hxxp://d[.]updater[.]i4[.]cn/i4tools7/config/jbckera1nIso/20211108[.]txt

Resubmissions

03/11/2023, 10:47

231103-mvhhlsah47 1

03/11/2023, 10:39

231103-mqgeragd81 1

Analysis

max time kernel
133s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 10:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://d.updater.i4.cn/i4tools7/config/jbckera1nIso/20211108.txt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{6B8E0C16-ED8E-49E2-9478-54E9B8A1D307}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1984	msedge.exe
1984	msedge.exe
3996	identity_helper.exe
3996	identity_helper.exe
5824	msedge.exe
5824	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2456	1984	msedge.exe	45
PID 1984 wrote to memory of 2456	1984	msedge.exe	45
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 4308	1984	msedge.exe	88
PID 1984 wrote to memory of 1488	1984	msedge.exe	87
PID 1984 wrote to memory of 1488	1984	msedge.exe	87
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89
PID 1984 wrote to memory of 4292	1984	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://d.updater.i4.cn/i4tools7/config/jbckera1nIso/20211108.txt
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fff0d9a46f8,0x7fff0d9a4708,0x7fff0d9a4718
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7136 /prefetch:8
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4393483048081858334,2747890275392320484,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
7f64f527eb916de76d5559f2af78c4c5

SHA1
a08d47d130d2025d8c678609fa857e4da5d34105

SHA256
76c12bca3ea33b6d5d0c248b8a7935e467a3cd35257cae3829d16a3dc5abf891

SHA512
6c706f7a5465a6bd002c004726e35719a1df7a8ce84d3ca620db22ae9016c4285cc344e8d080898fca2212b9c2e801e43951a55b46244e080086bf1dcedee56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
23d835f81b458e3a273cc9e9daf621a6

SHA1
d428ca11ebe6dc59a810dc1e0f65c4c1741ea516

SHA256
184d3ad95ada1578824ba5151c7d5331166fb83ddb634a52ec5c907fad0e221b

SHA512
64de1faf75e66c85b715f0e50ff2c67c44beb28887a932a6b37e9a78f2bd4b9d1fb477afe8c8ea70ee51f2c61e11a94e54b2aa38ce7e574aab20718fcb312021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
36KB

MD5
3296f64a7a2bf91e144553e17654643b

SHA1
639b0f05038c69cfc21ad55ce92b92c71b9bb8ba

SHA256
4de9e2c37234da98c8be5f282084e5603918a287602df7f75af3f1bcf825781f

SHA512
45db48942642adc0e9d50c5cfdcc2cb44f8e2245f2248f5fbe7cd38c405d35a0f678446d31845a35136333c1b9d16112799d08bfcac28caa7d60039c04bc5ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
85KB

MD5
45a177b92bc3dac4f6955a68b5b21745

SHA1
eac969dc4f81a857fdd380b3e9c0963d8d5b87d1

SHA256
2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb

SHA512
f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1001KB

MD5
966cb678d48f89d6c328401566226a11

SHA1
d08bef0f96f0a07bd1af7b5bca84f919271e93b0

SHA256
3e53f9db97ffdb16c875735823d7e2e059c9c8907b69a7423377e788c2095934

SHA512
e1f8351eb67de5107b3140458041ae19e0d7db063412326f75463042b31559048c7a0bf9e833761306f710385ff71a60ad1bdd644083c04b69c597e35f13bde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b4e678cc84b9d87e7c1e32c964960f32

SHA1
bc0d96d3244e648bd368b365cae858641f4c815f

SHA256
c4390f37040a8b23d87e97983cb4f8f8160d71fd9727f52389227691bd4ef667

SHA512
ee13da58233739212aa9a87ab42701bf74a5ab87585898154f881c66a478f591f5ed5f9ca1c7e724552c7bd178615b8691dcfd5d74decd7cceef9569e2ef5932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
c5810cba382f0b2b3e93a2b10d822f9c

SHA1
8b5a66a0bacb1e59614d42e52dd92da8f067dbb6

SHA256
58c1527d0f7a38c683cee02f0525d1ca9a73fb285f637bb50ce63f6db2b888c4

SHA512
f0955d43fbf88074e02efe1dd0b1a5de00170a0d4b04fe50f47dd3fbf61def2778fb50165c3759072b6350993257da9b0a1c28ea32317a9adf9540a06410ba66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3cb29f23e9beecbce0cf821db00db57

SHA1
27b113267fc19d40fceeecab3a8562ba557737e7

SHA256
2b41457dc53239f7614410970dadd874578c6ff77d93ff3539281d3c84552e8b

SHA512
b2ce449d46bfd340386be3cf2f250f5c5b37d737ed105058bfbcf2508f295c2b6e62e6141f25dfc1aeb219cccd48730c2109237574e329e7f12fa4615ce4b20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4dbfae140c7cb77795bcabeffb5122cd

