hxxps://trk[.]klclick1[.]com/ls/click?upn=smcXroumyi-2BXTdWQ64PNs4UMwuDy6J5YHkvywymB4DiifAp8MdiWLESLvDIAhzv-2BfiNrpeMhlZ-2BTyH4XxUZj4koJ-2FluVCJmLnobV5rzMq5osDvWGCJQdcmK-2Bfn2YHYi3hDPeBrqq2xYQbyWD54iMaE5eRtNlYqn7Nw6-2FayVjZ92TfTjeUfQ6zvKxzPv3A7T9GYsbglkoScB2TLHVyUQD2KxVROpsUV-2BwYlfoiajEDsztlpTXdP-2BbSgoiLPCnv4wvfHbllxu6hH1st-2Fzm4MIDSd3i6onGum0EZ1l0s8gBaFKiEkbBLX2x59BXV7MoUnbCefUR-2F6w3NsJrbDJgsfP-2BxCFeJFgbp7tYEe7GSPpTii18AANz-2FpgfLvZqKnhdobwkwDsj_Eb8RvQNSrW8-2FQx8dV-2FO3yseZ6yueB6CUr3CYDko2-2Bw7VVl7W7QolV-2FzVqBgfDQFGpjanobMFgioKs1lxiaX40I-2FFvP2X7anvGpHo-2BYH7B-2FfaF5kUoEA-2Bmz-2Be5IKJ63s4nZV9s3NOIHNM-2BaMvIKxLs86db0-2Fg2LoseykNXaLbrYMePzZHOS52U55XQvKNKyW-2FJ-2FQX7GBcqnvtOu3oFbm4AorxABI12o3gx-2F3uM5IAll-2Bbd3CuFipjUPM8z96TTJZhp7huXOM61BNcL3Pt5BRAS6bxZx4blwhSAmkWjy8aIBdpWAkfb1RRg3kV5JON6130D1YgU-2F3-2BFIgPRqFByY-2FLWYht8dsMtLzScLN3q-2F6D4iWqtgT6pfA3wOcNSg7tk8SmmPVfn0BMBV1jSNo8xfucNp0A8kYhZcPQAGrNdB4XCKiMnMeJtMIdB-2B7v40Bk4BKVXfTjTaFX4BJrUIy12MbUQ02GDyrNetZJFQpkknWW2Jk-3D

