dd831744013e51b14440fcb3ce195abbb10557bb6f00c2f326bd93c84ec2c770ba676a6164b3c30cf335c3d56b85443b7a6f045212f8cd44b5783a2994704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
76e6a6871b70a09a4b472f08bfe48bcc

SHA1
68c015c123c7a09300d2a41535c5143b4ddca93f

SHA256
d573590cc2998a27a1c29b1980259e539971d13a2085b569812250e54fa85e1c

SHA512
843cab26027c2e2bff7e08c0a6c2e489e7318ae4b6b29ab0fb65b89b34bea279ffc4a55340692fa5187edffa1bb30f57d6807268208616133c0a3bedb32d052a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
ec32ae008359f5d1d1b5838523e3d8ee

SHA1
06fb26bc9b072cbfab043d61f48eb6ac33583348

SHA256
1455d3df82a8c9702ce6df43a6745db3a8d147ea185d9335df7bedf5e2f43905

SHA512
2977d466598a413dd16c66493d2a397c2670e54924c0bf3bb7b75442e8cc416a9aa721923792d9187acf640b6221dc48105f41ce894d525d1c6a43104a46c98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
855B

MD5
9a5d32866ecbfb240f74c3c7cecbffc0

SHA1
a2690d3dd38c93cbdd1873a255c2ffb5e773a6a3

SHA256
25cccbe58ffd0c6151992527c738a56d45027ee5f53ed63d4c3c5a1f66a00a64

SHA512
9d7c9fab5746d3a5c95036a36f7cf08be6520e26a0b07e076b67b5b2f193455f1d88c428010d1edb07210afdca7522994822cdd649dcd81299db5155e18d3cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
855B

MD5
85f0fac0fc0611cb95d960d7fb3c5447

SHA1
d51fb72d7f57c8594066d00d272f5a17a50d44f3

SHA256
7a6063ce8fe1b403b26898ead67e09d6c2f71f18fc9b371da0f2259a6b47afd2

SHA512
ce9151698ba6b5e035c7c61a512cbb587d8b79e8f0bd575d363e772c5b918f88d8ca7b05b600aa9b6adc1e2dcb0b37d8e72e9144b5ac931f69af74d92b4f0c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
935B

MD5
cc3faf5d44ac5f36094078457db08ddc

SHA1
5c378baa0b9420ab7022b492ee24596a4d631b53

SHA256
66ae6e35552bef021d8f8ddd3df35795bab7ee32a3e134476dc53016474d2b0d

SHA512
51a2462fc607ff0dfb161a2ef48c1056334fa69c78c89779240b0553fb9166773631356010f2a36735e3b05d543b24b67ee91cdd55ab15a0d115ad4d80b59e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
335eeae177e098f5b4d0736aa3ae0403

SHA1
7bb8dab63c4df5cd9a09a6e6b3c657dedd97eda7

SHA256
efcb84e4d181190c9de00b9add0c01e6b7057c6bd5abc683c848efb219226994

SHA512
bde77d5381eca2638c5f3586ac0bd848b8bac5ada95c596e14a4745e62f6bd003bf4d5c48464462f1b5014a720baceafddf449e900b1b1b1e22c5eecfe465dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b00c0a1edbcb03a9948687973d240045

SHA1
f958045283e603daf443aee3b2223b7dda6fd775

SHA256
f5b73556e4c96ab0031fa30840d96189d243922ff063343b992bd9a1f3445352

SHA512
4b432c5c53f4ac45011126a584727b3b5f817c8e4e68e66208d18262ce44560b989bda1c0f71f50e0a75503835bd77008eb9f69db2a0755b5e69b91e782c6b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f2d1b7d8374e8a3aa478248fef96c971

SHA1
8ee76bb48957fc348f931913835bd3b42f1a4b7a

SHA256
71500ce041d763d12bb589e3561d47af3f67d98782a9eb65dde506f873708685

SHA512
b8c1ce35d32cd62ff18e40f7b3a9f9e90bb17d291e0002e575add1676eff64bd3c8475cf5c3887817462f9948b7b6fdbac1a7a140b01f5642ca1a303abe2e858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
d6a1753729f6c5ce8f3b4c0533ccc184

SHA1
89035cf0457917cd492ce1bd2f104a7c3687df21

SHA256
1401216bd5474b6dcfe3abaeff74de3c7906dd7fda27ba56c75b46d04263a3c3

SHA512
857e2d946eb0122ebfb053ae2fd0c14f1bb6ba344c956f7b0b02b6bbde30f6abe68a59641fa4fb628f8e479156790ec0f19dc9c7b108e6b4adb287fde1f77787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f1125bf3e1a79b8f54e5c05c916988f2

SHA1
0bb6e884a4bf9dd45086ddd1df1a0bb6b19cd832

SHA256
208ab688eb015f1eb0947a5a51d90f1ca12b01e49ecaed1d28dc7dfee7d6000e

SHA512
b34fe2d8d95def983ea12a3bd77cb1fffb2d89e46ccd6bd9c7569575913f78c68eaa10fc5ca6677e95c93fc631a27da3bfd7154450db0d958d77b6ee17f80976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1a13005b187a72a1ab8f48629182dd9e

