hxxps://go-link[.]ru/P4VEB

Analysis

max time kernel
117s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/P4VEB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1940 msedge.exe
1940 msedge.exe
1524 msedge.exe
1524 msedge.exe
4116 identity_helper.exe
4116 identity_helper.exe

pid	process
1940	msedge.exe
1940	msedge.exe
1524	msedge.exe
1524	msedge.exe
4116	identity_helper.exe
4116	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

msedge.exe

pid	process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1524 wrote to memory of 1328	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1328	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1504	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1940	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 1940	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe
PID 1524 wrote to memory of 4416	1524	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/P4VEB
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed3dc46f8,0x7ffed3dc4708,0x7ffed3dc4718
2⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
2⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
2⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1500 /prefetch:1
2⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
2⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
2⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,5932209017892636071,3242862525147090096,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6568 /prefetch:8
2⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
1e78c39cc00f50343218e6eb23ea291a

SHA1
00e27e4b92018e1b76ac0fcabff265a697599fa8

SHA256
0ed6ef4ff6ea12f2856ce610722cda9316e5958f5f541ef183b18097520c0ef4

SHA512
1a75993c5d28d7747611a04e5206ffb6e4a9d9fa783e57ccdc675752eed9ee9ff4ebe631b011dfc7b6d6948c3682668df4ca386857dfa0c450238a70f861fab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
868B

MD5
a2f6c5b8343abcf67209da6aa92b1530

SHA1
2b88b507c9d3320074cf21138bf5f661dfc2a96a

SHA256
54605dcd3988914352b2f2a73c0e26c11726fb24a909ec39fc411bfa1c813edb

SHA512
0b4a8315c90b647235136b9d12e038ac9cce4b06f91d41c2eca5f6c4f76378d0dfb634d9fa8291a4db9903d2789969af9bb765cf062ceb6ed7b8d64e366ba949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
868B

MD5
4d146a681d4a37b4b556b624738cd461

SHA1
29d05bbac6560e78753d24c94cfc3d769d6e51ed

SHA256
60cfa055900077577545df54f167374af6266b2288d0743fa8cb5b173d6d95b6

SHA512
6a9e51c227984cf39c01b6739817872f5bc27b9e6dc30eca7c9453d99fda88d9b746cee402027c84c6b4d6355dde8e8546e216b721c972bec2f27ba69842af09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c503b8f7e921a05cab0cf5977086a8a7

SHA1
f7f9fd33aa0983c1eb4d3d7178c4e9b3793ddf79

SHA256
7857a806d05dc891ab92940ea8e2fcf4aff39efcc965ad86cc75a4942b6fbd52

SHA512
37e5905602766733cb636fe1b5db90f4f213ca7a7bf2c189863000807d189d2b998ff757b2f6d98839013a96fb45fd598698bc34bc2f8531410691352b15c789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2ae110d24d8a2166ea8c2fd2aefe3cdf

SHA1
6c7e1cf391b3080f631140391e37eb3af12c8237

SHA256
ae39ed5221484437c60a3412032170a8b57e03f7c79cd5c0cabd7fe6d73e4cb6

SHA512
f491218c8df085cac60c3a43e86e84597b335b9c30a0b519d26cb65eee2bd0572cb6406e70b1861f2e630206a2bb4a855384eadb1656217b8fcea5b732f9f24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
6d9d0af78416ba75ea6a8b3a49a565d3

SHA1
04945c6fb0994075df954bbce70a928f0fbbe9b0

SHA256
95075d161fd31d95227b8f1427543392b27a8eb0f659b5cd97a42ed1cf14e07d

SHA512
47d86a81fd7deb5e07f11a1f10ff6c32a56821555e3384a44ce6b266451604202a4a28b8dbd8f9eee9c90850ae33885c8890e6f7f4eafd3447549fafb85227aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
06c08657db8fc5e35f78b7424ed2c5f9

SHA1
d4b4b3a5a6da9044445febc350d7e12b4ce77c68

SHA256
5e5a06ded9e3cc5ff83f9183a080a9989edba74c3d75b9e92bad0fe9275b0511

SHA512
34435867dcc6485a05b66b37f7065af6d4aaf821dac1f83d4c4eb91ca59380baccccf57c96d5ccf3441b562ef9062751978d7903a7eda762289a0b1795457cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
30fa8b1746169d41b2942c060855e73e

SHA1
01dd279fed1cdba823463354253a6889126b1946

SHA256
0c179d064f83ace46e27a72ff6ede49da6b375d650c47a05aceb3648d5ee37a0

SHA512
aae73d36cd5b1ccbf0b72a81d22d61c5c45e13a69b34e9de84b5a1b4ce23181ef33175f8ae5b708088eb8c879b92b0d087f7d49e0134402b60f3526743489a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e30dc25a546a94f4079d3c0a90f1fc45

