hxxps://click[.]rewardlink[.]com/?upn=dXJsPWFIUjBjSE02THk5M2QzY3VjbVYzWVhKa2JHbHVheTVwYnk5eUx6RXZOalZ2ZURCdk5reFpYMWhqTW1wTWIwWnZSMjlzYUMxWGJVeGpTWFIzVTBGb2NuRTJTVVZKYkRScE1BPT0mZGVsaXZlcnlJZD0xNTY3NzI1NTImZW1haWxBZGRyZXNzPWxpbmRhLnN3YW5uYWNrQHByb3BlbGluc3VyYW5jZS5jb20=

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.rewardlink.com/?upn=dXJsPWFIUjBjSE02THk5M2QzY3VjbVYzWVhKa2JHbHVheTVwYnk5eUx6RXZOalZ2ZURCdk5reFpYMWhqTW1wTWIwWnZSMjlzYUMxWGJVeGpTWFIzVTBGb2NuRTJTVVZKYkRScE1BPT0mZGVsaXZlcnlJZD0xNTY3NzI1NTImZW1haWxBZGRyZXNzPWxpbmRhLnN3YW5uYWNrQHByb3BlbGluc3VyYW5jZS5jb20=

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
3348	msedge.exe
3348	msedge.exe
3924	identity_helper.exe
3924	identity_helper.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 1424	3348	msedge.exe	83
PID 3348 wrote to memory of 1424	3348	msedge.exe	83
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 536	3348	msedge.exe	84
PID 3348 wrote to memory of 636	3348	msedge.exe	85
PID 3348 wrote to memory of 636	3348	msedge.exe	85
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86
PID 3348 wrote to memory of 4056	3348	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.rewardlink.com/?upn=dXJsPWFIUjBjSE02THk5M2QzY3VjbVYzWVhKa2JHbHVheTVwYnk5eUx6RXZOalZ2ZURCdk5reFpYMWhqTW1wTWIwWnZSMjlzYUMxWGJVeGpTWFIzVTBGb2NuRTJTVVZKYkRScE1BPT0mZGVsaXZlcnlJZD0xNTY3NzI1NTImZW1haWxBZGRyZXNzPWxpbmRhLnN3YW5uYWNrQHByb3BlbGluc3VyYW5jZS5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9657b46f8,0x7ff9657b4708,0x7ff9657b4718
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2541140287190244578,16960411334281490369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
46KB

MD5
c082b6713ebae7e8709133a2b5cb2138

SHA1
f005ec6eb0a4f2473ee1c01c5ddffc7776c7bd52

SHA256
e726f41aefc885099cf0c1f785891c9321c8bf11341ea1b45045334e1000a5b4

SHA512
33dae8588a1139c44e6493364465278d1ff25c6bb9c4c9acf27907f8b02cddfdfb5034fdcf1b9c8ffd7469472105944c0ac5dce95cddbe72302fcf61f874bcf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
94KB

MD5
9dcd5dfc2dec7891f563d6d1d76d408a

SHA1
8ef400729c5f352a0afb633bcf2efca7022e05c4

SHA256
f596af0369f205124d1c061903ed346fa5eaafd07f2612cbdecbf5d1b590d63c

SHA512
a8635e80591b6c61219405cf01fe40aebbe51458c4c5276f9859434d0836a6e3d8bee0b1a4fbff52e4085f4dbbb0772d34abe8d430c1e765ecc61c1965c8ffae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
5afe758ff7e91acea2be27c740b4a79a

SHA1
8d8f2374700aecee7de970d0f9a16e4423e5ca28

SHA256
1345b9ee6c9415bcec18ff5d612bc177738c51dbd5ba99d62e5ea21b1e3e46cd

SHA512
b62ba095d025a40b2942d52fe485c86f30b63e8f4e9fde31923f8a2f56e34838d5a45e31814946a8ce44eab50b1a182be0c3d9ef96d85d812c06f5a84bd88ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5dd1867c79facc8f3ae80d47c468bc65

SHA1
0504a4cb8042a911c83ad301dab880929c7d2e1b

SHA256
3e05ea305240d1c3fad04c71d1c653f87a769942094c96e220216cb35b5c9b87

SHA512
c6f0e50dac57d67880c98b22c1ddcea535fbfc6d43f74dca4be615ac1f663df3529a0d45cd259e7f4294e954b699032fbb2eb29bb75dde0f64a90c214161275c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
554204dd4daafa3729a8e1d8a68c60ae

SHA1
e81bb9db9a15d798d7e42cab559309417cb58128

SHA256
46405e5fe477eea9c4e445fc9ae5e8956faf7d5758f42e2b695f9e273aa56628

SHA512
d32f2ae1af91075590a18f2aee032c00331b21486b2cbf5dfa8a9581c68aeb00bf0f617ab050b5c1f1eef2a720ddca4d09850b149fb8a05456e3ce6ec1fb044b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7145b76b4486f3fef62b4db52e0b9b64

SHA1
a0e73e41796acfa95ad057aeaeec5549444ec236

SHA256
faf72995dd01ff7c9401ffe2b0b238642f62ae332fffe325b025a1aad638af37

SHA512
48da5f068b4e5ad0129aa1acf5897b34f9d9fb3434ee753bc80ef9e0bb6be852fbff74c7cb20da3116481d4242ea334dbc498390892ebf24cd50687d4e63a903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8bc44b869b61e71ed68b57bf6033aa0

SHA1
bcca6067092a3fb9aa43a3331924571c5ad3b7a7

SHA256
64dfebd76b0334ce9dfcaaa00dd9d3406dc62c0fbfc68f542502e560f8c73529

SHA512
d9107ed3fa457e742c8c2b738940db0ea5aa0e79138635baedc27a4a5c3406a99fd49b1ae6e917dba77fba7acee242de53a8cf22e443c5884197572e9fd9e284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1afe85cb304773e2d8706ba464f1348c

SHA1
f0c850a0714808256073949ff706ab3746500756

SHA256
fc5e470a8fcd9057c9434de73d8ee86e88e0656e4a1acaa3f99ed4a92d7972a4

SHA512
8c01ce3a1f378fc8d51a96f92f9b310b535f0169800aee09391eb0d88deca79874f81973472279efe94a2ce8ad799c22cd58f6573a7b83588f6ba8d0ed006a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3deb4d9add61848b4669a6324a84e8a

SHA1
b6b1ba0a39f086a43f237181dbf257f851aaa799

SHA256
536a5c5b5fc6a4cc94284e9663f1a7db42514ddd3a929e560fdc628e90ff0505

SHA512
195691dbd080766fcedea4aae85eba65712493093480fca071fa7ef9287e96bad09de2e64dae8859d4b063f3a5086f6862ed191c6fc7b3351dee454b7a5df35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96c62c126b29d6047047e29648ee8cd2

SHA1
1a282d29facf54ceff672a254c92632f123c0a47

SHA256
5cc5e435d50cfc0e09f0cd09e8ffbb0ef5b976098befecf4aae73c22c7e9e5b0

SHA512
e06dfb3cb4fcf49797848b50738a461e8a2635ea53b2e5225873d168d5172748338a68e3a6df639a425c8d8584ca2f3034463b228d1d6b5f0c99a1ecd3c6046d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6267fd2933cff0360ed3044c9ae30ca

SHA1
7713dfb6c5bbc22036ac88e50930fe21e4cd382c

SHA256
b9a38201b1b7ffbc6c698853d6722685f449ed42f3ea99d7f588c20be0f91d69

SHA512
485d47f2db8d97b2e8173b76ded16b3ee7cf368a28365eaf0e6903d3bafb18b218a950dcd9e197bdd19970c04fc42bd65c93fbd389d211f6daa4b806c4811fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8fb.TMP

Filesize
1KB

MD5
bce284d903d96e1a21880b5ac57e3338

SHA1
a6d918448a8138df5621a4e93299514252c673fb

SHA256
279974982a3ae187040921c50c9c7807d1b4a703d177752f14617fc48c39b23c

SHA512
084b109935864a38309facf40db60340612f0a50f852c83c6636cf3e04ba6782f82eff17254ed7efa2c89184eb5228d60212cd84502616895fd5a3da121f105a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ad54109f5d65cfcd8cf2f2c8274e74e

SHA1
a30f41d6d9f18bad6aa7cb4f6b1b177af52e2b35

SHA256
a7c1888ec9504657f11d5dd02b214353450260f6c5a6c36ef22a64748bc1d3ee

SHA512
3b95a67d6bacda5f04e9e91c8f161ad7a0b4abbe90465005e980843341c0fdfdc80581c721c537a2b974329980ef0774a8057af083d4bdab4d63dda6aef93f4c

Download Submit