f167c3f4e7ce594790ff1f611f6989460c3344c4268505fc0af552e6bdef9d8f

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
18/04/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

School-VPN
Size

228KB
MD5

a11c8c834a3256e6b918fe2e154120c4
SHA1

a694ed057da581ccf946146317dc6101b9894e5f
SHA256

f167c3f4e7ce594790ff1f611f6989460c3344c4268505fc0af552e6bdef9d8f
SHA512

8285af5ad6a4225ee7b8ff35cfbb9d76f8786c2a9cae8d018d251f5b86dfe45820c2a5ca96647b0e6092a62ac94c7b44748a2436df2dabc44a80f777e6c6dc3d
SSDEEP

6144:vDuqJhf76VSgE29xxspm0n1vuz3Sf9QvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VH:xf76VSgE29xxspm0n1vuz3Sf9QvZJT34

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-8492748-3358837828-1435473090-1000\{BB907678-DAA5-4BF5-A947-A04EB646F53D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1864	msedge.exe
1864	msedge.exe
5004	msedge.exe
5004	msedge.exe
2176	identity_helper.exe
2176	identity_helper.exe
4052	msedge.exe
4052	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2816	1032	msedge.exe	85
PID 1032 wrote to memory of 2816	1032	msedge.exe	85
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 2400	1032	msedge.exe	86
PID 1032 wrote to memory of 1864	1032	msedge.exe	87
PID 1032 wrote to memory of 1864	1032	msedge.exe	87
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88
PID 1032 wrote to memory of 1728	1032	msedge.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\School-VPN
1⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc457b3cb8,0x7ffc457b3cc8,0x7ffc457b3cd8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4912370356429594559,4591457095058768128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
43379e1fd46bbf81afb4fa093257a7b9

SHA1
a1aa383ab51d42dadb4d670b2f8cf3cd942b6172

SHA256
ff0fb0aba84da291dd911ea4776d4e1d61d300b655644196f8c53923c39506f5

SHA512
5db08aa2770fd4ed60407be5014cd602327ec66860e7c034b635c4c7a84bc8a5cae698ea807fabee1b05f36eb5759ad65958e54a8dc01a79bf908957dbbfcea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b3cd5e4894701b66c8551a435ee29ec2

SHA1
ac29ae9a2fc83b817e559ff6391d671122d34af4

SHA256
96f9e5444a3e9c3149465940f2254ba89befa89504edc3af41023a8e7a8c2640

SHA512
d3979c1b7d6d4d06b575e7adb7c6843224e826263272b1c3fbcad0ee8a2f3fba257ed12bc6ed60740fe815ea2fa1373749e8b63049a92d1a173340f81d9f9fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7cb38c506aa269d72867151a90eb4f93

SHA1
db5fa8d9da481dd2ff999b05fb0f3d8efe013394

SHA256
361568d6dd330aab0416259a269a04012195490038ec039d01438286ee2974a8

SHA512
28f16949f65d8aa66e03f5b21fd696cf0789369e7e3bf5aef3b519be99d681dc26cccb98acdded9dc7aa86dc5e286427467a949b5f6f1f22c120a0ccd3af793f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
784B

MD5
9af23c7a56dce73399eddfaecabd175c

SHA1
63f1c9516a8ad421f2bbcb0e77956126c91e6be1

SHA256
ed4a8c4beaf9af80087629faf8a1da749223a3fb2836516a97f6ae58321c1fd0

SHA512
b58ac6553f49627fabebb7973d4d3b89da6f16b012d872d7e2bc73766615096af1f8d2f0a6d8d0e658ad07c7ebe85b4fd75bb4aef05b9a8e7d0f46fabaa81e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5286c384cb4f472402b3f93bdb3842cf

SHA1
1f044294fd62f4c28b66a55340a213933d26aadd

SHA256
bea68db1ac7d8459c706a05c75b3e6b24c2c55e7ebeb133d7d6cbee8b852e64d

SHA512
fdfcb91c6da571be04c20c66781cb193f2f581cbcf8c897d26a9ba886f41c49286f165ec962f11cbfe5d42fe87c1fb5c6c89a22faa42f5b14923b45b0af1e468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
553e8c8ad3c2412d2d430ecd91632b50