SHA1
39abb33133ff3deff2d0f28eb108919814724d63

SHA256
e7aa994cd354ae86e993591c6306c3164995361686d06582ddeb32f076fd2ede

SHA512
53199ab72b82922a83d0c69fb8df680cd1d2ff1cd54f4514e38d3b18f540c965ed8dd886bf11302d1836b1170a7efa976e80bc98cfcb03d62b91c50b05a0d701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0b0b5d10b0968fbdb755dada5bed5554

SHA1
07bb306e2b5db5c429240453845028f2be9b1c4a

SHA256
a31bb40b38c141760364e273abaf0cfba25e28e40fbaf20b77a5224594fba917

SHA512
8304cfca291c6f32cd30cfb723236dc492e6a792518d2765d3c9007038b59d5afa96aa9ea11e133f9835b5948833b0f6943bc5bc48a9f5d65570fbcd842dbe45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5a225bb5146cf1416bd123b9c2b54991

SHA1
5bf1897425f3567342259bb8544eab303ba0ac94

SHA256
ef6135ae0519608802279eb20b0f6867c8de5271ac4a85319d035690cd21d35e

SHA512
8e30c3e21c427b80b7f17818b170965924ae8d0bef1bdb2837a7b014dc63a85bfa4770534b8e1eb936fcc29f03d7e09c532361fc7b5faa040ab1d2a902ab2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
875a48f15bf94478bf0279b8aa3f0d67

SHA1
9cc1c0730bb7ee514b1cedd697c9ce69fbf5bede

SHA256
608a7b605c3f4bf49756a183255e22adfcc580781f277a0587f7399e0bb32876

SHA512
37deaa32a37e904ec42d3ebdf4a379928aa6f212b23f7a0812282aab1b96edef705d4ca23ee1569d9c52fbc0d504b8501a3be7e7c3bf20e4b761130eac9bf3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bff2d4d82f9cc29d4f06ca1e687c328c

SHA1
e6c142b7d2b5d94612edf35dbf124648e3b65d19

SHA256
7d314fc4f61e261a8b27323c73e02a92e416abfa9b7106d6e4dc2e920e1c7690

SHA512
0b1d86d55a01fba2ce3c547c25dfef2cc6b3c8392021eff19187f0278af149b2ab6d98fad1674206377dd6dcf2be055240128cbf6d193b03d57137cd75b54ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
5952ef28a068e9c2aa05ef6dfd5d14f2

SHA1
3448c32b40d4a9db8c4e59d101c9f34c81f1516c

SHA256
0fab28c3a56b2ad2d73d71e4c1c91007b80cbda0cb3395d47ce6732d03906378

SHA512
46a3fee34f47b882d25399e98b2ff9dd7c8bd68f5dae103be1d18bb2989b806d730f96ab5c74afc3c7a91d8f41bdb983572c1dc94b18e63cb9f095d0b52dc56c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba09.TMP
Filesize
204B

MD5
361067213de6b75696d33c4d7af21f6b

SHA1
cc429bea58131d332fecbed1efd4d3f858cfbf15

SHA256
f85309faeac83fcaeae69d7ecf811d931bbed728119599d48b3aaef3182b83ec

SHA512
6341a9a7a074b22d81f6ceabf207e813367d0e006880c748fef855f3c6563ea6163f3dad5fd4bc88d75a3da3779d92896213ef793bc739e80f6e3d1734355d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7a94a81ad4cbe90379bc98177589b12f

SHA1
b43533c0df7bf11460a4b951e2c6db4847f48f1c

SHA256
866ff61d4009313d1b9401d5abfba34858bf33c84fda7646fbea3250ef52eea2

SHA512
e62cd03cdad25b06255aedcda6d4000d9b87c106fd4816d7aea9302a6d98166ab93737d63ff5900175b2447ea7df1197996b0eff3d4eb3e2bd6da0c62b20e6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
ee6bdba764ea7bf481d78097ed17f5e9

SHA1
52bb0fc946afee5c2b3fc2e8115961ece3b507f5

SHA256
7277b14b0879b7944ac636e076b463950dafa2b9066663b93fd397f46e6203f7

SHA512
fdc93317d0087f8f7931f87676e9a2adafa14d68067b150df522b793eb463ecd5ed1df2edce99c596c632d00ec830c8885760cf533a07e2a72a9f70d09606996

Download Submit
\??\pipe\LOCAL\crashpad_1524_QJZOPPPKSPMNYAKV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit