54809dbdf16b8748f2f17f35c6f0927d2a2b5d392deb07c007cc37d9bd2816b6

Analysis

max time kernel
161s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clfSchool.exe
Size

3.3MB
MD5

ad45ee315d2f046ec1038df93df16ba2
SHA1

0a9c500ff65f1437c7ec9ec0da5745d5580257ee
SHA256

54809dbdf16b8748f2f17f35c6f0927d2a2b5d392deb07c007cc37d9bd2816b6
SHA512

04d0d8566df3e77ddc8fde6d9ce3bddab8bc6737e326c1f4c722108aa74b107a4b5baf62afa7b8de1b8d782bc9102539e3ed0fd2fe1b2a2463bb6a0b126c82e9
SSDEEP

24576:TGWdDug9WdsWdJWddWdP8et3Wd/h+u2lxJuV:TGWQ8W+WHWrWh8oWTQxEV

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
1568	msedge.exe
1568	msedge.exe
552	identity_helper.exe
552	identity_helper.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1568	2152	clfSchool.exe	86
PID 2152 wrote to memory of 1568	2152	clfSchool.exe	86
PID 1568 wrote to memory of 1228	1568	msedge.exe	87
PID 1568 wrote to memory of 1228	1568	msedge.exe	87
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4236	1568	msedge.exe	88
PID 1568 wrote to memory of 4184	1568	msedge.exe	89
PID 1568 wrote to memory of 4184	1568	msedge.exe	89
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90
PID 1568 wrote to memory of 4316	1568	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\clfSchool.exe
"C:\Users\Admin\AppData\Local\Temp\clfSchool.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.21&gui=true
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bde746f8,0x7ff8bde74708,0x7ff8bde74718
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:4316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:4248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 /prefetch:8
    3⤵
    PID:1368
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
    3⤵
    PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18113198335701284496,16141665210532978325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6336 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16c2a9f4b2e1386aab0e353614a63f0d

SHA1
6edd3be593b653857e579cbd3db7aa7e1df3e30f

SHA256
0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81

SHA512
aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e5ffaad22cd32cfb9204e6df5fc2c214

SHA1
20b61fe6be911cfba56643e4e0f028b3b715e4ae

SHA256
14a608eea28617c41033183e84a8750e34864742a97aea5cebb23f1f0095a995

SHA512
0663019294c9f9633415d8fd94ab94e1c4378b6cb86b0d805c6ff82655cdb48fc086b27aa5c2b7fbb378247ea66017564d5b23baa88588aac53ea7bb40b02c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
011155185bcf6c8cbc2558a0048c4f11

SHA1
42b916ebb80ef571b83609ab70e7bd267c8d50ca

SHA256
a3d47b3cc903e7d9b4506243ccd0d5c84d179be717b863e230945106e4cbd70f

SHA512
c5af9afbc8bdc4f20b072d99c365b9a58ee85bf14f1a5c15cecd9a62e7fcc2e9c9dd792bc44451b5e55e00212c2da0cbe3bcc5a9f4d57e97c153881396f9f6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
980B

MD5
cb828670af40c03a6ebba981edbbc46d

SHA1
e423187f373218e7d834a25f6319ae2f0b6c4185

SHA256
8125f322319b933f22eccf80aac34670f821ae0b7e6a370b8886213181185411

SHA512
dc71dd167689bbd44e770d8afb20005a37edcd66157d06531e80c8919c414a4e84cb638c4c5466575a23e13a3386049ba806280bece36bc8af8134d78f7ef680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1537ad2cd924f7e7519196007572c81b

SHA1
6ce8935eaa7d06acdaf8a8eaaf104eb91b7d8d52

SHA256
c5d038afa3c08111d0d6a0668bb3fd1b1c9e015a51a10820507533c790c51e90

SHA512
e29ad7893dfb79a952823878641e7e0322ed4af618265a4dddd8fa31c5496207d374f059b87e56b143e3e7d667bbd6755b25a0a5faf3a080b675e4a2b0153306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b628ee0922e4277a655c6320fe20c33

SHA1
76dc40ac4758aaa5bfa71e3e53b226bedd7f4982

SHA256
4fdcd56993084787475807a67ed83765314fd70a41b59d313640945389c1cb9f

SHA512
3680119e6659d3c7400431559d9ef0af2ce725b3179ae59ecbda93ee2d9489427b8414a6ac1b18121b4237440a09428e43ca52279a7fa514def38ad5b189c7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef220f6ce97cdaa2a2e952a39798324b

SHA1
e520555191e939d4a0cb0aadbef51dd0a442a1f3

SHA256
1727b0db1fae9e76a4587d1bc4028ed82a87efd30d12a96cded1599aab0a6388

SHA512
d6c52e73e2418320e4c7a5e035df67d11da977167473e336d8e49c10d8ac7425f161acdd3a9861e3cfa8988a3cb82d625c963eac4dd67f408fa0a4127e5b2c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
699e3636ed7444d9b47772e4446ccfc1

SHA1
db0459ca6ceeea2e87e0023a6b7ee06aeed6fded

SHA256
9205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a

SHA512
d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2f55336e9803d1282cc44432515de74e

SHA1
efc9eb95b2c3e4926a1ac396a4f435cb7c13d072

SHA256
707c9cdc04277c63bc39203d06c54f7c166d4dd5f62302f31e26faa408edae45

SHA512
e27bf44c20fc64cec396385b98874974ebca98b016f4a42b408186fd6f714fb0c3ffd2ad93a3b676c4f7eb481252a50f16b3f23bb6a5999875829f6242746ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
41f42d87b8945fc96ee9a5524ed6aadd

SHA1
0860e10476bb4ef34c3cd97668913a5fa5a9e2e1

SHA256
f400971c1bfe321d68e568a5cc232bbc191a2dc98169ac0f861bd399a81977b0

SHA512
8cdd32a5374b926a84bbfb9fda3deabf4432a5b88816575d38a916294ee0f7cba12866caa586a8fa00cfa49fd9532863fe4a9213ba7c765631f3c87e4c6719f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
ca9f79acd8f11dadd8652fdf2bcd5984

SHA1
1319857265957ebdc7ed156e9f3cd133e79bb3a2

SHA256
894b10f230059ad7ed31858b3875959f6cf71e8241c4f2552f173f818846609e

SHA512
4111b434d1c3e22120fd393cbbbea44bdff57e6fa4a3ca2d5ee82d5376deb45c5b75e42e14d225971c2ecc5b2cb25494c0e4c545f0df36b6c3832f27a049ba38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5989c8.TMP

Filesize
371B

MD5
1c6db60f66d2a11bea3080dfc91b0dd4

SHA1
5d902499d9f6ec94f7c9d38a832fd37ae31561a7

SHA256
d91e18285025a9ae23d3ec011b02a380c8f79d7e8f9a3a8339c538a6d66620c0

SHA512
3b84e7da83f7f505920bb935859277b38f5207df156949c3874d2dce00f2063713ddc7369c2dd232ebc9a748ab444b5a5bc3319f9215043d5d7ff34b264d0a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e35f8d5dbd6ef23a0dc87101252c264d

SHA1
af5505a1fdf3f379de2fb475012e1ff6bf27db80

SHA256
4782346719d703a7165dacf08fb5268206bdaca9b3fb618a2adf7e906f1135ec

SHA512
7e4a03830ea6188e9b5e1e89422f80e637fa6b88db4773c4c3dd5cb5bf2f7e7d178c2fcef30c0e5e5c9acb94c1ac550dd9f9fcb166a228c96ee6bdd0a01419bd

Download Submit