Analysis

max time kernel
145s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
24/01/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk.klclick1.com/ls/click?upn=smcXroumyi-2BXTdWQ64PNs4UMwuDy6J5YHkvywymB4DiifAp8MdiWLESLvDIAhzv-2BfiNrpeMhlZ-2BTyH4XxUZj4koJ-2FluVCJmLnobV5rzMq5osDvWGCJQdcmK-2Bfn2YHYi3hDPeBrqq2xYQbyWD54iMaE5eRtNlYqn7Nw6-2FayVjZ92TfTjeUfQ6zvKxzPv3A7T9GYsbglkoScB2TLHVyUQD2KxVROpsUV-2BwYlfoiajEDsztlpTXdP-2BbSgoiLPCnv4wvfHbllxu6hH1st-2Fzm4MIDSd3i6onGum0EZ1l0s8gBaFKiEkbBLX2x59BXV7MoUnbCefUR-2F6w3NsJrbDJgsfP-2BxCFeJFgbp7tYEe7GSPpTii18AANz-2FpgfLvZqKnhdobwkwDsj_Eb8RvQNSrW8-2FQx8dV-2FO3yseZ6yueB6CUr3CYDko2-2Bw7VVl7W7QolV-2FzVqBgfDQFGpjanobMFgioKs1lxiaX40I-2FFvP2X7anvGpHo-2BYH7B-2FfaF5kUoEA-2Bmz-2Be5IKJ63s4nZV9s3NOIHNM-2BaMvIKxLs86db0-2Fg2LoseykNXaLbrYMePzZHOS52U55XQvKNKyW-2FJ-2FQX7GBcqnvtOu3oFbm4AorxABI12o3gx-2F3uM5IAll-2Bbd3CuFipjUPM8z96TTJZhp7huXOM61BNcL3Pt5BRAS6bxZx4blwhSAmkWjy8aIBdpWAkfb1RRg3kV5JON6130D1YgU-2F3-2BFIgPRqFByY-2FLWYht8dsMtLzScLN3q-2F6D4iWqtgT6pfA3wOcNSg7tk8SmmPVfn0BMBV1jSNo8xfucNp0A8kYhZcPQAGrNdB4XCKiMnMeJtMIdB-2B7v40Bk4BKVXfTjTaFX4BJrUIy12MbUQ02GDyrNetZJFQpkknWW2Jk-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
2120	msedge.exe
2120	msedge.exe
2428	msedge.exe
2428	msedge.exe
3356	identity_helper.exe
3356	identity_helper.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 4712	2120	msedge.exe	49
PID 2120 wrote to memory of 4712	2120	msedge.exe	49
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4576	2120	msedge.exe	79
PID 2120 wrote to memory of 4112	2120	msedge.exe	78
PID 2120 wrote to memory of 4112	2120	msedge.exe	78
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80
PID 2120 wrote to memory of 4364	2120	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trk.klclick1.com/ls/click?upn=smcXroumyi-2BXTdWQ64PNs4UMwuDy6J5YHkvywymB4DiifAp8MdiWLESLvDIAhzv-2BfiNrpeMhlZ-2BTyH4XxUZj4koJ-2FluVCJmLnobV5rzMq5osDvWGCJQdcmK-2Bfn2YHYi3hDPeBrqq2xYQbyWD54iMaE5eRtNlYqn7Nw6-2FayVjZ92TfTjeUfQ6zvKxzPv3A7T9GYsbglkoScB2TLHVyUQD2KxVROpsUV-2BwYlfoiajEDsztlpTXdP-2BbSgoiLPCnv4wvfHbllxu6hH1st-2Fzm4MIDSd3i6onGum0EZ1l0s8gBaFKiEkbBLX2x59BXV7MoUnbCefUR-2F6w3NsJrbDJgsfP-2BxCFeJFgbp7tYEe7GSPpTii18AANz-2FpgfLvZqKnhdobwkwDsj_Eb8RvQNSrW8-2FQx8dV-2FO3yseZ6yueB6CUr3CYDko2-2Bw7VVl7W7QolV-2FzVqBgfDQFGpjanobMFgioKs1lxiaX40I-2FFvP2X7anvGpHo-2BYH7B-2FfaF5kUoEA-2Bmz-2Be5IKJ63s4nZV9s3NOIHNM-2BaMvIKxLs86db0-2Fg2LoseykNXaLbrYMePzZHOS52U55XQvKNKyW-2FJ-2FQX7GBcqnvtOu3oFbm4AorxABI12o3gx-2F3uM5IAll-2Bbd3CuFipjUPM8z96TTJZhp7huXOM61BNcL3Pt5BRAS6bxZx4blwhSAmkWjy8aIBdpWAkfb1RRg3kV5JON6130D1YgU-2F3-2BFIgPRqFByY-2FLWYht8dsMtLzScLN3q-2F6D4iWqtgT6pfA3wOcNSg7tk8SmmPVfn0BMBV1jSNo8xfucNp0A8kYhZcPQAGrNdB4XCKiMnMeJtMIdB-2B7v40Bk4BKVXfTjTaFX4BJrUIy12MbUQ02GDyrNetZJFQpkknWW2Jk-3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa79533cb8,0x7ffa79533cc8,0x7ffa79533cd8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4314371350686845227,5392387167018704625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004F0
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
05ed8d7350c6abddb2413582af13b728

SHA1
98b3e6793352038355ee54fc58828e5ca1cf0f77

SHA256
878b0ffac96b1428cb415ab15b289258dcf9fc175ac2571622e4dc1219f32c01

SHA512
b80bf631b56588daf08570c05aac9a67cee414403149c223a005a7dd9c81b5e8d4c6f175815106f039d47c1bfef875ecbf65efba106d5107b137f2aabe446058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
93d35946ef5f4bc404e0b432b63ff934

