9e26bcef7a7f1fdccc6a85e918e04ada30d0bf80ff3abb00f3cfcacef5d7fff1

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbd4cfa49c17cca735bb1cd86608d3ee.html
Size

432B
MD5

cbd4cfa49c17cca735bb1cd86608d3ee
SHA1

5e76ff246b466a75be43d84a909eee258531a3d8
SHA256

9e26bcef7a7f1fdccc6a85e918e04ada30d0bf80ff3abb00f3cfcacef5d7fff1
SHA512

6c7df42ea823c7be328a3e0248f395521731ed8b6ec26741207c90aa304839a52b748bcf6a5881380b6d9ca647f3ed00a861de9ed749fdd27718934930d46ba4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
1036	msedge.exe
1036	msedge.exe
1392	identity_helper.exe
1392	identity_helper.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 2180	1036	msedge.exe	88
PID 1036 wrote to memory of 2180	1036	msedge.exe	88
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 1684	1036	msedge.exe	89
PID 1036 wrote to memory of 3848	1036	msedge.exe	90
PID 1036 wrote to memory of 3848	1036	msedge.exe	90
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91
PID 1036 wrote to memory of 4088	1036	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cbd4cfa49c17cca735bb1cd86608d3ee.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8498846f8,0x7ff849884708,0x7ff849884718
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8249154735071691407,4243771879653087861,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2cf1e8728da40528c1134296dec09e78

SHA1
3cba4fab4afbd05fd3444e0cedf6789737cb300d

SHA256
821a96b0f9e33ea2367dae69a38cd92029d8b13c089cd8f3b6ef8960e4a5fa10

SHA512
bb0ab1108d15e8a6d56f3c3a2a810b23d37a65a78412bd5dc72c6573fff995f627f9e0227e22a8ff62a821a6684989b4dabd2eb85a3ebd404159a64b9302e024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
abf9f9f29d638bfe56aaba176e9e1970

SHA1
47ef04b845baef627b5caefe7d6b27f8c13c81e0

SHA256
a55aa4f314fca5cad0f967803da80a275a1fad2df1796fb9e6778479df808629

SHA512
c9fc5ffba381910bdb0a258dd63253d95b5fd449decbaba8814dca75171f2199a49500ea49601b3eef7e979a27f18a75034c5c36f593f5fa9dac01856b650f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wheebsadree.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6538d21b52e2866e4d2a0e1c510ec871

SHA1
e6e2e204fda22ea972f3f14e2431687a1eeffd75

SHA256
6647f255e42cd4fd2dd199e78cc27ee4e43f9a2304dcb26678431d1889dc87a1

SHA512
b4c32580fad6a04cbfe86fa4294128d58e262c45fd1eae093788fa1b3a061b1531ddf087f02e62f5a4bfdbf514f91d4c8282210d7068a1abf25cde64332ff8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9484ba5eb84e07293ff504919a6852fc

SHA1
da4376d379a2bc360d58493f296646ffab88432b

SHA256
f51b6e74ae5b14b9b8ab0a7d358c55914ecc304a9710993e7244bce0d448d070

SHA512
5f1ef866a539f69854a37ad33eff93de32dfc68d9d2932f78c96fb97ce30b3e1a69156992652320cb481f7992e3d49c5b5d6840bdd641d8e575f3adf34be1d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bef75e7b7352a0456e1b220314b6c2bb

SHA1
ec21a77818880934df78daab47d460e53542f35a

SHA256
2692b9c8b9473bc502873c1882b60358d44f2680422dfbe731ab1ffab6e3f641

SHA512
e376d816f6bead302ae3c2e2bb1d904a00e053fd49b4bd9c5aa743ab72ce3a9ab451feecbc0eb350d47740105a45758c576b7922ea35edd0660c5a53a2f5f118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a781e5f40f224262010e1a4656d849e

SHA1
680293f8d8ecf4831eb2d0b5e5fcdb1b37a59ab3

SHA256
415ea5a1464eebb57c5d559088b91a3ae62de41259d34fa5127dee5d8ee3c9bf

SHA512
09872e5858fe1d0ef5691842c70277e620b8d9f3dc6b475568e01d628f586c8eed92fbb57b14356a81b97dc4741d9d43162c71c80c2ed59fda480dc0acde0279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5f6308bd639c7152caad371e6ef5dd7

