hxxps://trk[.]klclick2[.]com/ls/click?upn=u001[.]wjD33yH9087QnpSLS8TsOoB8hxQW6b-2F5422X8tJAc56nM1bR9scs-2B-2FSxIn5wU26dnOklr-2F4OMShbxgEmFDSa5W8yPL0yJIFayililMse-2BA4hRXsx36C7rPJN0t9X-2FDAhJ7sjJuW-2BpzMx9qz2zAGhVqdhEn3-2FqQqPKvMorLIWO047GqaDNnZDNOw8h3X05-2BD-2FxEdbEMSU2q4iwTP5mXUyYHDo3qPCt4gx6hUobLTLq99DcFW6izvvMkEMVsxrsWdxJtbd_-2FpDLdZBwazeF7VFBBC38oW0qUBNh-2Bz69gJHPl1kVuMTRa9BzuN00W9OCa6L0dFKArkjVbOL7hIvVSvdfaQrrGFcmEaGQRYt3qQJNocxEEgrm4Z4qQHG9smdoFtPj3Suc7fPDZOZMpD83AECfTMFUmRbLhuV3ZeKNSkEQf9QNHfPN6NuOkRYROhm-2FWcVpjJ-2FApjAwOYUWv9SSSQlJQuj1ZzlcjoALljBx5sF-2FuhaIcIpfOIoQc-2Bgwg4dJfy5QVgraxE-2FbJ0vdQ8rRtNoFPVh5182gnoa-2BfOoJRmDimSar9-2BhK3Ig2d4PQcUwEj1veWtBYZCW3kGpQYLwdxlngJcOY-2FXUIqAKMpb6-2BxNygMpUo-2FvNkt1oB9T0paP6zDbHaC9CLrKlOzsVG1pEbPN69sEldjU1ia-2FuGTqfu9KyaUtXYH9TPxW5WMuVmo7reB3UpC32qcu42zcDNyXQt2-2F3vhV1ucQ-3D-3D

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk.klclick2.com/ls/click?upn=u001.wjD33yH9087QnpSLS8TsOoB8hxQW6b-2F5422X8tJAc56nM1bR9scs-2B-2FSxIn5wU26dnOklr-2F4OMShbxgEmFDSa5W8yPL0yJIFayililMse-2BA4hRXsx36C7rPJN0t9X-2FDAhJ7sjJuW-2BpzMx9qz2zAGhVqdhEn3-2FqQqPKvMorLIWO047GqaDNnZDNOw8h3X05-2BD-2FxEdbEMSU2q4iwTP5mXUyYHDo3qPCt4gx6hUobLTLq99DcFW6izvvMkEMVsxrsWdxJtbd_-2FpDLdZBwazeF7VFBBC38oW0qUBNh-2Bz69gJHPl1kVuMTRa9BzuN00W9OCa6L0dFKArkjVbOL7hIvVSvdfaQrrGFcmEaGQRYt3qQJNocxEEgrm4Z4qQHG9smdoFtPj3Suc7fPDZOZMpD83AECfTMFUmRbLhuV3ZeKNSkEQf9QNHfPN6NuOkRYROhm-2FWcVpjJ-2FApjAwOYUWv9SSSQlJQuj1ZzlcjoALljBx5sF-2FuhaIcIpfOIoQc-2Bgwg4dJfy5QVgraxE-2FbJ0vdQ8rRtNoFPVh5182gnoa-2BfOoJRmDimSar9-2BhK3Ig2d4PQcUwEj1veWtBYZCW3kGpQYLwdxlngJcOY-2FXUIqAKMpb6-2BxNygMpUo-2FvNkt1oB9T0paP6zDbHaC9CLrKlOzsVG1pEbPN69sEldjU1ia-2FuGTqfu9KyaUtXYH9TPxW5WMuVmo7reB3UpC32qcu42zcDNyXQt2-2F3vhV1ucQ-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
4784	msedge.exe
4784	msedge.exe
3588	identity_helper.exe
3588	identity_helper.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4128	4784	msedge.exe	83
PID 4784 wrote to memory of 4128	4784	msedge.exe	83
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 4444	4784	msedge.exe	84
PID 4784 wrote to memory of 1480	4784	msedge.exe	85
PID 4784 wrote to memory of 1480	4784	msedge.exe	85
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86
PID 4784 wrote to memory of 1900	4784	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trk.klclick2.com/ls/click?upn=u001.wjD33yH9087QnpSLS8TsOoB8hxQW6b-2F5422X8tJAc56nM1bR9scs-2B-2FSxIn5wU26dnOklr-2F4OMShbxgEmFDSa5W8yPL0yJIFayililMse-2BA4hRXsx36C7rPJN0t9X-2FDAhJ7sjJuW-2BpzMx9qz2zAGhVqdhEn3-2FqQqPKvMorLIWO047GqaDNnZDNOw8h3X05-2BD-2FxEdbEMSU2q4iwTP5mXUyYHDo3qPCt4gx6hUobLTLq99DcFW6izvvMkEMVsxrsWdxJtbd_-2FpDLdZBwazeF7VFBBC38oW0qUBNh-2Bz69gJHPl1kVuMTRa9BzuN00W9OCa6L0dFKArkjVbOL7hIvVSvdfaQrrGFcmEaGQRYt3qQJNocxEEgrm4Z4qQHG9smdoFtPj3Suc7fPDZOZMpD83AECfTMFUmRbLhuV3ZeKNSkEQf9QNHfPN6NuOkRYROhm-2FWcVpjJ-2FApjAwOYUWv9SSSQlJQuj1ZzlcjoALljBx5sF-2FuhaIcIpfOIoQc-2Bgwg4dJfy5QVgraxE-2FbJ0vdQ8rRtNoFPVh5182gnoa-2BfOoJRmDimSar9-2BhK3Ig2d4PQcUwEj1veWtBYZCW3kGpQYLwdxlngJcOY-2FXUIqAKMpb6-2BxNygMpUo-2FvNkt1oB9T0paP6zDbHaC9CLrKlOzsVG1pEbPN69sEldjU1ia-2FuGTqfu9KyaUtXYH9TPxW5WMuVmo7reB3UpC32qcu42zcDNyXQt2-2F3vhV1ucQ-3D-3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983bf46f8,0x7ff983bf4708,0x7ff983bf4718
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14617009247158242170,6199814071438639663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4fa5b334cf3b93d69e821190790c9670