SHA1
0a838385cee9344390bb12206622adee43d963cb

SHA256
ceeee7a76b265cecb489091778980a0674a51f69875096ab85c0b3bb455a430a

SHA512
fae8c6718072eb11c05a2d6e7559fc29eed4959dbfe4b62afcb6e0f96058183d96a7dd974607b611ff5f6a42c2ea5390ffeece60ba26a75503ab1250ee05dcfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1011B

MD5
d11570c7f038c285bef6e5671a59970d

SHA1
3a915584bd43a59dbbc0a46f3ddc286e44606d82

SHA256
7b9d26b1fd6c575b600791f638e6e314477ccc63e5df6014bd99ae23b0b6b23e

SHA512
7d40f9e208e99415812034c434b6ab988a6363ae7cbcfcc3464c890a13f21d27c0f6037645a6b500978aac872c76bfb36cbccb5d138bf6c10efa0319137cb35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
02599c28e0fc55c7cff0166e392d83e9

SHA1
871f660984d252dc968afc4302c6cf5c181fa647

SHA256
59589250c92d0e7becb7b753bf59f6e0a3d67dbadd135c1c7017f0073a5ff114

SHA512
c552f2c7851d07538229b1d78ce48e8f602a10ed039c9df60daf207e94f838f75a4043537ff87f3a20a63368b078324898bd5d47a9232423fbceffb267fb43ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f64f301c326e5fe6f537bf2e1c67e36

SHA1
376f103c533a869be483ff841283587953757131

SHA256
01c7dd6c1cf4d7530a500b777519c17af5e5966cdb52ae405aee812deb434631

SHA512
60b15479decc17c67b98c2eb8ec558ad6036322dccdd3d021a3871a538c5413b14472f361572a662575f20c2415b2141a311c9c67a78dd63bd8d2d272c312d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a32474e85fa194fb2d8b4efff4af9a9

SHA1
696ae56b53a9a8f9640f99b678e78fea8e8fd101

SHA256
b0d05cd0b7b12f4fd3a1ba36a5ba2d9a73c00f0faa927a3282d294214232765e

SHA512
eece804318ef740b206f554ccd308a7fcc96b52f847d52ef87c89e38066671e6f88451967049c423de194d3cf16988beaed6c29cb7d923be449bf1f8b6457aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
3da3cf652acf7e0fee298963e8cb77d3

SHA1
8d35e8ba0767c10324335e8fc8f5c422ece4e504

SHA256
9b436ba7a14d3947bfe73fa9bd581f6fbf0acbf26e97a3a54d6d032d19f8cf64

SHA512
89e9555edd366fedaf79bf4c6da816a69fb220c987337369511c4422034cad486338a261eb6954d000dbfa636c969d04b65de62bb6df9c023ca5e11c892ee83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7d61190ba46a6a2ad0b198109e7ae983

SHA1
6d2d8a9040b7c1c902e02efce0c0e3c514907738

SHA256
46acc6b5baf98cb460c47937a6abc866f4f4d843312e86acb0c2ee6929328985

SHA512
b64a052562b47cba232d7b52806b62c91952ab7e639367f9e1f925736945704a65ab8218d23dae8dead31464cdb98693b39f73d4d08e1d9e289cb8ada03c12d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
d55433726ca6841f1e384a575094343a

SHA1
17d373a042cef6e499c4dc1595e0f1cab5e83827

SHA256
ba943b1eb849c84c9f611b8d917ad4c3e768503c534485b6acea71e5f5424b8d

SHA512
b1d2956bdb54a5c7ac502419360c0ca9a9d91b0088a6059af4726b0524608613ea4141c23eb5cef8adb30e14935c9d697c673c05c69664b02224f3ad03623b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
69467594efd9a8d7ce661f1753226373

SHA1
04c8d34209ae3b84f1792e85b8c7ce7df87fc9dc

SHA256
21b0ceb2f8de2761db7a781d9b5619c998fcfba9ec0ae9a1a450647effd5fc94

SHA512
047b6812705606e843033ed19b7b4b0171c8e3868c6dd899828f6b0ffe4605b365713937c470dcbb1e8b156db91f7e15edcda4f7cab9eebe0c4e038a373a2af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
1b8400169c6d5d0b960b223e296a0be5

