hxxps://go-link[.]ru/jz8wJ

Analysis

max time kernel
480s
max time network
596s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
03-04-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go-link.ru/jz8wJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1628	msedge.exe
1628	msedge.exe
4372	msedge.exe
4372	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe
5108	msedge.exe
5108	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4372 msedge.exe
4372 msedge.exe
4372 msedge.exe
4372 msedge.exe
4372 msedge.exe
4372 msedge.exe
4372 msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

msedge.exe

pid	process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4372 wrote to memory of 4732	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 4732	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3668	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 1628	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 1628	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe
PID 4372 wrote to memory of 3784	4372	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/jz8wJ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcdd03cb8,0x7fffcdd03cc8,0x7fffcdd03cd8
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4777465705878019553,6302706392223125758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3596 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
e18d14572c9ca75ae01095abc9eea1f8

SHA1
d35af592c0dd76cb476e79d91d84e9e6674b8432

SHA256
8b31adb48ec54fd5485898f742ea45b14610d1f2acdd19c19cf7b0447aca7f80

SHA512
f44512bb6e133a7d05df1c90dcd8442971a8c2cb10979a28163e47bf879271c21fc71b4dd40a569c61d81e6b36e533423a28d6b648300ecd6b6a8e16e6840929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
788B

MD5
513cec4bca67f0ac9be1e7999207a130

SHA1
c6b686114991887b31b065fcdc8e7c240887a02c

SHA256
35cab7a89982ac245220d2499e04e6c2dc3ce5c3400df366ccaa643df6db0acf

SHA512
e3314ac0cd1237813fac5c96e5654f2f98487a195977ed288b5e92faef4aaa3325adc5152856cca37bd29a22368fcc6962405a3bd151599e0da855a1b015f104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
788B

MD5
a3500e5678a086f35d19af116ed01b6c

SHA1
fb02f0c565ba5493098e7b3680fe931ce706c1dc

SHA256
c3e8b0b88edf946266ad968a51ca724224b1df27440b8a5a096d9030cb67b588

SHA512
e68731b0070920d170044b56dd75f41bf2de6a7d78a08d3b75ea3213c45de0335d7d0b393e4dd7c73537a29d7e50c11769e2012ba89bf06378189515464cffed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
99cc8e5af2dbdd1bf4444a252a748388

SHA1
7cbbc6000fdbd72800eda43bd8ce0b3785fcc057

SHA256
2ba0db08ed722c57388cf91e603540de7bf8f3d48b09bb6110aa4a1654f7e58e

SHA512
7fb7c8a51d76b46923dc1dec00c5241a161c0f39394e425f946c807cf0da0dd8962812a66f688d4fe928cec8513fe1ce9c902f4c519a985571beaef5761813f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bfc39531f39c6ef5675843e5b2894556

SHA1
14e0d0cf20f29b74c0350a0179cd7b6c351b529a

SHA256
af981b34397f7fd4789c2520e4f7cb7a73bf6a25dd9e5afcd2fb0be63f52a644

SHA512
48406e86f9733edbe86cdd373dd20a744d4f4800c36022ca8938d3dda9b2612cbbfc17e95f40074dfa6712165d2a6bd77e6d90f498ee9752b1b02bd5368ecfc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f5cf865dd6346a4de5d7aca4370840a3

SHA1
bbae21b7318f153eb1c1e5f1267b0ebbf8912a21

SHA256
42c67b80d4bdb6953e1ef613a5b9d5fde1cbf2806635604a70182b3e4bae9652

SHA512
7f9e9aade310d8830deb890200b271446483a3484a0e4300937c3ca3d0eacd11ff6940b8c2bb44a706a6adf31da25f72d395f2d311484db38862a9db54ee1dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dd42d5e5cab8d49f733187636d5f4549

SHA1
ba4043dc81432a4a707ef0a495f8b2cc9bec04eb

SHA256
1f4ff3fcdb1260ae7f4e911e03fa447a0698212563f0c3a18c2f7d2bad30500a

SHA512
408953d2ba88864922a086da2b088e50f030cbfe3f9ca79d7ab86c069b46e77af9bfcd0a70189fbcdbb2aae2cc3c5f6e12f073660d1551347cf994b47583a30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bd85736d1f59bfd399e915af8a954bc5

SHA1
2f713232653f52096f3cead42c16dd06fafc8cc2

SHA256
123638a49d50267bb9d9e81a23f792f11de21b63b3b77931067369603132a401

SHA512
d6653e1c12baa8a51c32d2626d25f7e7dd72835cbad55b0978686d4a72e14ba14fd630f01ea8250ba8f5c121c9c038300b328b1f4fb74dff973e116d4dfab6b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4372_XSEHAKJZOHENGYDA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit