425eacdc90d3390e3ac5dabeabcda29bcebb90422c385a7cf93583f7371ce751

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbbe6f168fcc13d934d51b3fd8ca45cd.html
Size

432B
MD5

cbbe6f168fcc13d934d51b3fd8ca45cd
SHA1

36c6b381b29e0d10b37d701e5e40becbd63c9354
SHA256

425eacdc90d3390e3ac5dabeabcda29bcebb90422c385a7cf93583f7371ce751
SHA512

b64660d158cbb0008710bbbe1eb6cbcfa277709dfca3b7db2f78d2e32607d3ecdee1b9c4719efab6ea2c5c872cee221133630935fd8e8e6180d5e96821e0903e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
4976	msedge.exe
4976	msedge.exe
1552	identity_helper.exe
1552	identity_helper.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	6140	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 1664	4976	msedge.exe	87
PID 4976 wrote to memory of 1664	4976	msedge.exe	87
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 1332	4976	msedge.exe	92
PID 4976 wrote to memory of 2024	4976	msedge.exe	93
PID 4976 wrote to memory of 2024	4976	msedge.exe	93
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94
PID 4976 wrote to memory of 4904	4976	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cbbe6f168fcc13d934d51b3fd8ca45cd.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99c9746f8,0x7ff99c974708,0x7ff99c974718
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,18016436352861458447,3087171616026176633,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5656 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3512

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
b1e79720c3601ac91de32c4d4bff800d

SHA1
a5b85548a3d6b84a7b4dbbd974459a46980a68a9

SHA256
461b616cd42f4ae677bf5fddd78aa80f2b96a41af5f329263c66cd8ae65785c6

SHA512
cba8f17badfc4db3102f8495f486870b6ff12730fcca04dcdd320e29387a42cdd3715bcaab6361238fcbcd37f7d87307b998460c43d92069ce409a333072947a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
1b813a3c64b5ed7ea33ea9bd29ce3d10

SHA1
5659369bc47da71e992792496a6cc78d4fa2425b

SHA256
26c3e047e22d5aae25932f64437c0dbb1190c1291f749d97cb850b0ef268ef56

SHA512
d78a2ff185ac63b22b1e479da253fcd4f8351efcca8c498342084d46e94fe1be658569333a1af2fcd51175214bf423461155d4db216a65fd3f1bfad305f39da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
aff3bc1559d07fad2bb622534d8aec1b

SHA1
fa3b9aff245660d398934dfcf68ce215a0a5cde1

SHA256
7669fa0c1b019473365bf76a4137751cf2913c8750be8253bd5f9afaab6e6a05

SHA512
faaba15c787812f497cd6efddde2d04d35ee40b15a4c7d1a9ad27552a8b38acccb7cef6804fabb318735cea43ec6a42e8228992a9164bab5346aa672a91765a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wheebsadree.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3c8e890999e83a4f252e72cb40f87f9

SHA1
80192bbad8d545c933a9f255ddabea4caee9180b

SHA256
114b95a0150fd2e93ed7845fdba4cd6b1307a983c223f9e18280df793aac2cc6

SHA512
70b88f2a411b85952f21c451a4abe4c2e59bc4c26d9798455af849028280f5c8334bae6b0f8d00b8f6fbc283877a1c2a5573e25703dad40d27b4bf85b5a635b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25a8db4a47dd12329972a73c4d135d75

SHA1
17c5ae590ca112bf6249d5953eef64a32c2533a1

SHA256
b60e7a714c676be0da3bc0b476e1ca186a16019d4b39b16e2d91590aff86de31

SHA512
e66146cb98a0b3518c00d6d5dec6c348281d56d7abcd1ea164ac284b1f66be306b7f29c9c56ef49275ac9816c2e28ac80b66a02fc5a143a882290cccae2234f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd13f8ede2d8ad00ff40642fc627bbc6

SHA1
2aeefa01b13f4ba105abbce80918b05b99d458e8

SHA256
a686593dd66b7839a3507b8b86484fe977a71986f054a148cf3758550aeb715b

SHA512
a1d577a352dc7fb320f285a0d32cb3dfbfb8ea1a4524aa32d1e7dadbd3b84646ec43e9210ead7988be2f335ad1d38a80c76318c7bf29bba0eed7bad572c533fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a51cd73f6d9a2d4695a9f99390db2768

SHA1
67d440d3a66988813e30773a3df2c693b817fb88

SHA256
b05c3f5cc34b9b9e4a7176de0c7c3c8be69be97dba4013dbb32cdeea5a5d6127

SHA512
fc689671adfda0b76ee2db8567e35cd00e030daa6cd70c2a461f652ba6221d62d847776b88fd3f85b7268ca9d6e98814f9efaf5cfa02e1d0255a4e60ffd56be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ec81e81f7463b79e4b1c648a2a20de8

SHA1
e2413ed97b9b5b11359dce71562ab59727d87e1d

SHA256
86716c5238b02fc64a4048dec975ecb522063bc4290b99a7b0c2368f8ebd6745

SHA512
1d0d30169c55978f96fa3cc2a6c9cb8dfd5241423b5455ebd42a6635cd5435f3e1bb718faf9d096e3acfccaa797e37c427a4dbd9b3ad20ba92dd77aa8b5ea9e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e8342365f758b75e2c217c7dba27d2c1