SHA1
21bc842f05506f50105dc0ba96fb65c776560d58

SHA256
db9f6b59cb1426e71d2aa9e5d2969131c5970acfa8c5526e828bd2804feaac0f

SHA512
5f5ce23977cd5fa335eb11834d5769c58e4d06ecc701c5dbb47fd664a711a21e2f3184794a03b613d34e3deb329cdf6d15142556a5b827d41882f17ff964e306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
741B

MD5
7d0ec6e0993e9a0d0d02921766a1b4a7

SHA1
67a2d004a8661d69f39baeb4250c8bf821feebb1

SHA256
ddcfdfab3e97986cd69b7e27e2f887181e0e4c952a3d4572344e06d70cc330a3

SHA512
03047609f289215e9fa14b161c492bb4522a308024cd8c29674935e50e4086f798f58a6481b4e1b6f63ff5e2d727b62a5dfd1daaf35c5e9bb1bcda8b7571916f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8200321e505c7063736b496a86ce34f

SHA1
1dced66b92f94a842b63829a2e8ac3e142162319

SHA256
ed126286d8e4b3e1c74ffb2ec60f8c552a59d7ab39af6ba2fc73486cbb8be4e5

SHA512
ff685032a77aee07a45df109ef2be8331e01a0821e32c41c1109dc3fbd105842831d456476c82060728e3d919755a0a25515db6ee75c5298b3cc06272f611126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e4703d43907a5cabfb87d90f338572a

SHA1
ab35ad5a152f29717b9c6fcdbee8565050b825a3

SHA256
9486ea5794d589719feedc1830f4639ded087618fd03baa9387a40fcdfad29ed

SHA512
081a3ccbf6f7eee482c1ea7e9454715807d820f4a13a30a8d04ff1fbda69b4fa203366a48c05d8eb4f698af406f8b8d11e263c3330757e2649f2e85930048453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f04c7fd8-08dd-4ca7-881f-b91db2dc57de.tmp

Filesize
5KB

MD5
7544071197084fee9dd627fb7c1b7f29

SHA1
1eb5e83cefe9d21da94c9f5ef3e76cc8ed621d9b

SHA256
8580a545c3afd5869f8ff0de251917d9691924f7f137c9bb0fada5b1efd62adb

SHA512
8b4d7e1c00824d8142d90d240a420da555836465b8b8f200444e219bdf9c498c30e05291d05c8b4e73f823536c1abfa6c2454ab9ad8b559d1c96e7618bc4fd8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d13498e6175cefa8daf9f4615955e007

SHA1
8e363d7b601ba12e0ee0966759feb39fda8b3e9f

SHA256
4111be571f35deef3d90c95593de74693faa857b739c0fc045615d3a949b99b5

SHA512
ecd2c370d766836cc3b712e06daf03b47629e86e388f12e8664da5583422491122cfee72987580a92b3b86f4d141dafd4b3c716af2db9eb5a6b28749189dbb8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
422a7cbc6a8f51163e3628475a90c0e7

SHA1
b1f4afc3e34ba8f2c2615cf4a6a2441f705a9b6e

SHA256
cb2ef552fbb5f73d0963791744d93aa3ff5d2821430be1dec4fd5b2cc91fcce5

SHA512
99a90c492add0c623569b7ff69b4cbd26b493c551c45171ef45340e07697f9e412ffea7100028a4625cc2cb92f3e46b7b54c7c80b27a203e04ac2f7e776eae07

Download Submit