SHA1
4034d2f5035e300f3f42ec9f19cb3d67a4bcc409

SHA256
dda5aa38b6adb50dc499c2cff76bc11c958519a1e5a6415182a0660efc760c17

SHA512
07a7da1a0b0983c7596e98a7f014f0af1179079f2d138ae6c3b785ee3ce0f7a4c7b884eabedf35b749ac3d3718b749c3e4275ec1c473f17e6bb3d931b5b1156b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e8fafe61ab4159e4564384204edab1b6

SHA1
b472e450b2f0241477fcfdcb632d7b4d5a5a165a

SHA256
1124adf4438e20c49a11a7ce267229e49ed6b96c3d40db7b971a1dbc075771de

SHA512
0392ba7ee04964000b096532a37f080a3774f8bb2979af96cd7400155097dae4dbd1ea6fca421e169b9aa5fe083b0bbba396e0eb7c87f19ccb9c131993118dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec92.TMP

Filesize
48B

MD5
a0e2c7e28cc67a4bad2e65c3d053b26b

SHA1
2836f2e35dc28d67d72e9535452400cceef12ede

SHA256
022d4ce66424808a657e423ec0df56d1a78d6b89b42aa4b2daa388bcc69a7466

SHA512
f8267f24e5bb85ec531ed2d6a2c28aed96bd92483f5c7266be7c8e26a166ce10e32343485be8b5fcf3d6e6cbe59e228bdd12d2a417de461b0df150fd111362a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f475a0691089edcc1c51890f947d5c4

SHA1
71dfe4b7034a0440f1dcc1c4627fb5d2f64166b0

SHA256
8cdfbec1cd705984eb2aff7c8ffe3def79e48a1a230b1e9c4e9964961129842b

SHA512
5aa7a9eab59f824bb007c046540fdac3f370817aaed2c44ec7daea064b92bbaaced62d7bbd42493deb05222822f096124103ffffe22e69271c4841d6bd37dbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d048a3013ab2bd8be5dd0e703bfcc74

SHA1
666c05db685d2344199bb225a9e3323d7f6a31ab

SHA256
30def9cdd40e8e0bd6e7e1074ba9eddd6584312b9e66d412a2b32bdf9f5017fe

SHA512
2f6fe24a1fe38f2392772c73375f008a22b1992cc8936b59c7760edec3792bbd0e2e0aa2d7b90f4a7321599183afc69551b4031820c1580bd5624c4a30cd095a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
661105d1f95d30ef2c165a299247d3f2

SHA1
ff5dc30ac9f01be7dc400beae1de8da61e21159c

SHA256
892914202385a756248ea0618fee907a72037ec5cf0ae5e674a56c4b79436932

SHA512
40cecaee9cfe5f075ec000828a78a9bc640cb8707cbd2a3d6691253b53e6a31c9c777a2a976e9f3beccd87957b51de31ca7b66433eda45142b6e789b06c7a964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57edda.TMP

Filesize
1KB

MD5
4f52c74e1e08cd4ddce65f0bb8d82ea5

SHA1
eb3f9688dda7ae4ce94c40bfedb0dd82b3af8601

SHA256
5b3087b322b7be6e200a5865bc57bcc87d2a6c2e022901bfaa6fecb074bbf068

SHA512
7c9b40ccc0a39447273558293219d5e9c41a728ab3cb38d033a6256ab5e486ae40ff945d2316f5b8ac4acfef413a770be2f4262af8fc9ed721afe2b1d96b1aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
62f4cfc78baed3be3a0d21a96bc76749

SHA1
9570f2bb30e0ad5276cb40b559903e5417f8677c

SHA256
2f1918d695091aa64a6e4f04d0d21b9f3bc0f209ddca1d39f68d5524b885c141

SHA512
c89b9848f52962a7d1fd34e4ac9456ddb77398f202894dcd951dc15f58d23d6c9464a3a9056eb5ee747e0eb33627337fd3e9b88cf2c3721a70780b5d49cd1fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ea2316a405bba24ed4cd3465fd9baa02

SHA1
610bd0be97e958802cc43e4a3ec44306c1bf4132

SHA256
c63bf7248a90c51ee3b8473aae6e03b08b17f098e00ff6c5cf675cda2e145c22

SHA512
82b7469c01d453331b77111ff501c164fe8334282f84fa21a12ec190dfd926a90e7e321bea0c99ee56ee25d0637954b684fc636f7627932b169a286bb35896f7

Download Submit