SHA1
302dd5e0d6c7e457cfc500a4be9a2533da39b7b4

SHA256
758c93b045b72763af9fca38746f4f1d8bfdecf8948a1f39c2b99b578e231ab9

SHA512
d68a5fd3e0a31699e54d554e1f844d4aeb7100fbd884361604b93137b64a6a9c0f7d8cc85b7beb6c116dec06e2d6c7e1f9ae88485dde4cd59fc4e15758294d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
5c1efd6cf33087e401a2df4e06053e28

SHA1
66e17ec3e2273932ba470683ddb335abebf82f6f

SHA256
3f37f1186eec75bf975380104cb586724c50dd37d63626e280ca6d7d26bd50c2

SHA512
1e79814fad9cb2e5f5ffb557fcf43278cb84e05a5a5b30911daf22574b156de34d606aef813a23328bd405747d56cbaef2ce22ffb2da51fc8fc5805397827a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
ec5bde162d4054158c9a51ca7f31f02e

SHA1
72ebeba1d2ba40399c60fa812517a3010c87c177

SHA256
259918e318a5f68b1948c49c8429355f8a320ec8b4454672744c6e00fe19032e

SHA512
3a1fe4e1a696c52f3643d9366c278ec281a9a9ec41db2999f5c1a26dab3e19ca12546ad65dfd4ec78c991c508995db0144f1c0eca80b98d93028a4210b71ceae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
0deaee666f3191bc165787e2b2ca068b

SHA1
da1840fc51b553f8024e453af43399acd759f937

SHA256
b5b54fce69bb9e78e31dbb0910d9726a70557cb4b6da986d86ad5fc2484a274f

SHA512
ea6505d98eda3fdd32f5d45a68a0efb4da42b03f6085d35975d80f5d9cc5036e93a82517e580698fc17317ac60ac420c15327ddd339f1a83ea681d5571dbd77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d12b.TMP

Filesize
204B

MD5
a51ab982595a9b0fa94dde0f374779d6

SHA1
716f0d2fee6f0f2e3c4ffc7e41703b6410702e50

SHA256
19b3f884c3765aeba65275c51cda8d910eceb534d5ed2b4683ef42496d1c990a

SHA512
71e2af8421a1fc572d35487985f2f7eca8dc7190fed92507d134bf251bc898f5668f192517ba4ebf67f8bafc6c81a3fd62d2c3140692ca625830384e5d9ce796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8b3c583-7f23-4305-a8d1-739aeac4f03b.tmp

Filesize
5KB

MD5
fb89a0af4f0659692a302b46b33f1f54

SHA1
29f3188ad397cb6ec36cac06c3a6e93b71c8158e

SHA256
0eaf1a9d381bcec48bcfe6290ff6b19f0f2b30217567cb8ee5998b8dd7aceb31

SHA512
207521c06cb81e6ad2f2c186ca388393a26042a8e69e7136b4ee417538e9570c7fd326fdf08964e2180c314793d56cdbf48312d8ed3680b05a59d576ae88c2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
361d03e2b8cccb515fba67bd080429de

SHA1
16b00a28a2f2040973d895e39234d1427c25a6bd

SHA256
69897830f8728d53e584998635ffdcd9909375db49abc655922bee32d3b450d3

SHA512
7c38b7f7784552aa6f29b03d7e2718c96f9d6c32b0774b85ac3496b5fea947f42336d3d6a33bd743a9a04b5b29fd2750802546e16904a4636fd664569ccd844a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc44ab5e28547a07918063cebb284032

SHA1
29564c8609086e6ed9d567b05187e415d8d4a65d

SHA256
56ebf88f75b18cf97aa92a1d4cea7a7390ba5372b8732028e4562d7106e5080b

SHA512
5cb702e3b24628118753172dae73935a9559d45cc52abfef341e9277012c0ac4e915ff7bc7030986440eb0ba482e6e028e1ea762377c309dc014ccead50f7f14

Download Submit