SHA1
f64eff6cd51eebcc03d7e06f3b0091a15b9edf81

SHA256
7f3589ca5827ad7353bd427eaedc9af46fc7242a1c59f862af1408f06514a1fd

SHA512
e8fd4a6868d629eec82fe9bc5679219346b6ba6f11bf1515cad54e0865fedc54dbcbdeae84dd57392614f00a3593d28ace03a35b005f2c70da05d443ea8a3b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a1ae.TMP

Filesize
48B

MD5
39035a907d086b305915776849599a64

SHA1
2a67541acce50c921195dd9709fd9af4797da572

SHA256
203b3bc9023eb149304a3d259380b23d9f68ab3f0b881c49d3699238353a535c

SHA512
c95aeb6033f48c4fe09949ad38b4fb336a7863d3068daaf77648428f50e0c86b66ac3f2e4700c02dda4b2332a1905b44e8f98a54e626975ef6baf64d2180269e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c86c19180f252e30b9db193dc7f2c7d

SHA1
240688914703277389cfd2a92033db8239364cad

SHA256
4b047ac17e12744fdc3e00d95d868c7dd22ccec9ca76572f9641fcda28203598

SHA512
d8cd7b2caa96c8af2958778ca8331ff26a7f99282b05ebdb5227b446f6c98d7e86086b08811595568216203b8f5038936a350dbb067ec8fa706766a791d2b78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6109c27c76bf097e7be09f14b789aafd

SHA1
1401ce665a31e3160a0d954612de7bb8ad7f55aa

SHA256
c9ed6e133fa2f2c631c17e744bb25043445918bb8b988e6cdc248c3ea08454dd

SHA512
01c3f46e99b2434786b50645627a061ebc5b73243fd08bff5810d1a054da94d455ec1f5435acf4faf1b02e8148564847af2dcdc6562edc9f05a2cc00e38ae46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579f8c.TMP

Filesize
1KB

MD5
204f69c7fb509614c4d9570a5e06b5fa

SHA1
1799ba578be1cde3ee3fbeeb211b9183bab8ebb3

SHA256
7ab83803156ddbc729a5933220785af61f1f44705a3771c3d3ecfda34aa5063d

SHA512
ad391372cbc761b87189b620527757a5865d92239647b42fd1fb432dea1bd776e1c1bb643021a90459c424941ce7edac9f72155819adbb14f7eb77012d53e322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9996958-2026-4138-8ff3-7af2ccabcdd8.tmp

Filesize
1KB

MD5
f3ff8c742a6e4e67f28d0f422e4d6206

SHA1
26f25c21318c8409101cf53371c4dba705087061

SHA256
7c89aa2176bd3d6fac4c5fa127b6e1ccd2fcdda20dc3fd36137091ad271515f1

SHA512
b699c737070342226d5583a106813225a0cd5d22bbfbf2d5e0d223ac3bb59a24350fdfc321d38fc280ba8be576e9b90e9522bbc98ebf6ff96704a88606e9f43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70be85edc1f3031954b4eb6b7d396c18

SHA1
c20c6ef421af976857987feaedd80308ccd81f09

SHA256
1667232ccc1fa299dfd304f1f159478a1ebc17bf5708ac2a3ecbab20804d0726

SHA512
56ad1a8541f52bbc47a487b78895196da30714d53a3a349a69c2df55a62f1d60bc664f2a461c5812b079298e4457f480181a2429e0e2124299e65a86feff0a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8923963fbbcbc1f7ae07faca73d18e9

SHA1
68ea8cc10480d553006e197992594d40861b7b89

SHA256
4615a57892f79351fea3af1400b31c3aae425cad1f8ecabe59673be4c25f19b2

SHA512
d3ab10a79d98f00bcbf848094d735abc9ab0e4ffcf388c52b19185fe1ebaddba9bc7632e4e99a4d957f1bb419fdf7aa6c8310d39d0d2798aebbf37662cce0d96

Download Submit
memory/6140-306-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-313-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-304-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-305-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-287-0x00000192C1870000-0x00000192C1880000-memory.dmp

Filesize
64KB

Download
memory/6140-307-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-308-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-309-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-310-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-311-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-312-0x00000192C9E80000-0x00000192C9E81000-memory.dmp

Filesize
4KB

Download
memory/6140-303-0x00000192C9E60000-0x00000192C9E61000-memory.dmp

Filesize
4KB

Download
memory/6140-314-0x00000192C9AB0000-0x00000192C9AB1000-memory.dmp

Filesize
4KB

Download
memory/6140-315-0x00000192C9AA0000-0x00000192C9AA1000-memory.dmp

Filesize
4KB

Download
memory/6140-317-0x00000192C9AB0000-0x00000192C9AB1000-memory.dmp

Filesize
4KB

Download
memory/6140-320-0x00000192C9AA0000-0x00000192C9AA1000-memory.dmp

Filesize
4KB

Download
memory/6140-323-0x00000192C99E0000-0x00000192C99E1000-memory.dmp

Filesize
4KB

Download
memory/6140-271-0x00000192C1770000-0x00000192C1780000-memory.dmp

Filesize
64KB

Download
memory/6140-335-0x00000192C9BE0000-0x00000192C9BE1000-memory.dmp

Filesize
4KB

Download
memory/6140-337-0x00000192C9BF0000-0x00000192C9BF1000-memory.dmp

Filesize
4KB

Download
memory/6140-338-0x00000192C9BF0000-0x00000192C9BF1000-memory.dmp

Filesize
4KB

Download
memory/6140-339-0x00000192C9D00000-0x00000192C9D01000-memory.dmp

Filesize
4KB

Download