SHA1
385caefd9dd9f8dcaaf9611074cb77374bb28cf0

SHA256
08801c3ffb673f00da28b086072c2fa725645aab36f1cc1e8d83459623a36c47

SHA512
d26ffff64fcded7ba6cae9a723c87a91ccf828249772d182f8db9c279dce6118ddf7e86aa0ce6b47a4f955dbe1b52e6998984e986a9a62f5a450387df7f35078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d693021abe16f5c39732833a8e6bd246

SHA1
e7c09c5182dd10085d848fc54fa38e49c5b21dbe

SHA256
e835f117361bc9bf3977ee794cd77e91bea41c9a15edf60e59457c8ab3c17bdb

SHA512
2395a3767ae6e299655aea64da6e4c68a7f0038f869a5c3b0f59b455ff8d8efe187a408dbd405883db7d3b0ddef21ff234b6dc8e5d6f333c20c3594ddc559e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14c27cbff2754aec0f0145d6960a5b2e

SHA1
007d1df06e82138cfdbb722a40fc01134ac1b8ca

SHA256
04f321c5a32e49848d1c701af4c1aadb450ffb399cb96ea692d95ff078b99cca

SHA512
709e36fbeec23d37f594b7ef10e2571ffcc3825dc7ed72771a0ce1a614245b1874978eeef006a6f66528855597b47abe5f12f51e43e87aeb12ba21d9d2956de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cc9dd71871a4337d9bebbb37c43f122

SHA1
2f240c013d04982f3d4ff960a34c3335a476b622

SHA256
87ff8e50336b96f77f3bda8b601225a7af1ed523b61cb81e15e6a7f90a488421

SHA512
8d9d0c74a1421a7e1a2db675cb8bddae9b0867c688a5d15f94ace79fb5795b3522f4300df8f08bb9f29d17fe5fa23ecfe4e65f4dc16bf3983b75abcc78aadc6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7404d33ef2c43e3a13d7fc526d67cf8c

SHA1
3dcd1d95f380d4e8727ae37f14ac102515138d34

SHA256
04534449b21a0fc5dd1675997c73769d19ed283c18b3dc11389edb54b2d420aa

SHA512
5e03719cb6aa6033e0b2a8fddbcf130d72b66f7eed251e15c14993270bfdaacf53c712332abe467d73634886bbb9ca4c2f86b267a42d047e88e748ac920c4357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fd40fd657b5aa3bc5f8f98b68098ef5

SHA1
a697a0c8d5629c285c97793b7244337cffd00590

SHA256
a156e80314cda89378c5cd5220233a8e5059f3dcda369c9d3540d731edf425c3

SHA512
89755b7205654ac2e7839e6155fd2c62f6394cdfb4eceb1448d0c2be3ff5295e21840d13f641e309a30717a77e8575febff6a6da504c32f31b24bb36cbc5eb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584699.TMP

Filesize
538B

MD5
787e91b8f02c440bc8a63e8917f2bdf3

SHA1
f65881f64d70472b9f8913cb1766095813b1ecb1

SHA256
361f88c11348b11a57588e1eaa2cacbf09ab11d9fcb1532940b90ca3e7a0cda3

SHA512
e3871d7a3fa9aa0c77133d5309b0f31e30948ae3ef879d132fbc5815460df081e66dcc515c5e81a311ed9a9444a78ba461dd53e00ef6edbb4bbe4b2c7099884a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a65ebc472f413361f13821588dd2bbf8

SHA1
3381b3a73700da8f03941decd313d79ccd3501ce

SHA256
46adf930741823b795e9caf6a49aa887eb5d3e73f78ed7971008f15c40911527

SHA512
bcf85aeb1cd3a95fc8c78f0c6e3c83114db15dec48b7e7baea4dc07dabea2b95624259b38a3653a6c86428a3542f59367335504302034673f282ce0111bbe635

Download Submit