SHA1
c791ab73f8bb0969e0bd64eff036f01e642f4255

SHA256
33a964d3ee50e657340aace2cdfa03058067f1bf569326ae45f4ff4468d7f97c

SHA512
72434eed8ac697b89f7e0f7ec4dece97ae429661f250a7e6147b3fad83618e121ca82ef8b21c1379984e3e17066ed0fc11def9329c90059c305a9e322eeaf748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14ff9cb2f1488501333833f6744ecab3

SHA1
72b6a9f3ad2830c91f8abe61bbbe6638205ed363

SHA256
52db7648d2e121556c80eba882237044b86ceb41a233914f902075260750e86f

SHA512
a472a83541f56b17ea74db81877205cb14fde4510041cd82be5d502d852b8c6e48f19ef9ad52d3484cf2d15605a5f144a0071761cba109430189ec06d105639b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bb971158beef3ecc55efad226dbca58

SHA1
5008b683c52633b2dd2136d4fb0c69c8d02ced1a

SHA256
ebcdaff8affe1ce3552f526048bdbbef9a2917691948f9649b6b5a2c249261b3

SHA512
357f283f1fb52bf5a10f767c83b766c58fba9cc65c2cdcb682e645588fd1599d0d86d1bf53db4a6f0ef7173a1201d35146f588741905af89568ca4a6e986514a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5aa025d6ea7f3b3a7fb79aa7f9afccf0

SHA1
c078d5220832cbded483daf13013bbd08fef1d21

SHA256
1e2e75a7bb806fa653ad7dadbc73d2b668c75d4287b9d1049bdccedd7b8825b0

SHA512
fca8384c5ac5e5534257a0b69eee8b8ce3bcaa37eff1aa2be7d74a902ab236ad1897f07a55bb9728b503497d55e04242ffc1fd7b24e3a49e3671fa4f27f47948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f54245fdb817562ddb799d0554473e8

SHA1
b8fb647427b9c6c28c60460a939229c341ef28c1

SHA256
1941cc33673d66d4ffbd8f73bf8bcade622ff7d05a403f6f1c05680d83947d70

SHA512
7c5d04a93655762047eb915f4070410fd75620fe0559b01971fcdde8bab9aeabd2a89743e22d8b9196c2632fed98e44437f9c79059b35007efe71421fe59192b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6b7f74e0893eff0598c6306e701d40f9

SHA1
d9bed8671a38e1e7b1fda0b6348de711395be27d

SHA256
a60858028a1ece8e7b1fce24e833708782a324b9111c73fb8adba28c8e654c95

SHA512
532d13be358dd8d127736d7cdd1276f2836a9af51466af92dd814aa176610c7b8c98a700e14e0556fe7cd7fb40d6ae07d93a70f1082f288794fd0c1994acbad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
56ffc035b1d733cd56b1bb61f85faaef

SHA1
6317e211dbf550aa9ff57bc7d0427e7bd5398d3f

SHA256
71ce3f1ec4d1289f1a887a8e48a9a5cabf845c9494f4ab52f0ca56c996118e19

SHA512
72a27b7e22c502ebd91527ce51f6d53f8c4ccc6219e13f3b28605f8596e8870afca8cb46b478e282e7050c7f94d7f625635b9786358f85cfd3fe730035982a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
1eb2d6b133aa91892516ae8b9d17fe9b

SHA1
1202f2568ee8ad54c1a4eab7a2ec41f5d18dad63

SHA256
cb03309c0106ecfb118509a3a2ed77384a4b59b84be15c35fe826a5822f8709f

SHA512
1ee50f71e05c9f7b95b188bcd53a75fc546df3e889d4d2edffa5f6e0ff58ed8c870b4f7e8ce3c01bd8a61e10028fb21aa196797368d5c40ea712238c95e83965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fe41.TMP

Filesize
203B

MD5
fe45e697a3438221ae08c412a0598af5

SHA1
6657228037e27a7c00fa9914e8432b22797b28af

SHA256
dbcbfee9800597ed8ef8f6e06370ef75900e3cbd3e8361ba05d89804fc4e77be

SHA512
9d29db6926c60864cc2f4594cb93e3899b60f401193c406ef4217c04894a9ad8188a5c5aa57eebc4cae9d44909868e95a4c934589ae1b5fc3024ab8a33758abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af31da79f031b5e1801c550e4e9eed1c

SHA1
aa93fa1915b4e96a89420d1e2cadbaabf7d761c5

SHA256
1e7119e187eafea52b19d4c4996a6824bffb3da662439abe26f21a6cf7098a95

SHA512
3b08a9750bd71a2e203bf78feecd4094c0fcb9f74f675cf322568c57ab43d09e592d073bee9c65a09803152bab7c49873937c9a6d5e74165204ec0030ebafbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
68cef7ae446396c926e6d34b56c47748

SHA1
503cb52abd112d7ced3ed050b2936a9a772803f2

SHA256
7747c621bef3e9c8cd195e36f7ce9355da9f4afdfa3bbbacef4261f2353a82b2

SHA512
1a4185d37948b8c2f744f7f2ae75fa4b6e129aa6d97ac1516da6928c7b08e50914ffe10932261bf6e85776f9f99159b14de789bd09621de4cf841584130385e0

Download Submit