hxxp://pornleaks[.]in | Triage

Analysis

max time kernel
595s
max time network
587s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06-03-2024 16:51

Sharing

Report Analysis Logs

General

Target

http://pornleaks.in

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{DDBDD561-9E58-43EA-922A-488148AD7CD9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
4384	msedge.exe
4384	msedge.exe
4964	msedge.exe
5036	msedge.exe
5036	msedge.exe
4500	msedge.exe
4500	msedge.exe
900	identity_helper.exe
900	identity_helper.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 4800	4384	msedge.exe	79
PID 4384 wrote to memory of 4800	4384	msedge.exe	79
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 2284	4384	msedge.exe	80
PID 4384 wrote to memory of 1112	4384	msedge.exe	81
PID 4384 wrote to memory of 1112	4384	msedge.exe	81
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82
PID 4384 wrote to memory of 4904	4384	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornleaks.in
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffce4ae3cb8,0x7ffce4ae3cc8,0x7ffce4ae3cd8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,18443843175486678258,4708274718277573770,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
191cd87d59bcfbb734fca7bb92bbc245

SHA1
30514c4b000361fe9319ebbb84d5cf93b9b0a82f

SHA256
cf07e157a37761abad2d2ccf9385f5023fca4dad5a3594c6832274a1b5823c9b

SHA512
a72b2bfe8e6ba1fb307f4d89c1a38070261d315d36f12726c22b77fa90171fb28d6f62b112dcaad521aa09e89990ff810c363fa79e2e75b48329ddded879dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
49KB

MD5
3ae54ebefdf605552110b83b24405ace

SHA1
90de40fce39874d99d46e81e4611a288044ce0b1

SHA256
6393957659e8cf4683a65dfb4b780207ab12960375a982b993fd536a3d544c89

SHA512
a8fe3dd8186ea03d75edd95163003da6beb2f48a1003ebbfdea60cc7ff990646870eecb0ab0f13d52dee68b64da56bc69e46ef1454954ac117eb43fe1530b2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3798cdab81b3a5d4_0

Filesize
269B

MD5
05e5f969101c4ba007c66addab2f7ec1

SHA1
e35e7739e309207847e2b9617ada642ee80821b2

SHA256
5dcc26b390dfbbf2d485e98850d06ecf52c76f9a0ef799c76bf2699208e05dbe

SHA512
e1ca964e2fed50733ed6cb95bdb5097b540d595781a6fe888e991f26f8a73416810018e9e05982580ba0eef05eee14abc6d1e0e2b50c6e8852c39f2075d43a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffcbe15b466e4cbb_0

Filesize
180KB

MD5
0fdb5b47a06f42494315c584be3f827e

SHA1
1ae993bafb600893b7b20f235ea9008ad274658b

SHA256
81287bb3af5411bdc537be469e19df6e431295df1da04460378f0cedc093308b

SHA512
4fcb4ca35be8c37a0b51a08fcb8f1b0388c340fe51df10da1946da8f60200591d23e0534fb3cbe484f86a25ee0bb2f20b72c5e8c78eb83010374c80ea586ad90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d77e604cf8e01b6fbec87b1d5a4a8ee9

SHA1
bdaf92a02df69e34db1c5fb638bf2b97fac8da26

SHA256
23020d05b556a0de4f8889aef090ccb86f1fdb5d1b54a180d048d8d1a3e8b635

SHA512
0eabeae6c1536338e762f3edb8520a1356a55f4c1701250e8a0c6060d59320f0f06a103ca92c0fc5576a5180464161b94ce7b31eacd9bed98b6d0fccd65e2a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da5784793e9df65239a6e0a9ad74e4ba

SHA1
914603c50b539a728ebb09f95e13569a56da95b4

SHA256
1cf95d80d66d8f2c72cc8cda7cc702c186a8a99ba84cc32ca2a095aeed21f5f1

SHA512
bfacca2a5cc6e5b52b82efa328f693a29aae9dfc91185be21d93b4125e4bbdc36905f65643a6a0cd8429971c8688a5fa6cbeaf39080c1c55576e395df2e1797a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
752ae16421203ce394aacd8e3472cc3a

SHA1
1e551af3cd39d732be59437fb90ec7c4705f13fa

SHA256
29ace8a83b297e9c67824a0414031a5e1cae571ba1f3ec45d27bed92261bbd70

SHA512
fe6fe8ffdbe0ee5d952dd68134a89cacdcc0c96461b22bcdcc85a59afb3be0afe5088621acc92c61aa5656c7922a31fc7df2022d652f0f65c4a600480011846c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dfec9769510074724d683e364736fb00