SHA1
605554684d3f264cd0e0d48d102003d51de0a266

SHA256
fa814c578d0eac8c1970c21f64d650d9807f82976a407902a27484c0c102e980

SHA512
608fd75aabd5b1bd61c797668e8b6d030b2399f955d4274b85120e4330818ac62d6cd71da3c6e018f441a8e413301f7815b54f7fea34eea1ebe2ae013d6ab35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b14ef955534dbbf575c30166af5bd702

SHA1
306887036c24e358651d1a266f566e346b893f48

SHA256
a4197a9d86deb1a674a8c7f103878b00f0129afb3b1d5911827b88d8d2e91942

SHA512
f28e8504de9ba734675e81a0d5ae01e5a9af44de3a7f9fe80162f5017d72462f3a108922c2756bae7484bc4623520ad4ec8fac58cac8d4e6dcbfdee681e94959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
703B

MD5
6e744a8e651e5f260eba5a0a8e983838

SHA1
4a4aa474b3ca6c7b96a25f34f072af4428fbdcba

SHA256
03504eff0d3b31cab17c455d249528fb272a6b1fcef7420b80c898954ca27271

SHA512
9407df5b9eef8f6ab8615bf2dbf9c4ba25023d9a630ad8677e4739d67ad43191daf09b7ccda5c95a9d3af483a7ced3c89ad3e25c8fd4af6badbcb7f10f64c628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
b89cdedf7382ae9ed69a1c50a3cf3fed

SHA1
3eacc1e972c2af1e407f8eaa6799decb52747487

SHA256
07a47a5bbdf37752f258a1cabcbb4b2924d05cc5f1d70e89b47a9f1039c24154

SHA512
2ee9eb58be0538180045c5847bb6faaa2d05123147a4b80622e971b614b5e57129dc3ebb8505c43b846e4f68c9aad4ff8d5e028d374f0f075a89932580a8a32d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a7b0.TMP
Filesize
536B

MD5
80ca7d13ea2a401d8208d0286b35a287

SHA1
b50c918a65d8a69131508eb3507819d66bc2bb34

SHA256
9f83db4379be6e5985421d1948ac189d8f4483feb593f478fa3590bd055e9da6

SHA512
b95cb3a606d15ff05fcbada49d0d0b59c339de79a9ba87adbbbae4ab92d0567078888f25dc0a9a70cb749e7d64ec9d9ec182f404f23f6bdc78782376da0ab2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fd4689be3c74740c69500cc92f6568c4

SHA1
0d3c726bb0798cc23c262a7fb4bc5c5171961ac5

SHA256
392368cae1975e2fbdfccb61ed59c779fd089d6c1474f1cdb1f560817fbbd7d0

SHA512
cb966b70ced2fa8852447ee387202c94a7e53af3b37f536ec9d9264968466fc248ea23a58ed3a8aa81d5c8a9dcad896473107181d53d0e227fc538977fe8024a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b4811566173f9a4113365bb71ade43e0

SHA1
a656e4d685bc1cbbd2d992123408e451c57f722e

SHA256
e7a2c027177777ba86d1f4e8b2db9249e121451e27f54044b71247f2ab0f2c70

SHA512
7492c65117aeb68f446b82bf6a765b68051b667aa0580f6175a017ae5c385da0fbd2f863abc9b64bb2c580d814a39689ae211801bddd815b6bd7355609acf311

Download Submit
\??\pipe\LOCAL\crashpad_4272_EJJHJKOGRTEWJOBD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2312-378-0x000001C32C540000-0x000001C32C550000-memory.dmp

Filesize
64KB

Download
memory/2312-394-0x000001C32C640000-0x000001C32C650000-memory.dmp

Filesize
64KB

Download
memory/2312-410-0x000001C334C30000-0x000001C334C31000-memory.dmp

Filesize
4KB

Download
memory/2312-411-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-412-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-413-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-414-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-415-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-416-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-417-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-418-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-419-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-420-0x000001C334C60000-0x000001C334C61000-memory.dmp

Filesize
4KB

Download
memory/2312-421-0x000001C334880000-0x000001C334881000-memory.dmp

Filesize
4KB

Download
memory/2312-422-0x000001C334870000-0x000001C334871000-memory.dmp

Filesize
4KB

Download
memory/2312-424-0x000001C334880000-0x000001C334881000-memory.dmp

Filesize
4KB

Download
memory/2312-427-0x000001C334870000-0x000001C334871000-memory.dmp

Filesize
4KB

Download
memory/2312-430-0x000001C3347B0000-0x000001C3347B1000-memory.dmp

Filesize
4KB

Download
memory/2312-442-0x000001C3349B0000-0x000001C3349B1000-memory.dmp

Filesize
4KB

Download
memory/2312-444-0x000001C3349C0000-0x000001C3349C1000-memory.dmp

Filesize
4KB

Download
memory/2312-445-0x000001C3349C0000-0x000001C3349C1000-memory.dmp

Filesize
4KB

Download
memory/2312-446-0x000001C334AD0000-0x000001C334AD1000-memory.dmp

Filesize
4KB

Download