hxxps://adclick[.]g[.]doubleclick[.]net[//]pcs/click?jlhmY41515N2435yMX419snVO7695-2024-McWAN324SCAN&&adurl=[//]tracker[.]club-os[.]com[//][//]campaign/click?tsesymsgId=d738c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=neoparts%E3%80%82com%E3%80%82br%2Fdodo%2F3fr6o%2F%2FY2VkcmljLmd1eW90QGthbnRhci5jb20=$

Analysis

max time kernel
67s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://adclick.g.doubleclick.net//pcs/click?jlhmY41515N2435yMX419snVO7695-2024-McWAN324SCAN&&adurl=//tracker.club-os.com////campaign/click?tsesymsgId=d738c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=neoparts%E3%80%82com%E3%80%82br%2Fdodo%2F3fr6o%2F%2FY2VkcmljLmd1eW90QGthbnRhci5jb20=$

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
1368	msedge.exe
1368	msedge.exe
3668	identity_helper.exe
3668	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2068	1368	msedge.exe	86
PID 1368 wrote to memory of 2068	1368	msedge.exe	86
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2984	1368	msedge.exe	87
PID 1368 wrote to memory of 2004	1368	msedge.exe	88
PID 1368 wrote to memory of 2004	1368	msedge.exe	88
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89
PID 1368 wrote to memory of 5044	1368	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://adclick.g.doubleclick.net//pcs/click?jlhmY41515N2435yMX419snVO7695-2024-McWAN324SCAN&&adurl=//tracker.club-os.com////campaign/click?tsesymsgId=d738c6bd137e6a03157c6c728cbc659e734fc398%26test=false%26target=neoparts%E3%80%82com%E3%80%82br%2Fdodo%2F3fr6o%2F%2FY2VkcmljLmd1eW90QGthbnRhci5jb20=$
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd400a46f8,0x7ffd400a4708,0x7ffd400a4718
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7009208530569785440,9192316164066067510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9422723861657cbd639515258d424eb1

SHA1
9d262326192f0644e119daf9b59e9387ea37a1af

SHA256
472f5d7d6c5fb0c64ae3a5a10f3aada2a2d93d5ffc91fb74aa8f3506ebae5ff9

SHA512
52ed03d0bab6b8c939600bccac9b85b372664bd66e98566265414602d35e2f458cde3292ba8aa3d7be2e1f5c6493acd4211dca80560e8f140f06cf417129d455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
87109fe659e4cdf00fb5aa2fdd246e4a

SHA1
7e415015f6d96fb3629baca2fdabd6a37e8facb0

SHA256
b701b8543be8431a5c3602aa3865df2ade8f049da7eb885d87b55c6350e875c3

SHA512
08651ce6bf9e13d5925edd614d6b74267625db5c5d5ff29c93473a4ffcefc9fbfd6ea6f462a925e7805df4d885c8ac32d78b8a14a6376fbbd0ed2ad6e5e9f165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
172fd0c3905b797e05db8905dbec25cc

SHA1
131a0055440076f8fb934346d82f2a1b02eb87b8

SHA256
c471fe5171d2d65e5c3a77022a536d59abe38cb8ecf611ffb406c7470528f3d0

SHA512
5a98c4bffeb4e319733ca58461888b8d10c241caec7b6818a6dd81fdd55dc6102585d336a2e09c14eb74e3660801440cb9c381255e12d657def5a9f6f06aef35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a67e287acadbb717ee7d19adf155a3ad

SHA1
808436fa0926ad801b48de1ff24e5bae31664f98

SHA256
0a65011107c0c0dcc59ad526f50c1870a4c1fc5ffe2838f92ff685721892bde0

SHA512
5ef527fe375889676924dc90eca5c4b19ee66bbfacb682a5ba7399816f9157e148fe3eec8742be911a688b886d22b2c50886de4fd799951ca77d7781db134486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d43953472db63fdfd866d4b29dd5e458

SHA1
e0b5911e7ec804980cf53c457fc789af6f9a13c5

SHA256
dc5d0ca805315880f8ad3204ee80f60868838635c09fb52b4f17fe32d5882ed8

SHA512
ce0f2a6b31470cbfeba534c31e398e528978353c2957f366ce6070e0f6f190bcaa02bb3e9e107dd685e9f18511c89912a955cb3db599733ce476bd3cecbfb405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
396e9ee9552da832a13acfb1f5d6f623

SHA1
57b3bceb13974b6264d1a4e0f53db1411f20da3b

SHA256
c60122ca4701e5c251d4974979235f01c98e71f971b8294bf95ba90c1d720c6b

SHA512
5a94bbdd78b6cd944b3fff0f0309d08696f6f2071723db2b402ad99b0bb3c144224f6c0166c8b0dc5a94d62d1bf54e6b6ae89d2725c3fe70d15f4c60cc448e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
35bcece052de3c23d8c423e52fe2ea61

SHA1
6bf30ec61b706c79a2a80e97d39adfcc5d4167de

SHA256
4be500e3ae5c9c772bf517bfb9629310bd4acd5474024d6d86bd8fa1da350cce

SHA512
dfaccc7b09d97057451e809eb79ac8269ed7f5fb4b16c770c20bad592e04fa0aad9d123c5ab19a3d53f69dab66166ab497b8dfe5ea83871703f4b3dbb9dce8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
7936833d94700cdd616d82f49142f3e0

SHA1
d5f006e11702dbd56a665268cf52cba13c9a64e7

SHA256
d0cb309a48627fa362fae47221aacf9ea321bbedfce9ff07268d61d04ed75aa8

SHA512
7e565ec81dbb0c9b12a24da87c50529f2f83c3d630dd03011281bf5853a7d0b00d8b39e7182e2e5c303f0ba2e79caa5096c9d5c36e9023ddfd397892b44eeb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
dd0dfa4eae5bfa410a4788bf52bb9c0c

SHA1
66c7fb782d54352bdabd686a886350f167deb98d

SHA256
c98df05238a472822d15849cc1576c4ba53acacfb4ccebf5ccc69ce62d001997

SHA512
6bb724f1847e446b16227acbeb603e9a3da8d1db8a6773d1e682a7e4402980a26d24ccd48f85b57b34c0a5fe1881ab0e70dac6b037cca37578011e4542228994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b844.TMP

Filesize
537B

MD5
9b98479ae01c733446d7336c9ba82202

SHA1
8550a17ae44b62eb4efd26958bcfb1da5917a095

SHA256
7f7bf985d87012c26d73738764996ee0dd45caa9e16a875a99b5d4da0511c790

SHA512
c3ecf4c7b879484b2566fca2b02b0fde20561dc444cb5608fa3631e2d6e7eceea29bd3ed4d769260815529f0cad8f0e3839a18382d26121b761f5d0b59922087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9479488858eda216320ca446ceb17d99

SHA1
b06a328e39161fa48046ae51690cb19da05697f6

SHA256
d1775bda5492cd3b5317718e45aef2e192f0969576730180c940250468ea0ba4

SHA512
09a091b32633295c5652cdf08c86f34f16f2084fe1e7f42d441006a10ea24166d485db1654ff92c610b103d8dfeeb856eb209c35791051d3124a69b6c26a1213

Download Submit