SHA1
e34e5d1dcbe6061afd31c6bd0de3585fff888273

SHA256
e7cef49907d041fbbd38889ff952063fc0ce39106673d74ab27a15132f203ada

SHA512
ce4daea98b9fc5786303e916f7bbe394c2775eccab20f4527e406dd676d296fd49e0cdcd92fabed963e2fbe0d45b4389c5c4f1a489b10ce12a0fab565fe42231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
91fa654a5d0fcca89bc7cacaa11bff1a

SHA1
3601ef99cc8102325e1c654fc649513e541d3ecb

SHA256
574018861a18ef69cdcbc2f3615136d6605bf228f34dac5ca1db87d5232b4119

SHA512
4b144a245401d0365ea6a2e24cbfbe9787a67e78773b516c912ce21f9321c81b6cf6108eeadfaab06a682f7b4b9cf984b86b9a1594fcfe51b1247ea2f9d50e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f820a63c5043f997c628e65e47b9469f

SHA1
bef04cb3848a45f89eb700462af0b228603f7540

SHA256
175ce10acab3abca2edbde03847cfc135e78ebfe50757ee8ac855953092be9f0

SHA512
7a42c55cb886d6f4ad925ee28b6b8e53fa3ba8b90077a86358e90231ebef6589c11b00c7b21ca1143a766b40e5d25ce7af85b112bd74978fa4c786485093068b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0131c0c338158369353effe487ccbe76

SHA1
bd5abc4b13e2637e84bcb220f3991cd7704280a7

SHA256
cc8fd544c67b22808dc005a4197a7bff70d04db7cac28c0cc79803fb481ca02f

SHA512
7245ff5268ae994d5414cae5340195a3cdb093008e2f6ade5452bd31e7089f766060547126596c42b4e7ed3726c20b0f879386bb7d23b2fb85cd71fd9d44b4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b08982f5d50f81a9493896c84512913f

SHA1
3367f2017fcbd6c93b16a6c538beb3ea67066fb4

SHA256
5f50b5f9ad8b9c38e83a1363aaf6d3fbb1f49529ad3fbf253b65c3c83fa62e78

SHA512
3395e981e06074d0395d44e3f7af80211571d754584062d43fd4c1aba4a829cea42ecd2e336898a5d43629a57df0d3d88008d822ac16c4760b1e5d2f9398aa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
29134cbe5ef822dfd92226feceecc0de

SHA1
bdd37f60a1a65d120ba4071a3fe5ae732e40a2f4

SHA256
cb35af58424a4889292f0bb0aebddf0f52506b763ba7c58db27e60e37589d336

SHA512
f58a14e5394f62c2c170deaf6d12aaab21d3c3fc0f28cf60c2d80eaa6cba1fba75b0a7b0442a9a70e2b688e77ed25b8dfbffb0f07d082470fa3d0645a29e3586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581bd0.TMP

Filesize
539B

MD5
713be59db9dc91ca81e3fd49de6da9f6

SHA1
34662b702fefe3c7538c491967e2594e7c9c14ba

SHA256
ad5c1f1c3aa7928eeafd7bcc73c1a36971083201fdd341414337a78c642150bb

SHA512
f05c0f36a626e4aea7ea5880b573353717f38c38057ff7b3f7c0ae204cd8d480a0bd17288dc7cc34c05e37602ef9e21c1c942ec59d07bb05faff901f76b9a03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bf8068aa-4c45-4990-b469-15adfdd591b7.tmp

Filesize
2KB

MD5
d112fe4bf9a1d4f33c42aad6433c3a09

SHA1
e9dddce94cd91339b9e9e79b579ccb6b126cfb8a

SHA256
d739199f8356cff2e257a06e1e19c44a02be6e1e47d34be56bf8e6f2bbdd6bfc

SHA512
eebdc7a3a3597e57a85c0817f871f10dd72b33c7ae9ef65ba8d5310a08ac0ee1ccb12857876882c23fa7baaa1e7f3a1978bef379206bc4dceead29b0a5d498c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60f9a8a9cc991c225fa40ff81acabc23

SHA1
be0def7f17aae27c96f0d51603c047bde14a0b30

SHA256
f114643103135640023c2ba88422ca9c7d6932a523049266b1581afe197f9102

SHA512
f277b75adf7aba7b821a2b15c54fafc5e9ee0a6e29c2c774004134f6347701c3f40d96b770fe7fafc6f9ae76efcddb4e2adcc5e550865d84c5644cd8d61e8d33

Download Submit