2eef6a90ecaa34f8f78bd25afb606f75fdab4c4e558df34ad897b0eef3f4cc8a

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc338d40cd97a1042faa2c605db8f724.html
Size

430B
MD5

cc338d40cd97a1042faa2c605db8f724
SHA1

f8e7e6f3cee5ed77fafa713e65d3a67029d8ec7e
SHA256

2eef6a90ecaa34f8f78bd25afb606f75fdab4c4e558df34ad897b0eef3f4cc8a
SHA512

ef1e9d99659aba3290f7b97edfe94d54d2373721d224feaa1218c2ad0b74fc538c2d221db76d55dbbb7df79e72f99d3746ac5bb38dedd36412e12c6420c16fef

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4936	msedge.exe
4936	msedge.exe
1972	identity_helper.exe
1972	identity_helper.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 3020	4936	msedge.exe	87
PID 4936 wrote to memory of 3020	4936	msedge.exe	87
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 3252	4936	msedge.exe	88
PID 4936 wrote to memory of 4324	4936	msedge.exe	89
PID 4936 wrote to memory of 4324	4936	msedge.exe	89
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90
PID 4936 wrote to memory of 1616	4936	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cc338d40cd97a1042faa2c605db8f724.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8131946f8,0x7ff813194708,0x7ff813194718
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16885059825734748384,11775792226718819328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
0cb3ef45abe5489c032cbd472a58c6a8

SHA1
37ef7868a4e0ba4ec813c702aa3687a3a14b7911

SHA256
e80d933bc174c03f0092635fa790a7e1bca281ab573267490342a494599cd983

SHA512
8dec599527abaaf54da3714428185ea3932ef8e094cdd5a3a9bdb85be6fc8b457db0deac9f8a12ca94a12e419b481ca99ae34a2cefed9171cba03a7f5654969b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
cdbc1a9fc47c82719cfc3a58e5afbf0c

SHA1
0fad753736f97716dc08c7c72254ea4af9354dd8

SHA256
00e1866c08d6d73ac8b0cebc382cc110ea193b61bfa400120124554f6c12c6e2

SHA512
38bae231e34660f8d04ebd16b7fdd3a5c66138d749d28d9a38291f84b985583393039125b0b89b71306cb8478b5ba400644cbbbd1cd9b8cd14eb569581e546d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wheebsadree.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b05b2f29217c4bb7b41539a6b2be8623

SHA1
15565eaadef66efdace618a080c54070b045823f

SHA256
2e2b43df612d62aba5509cb03f77bdfae95429a2fdd2d927305e407b057e79fc

SHA512
35bf569ddbe413bd8dc3026345e05e791142b53456398a30252102eb15867c28ad9b37c9dd81342dca04fc38196546c040c649c8198c7f02565cb7e89e5f3e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55ae3bf5b462709d9db8cf90c1a6610f

SHA1
1c330cd8ffd02db58c0223ffa3aec4ab6e442d4a

SHA256
370b117a6baf8b526f64f4583619f4bee31a04b9c326821dc586d21b57506393

SHA512
f63ea684269837d5d14009ceecf5b01b57706292dd0cbc21a1476234cc49c899244641d25337d507747790618c73b813da35b4b432bff211ff021c736e6e17a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f789e617698ec606f5d958907b1fe0a

SHA1
1ad4cb0350fe37b46fbe7c78497a03ef870737fe

SHA256
00840e93548cf975a73d69c000f3341551908002b7cdfe3a8d13d2aa9bc3f901

SHA512
67e48aeb5358c6004d6ece9741eea9af7125a66d92988af459788d13e37c9c0636237fe44c7ecf5c717d0dcf073395f833aef060858a5ae81cb37b22257a6ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
711fb17b396a71b3aab7ef181f8a8147

SHA1
00b15eb27c2192a7824816f9f7fb70b63a553a75

SHA256
270c7ffa415f954a2431abe7d02a0d4c246c37a7d053bfdcfd90400c31e61445

SHA512
03d80fc83c9cd63fcf3227a134bcd7fc71b8228b0f7d87384ba54131451a8f97d9c47ffd2afdf3471a5035a148c298ec7f789941dc2eb0440ab6abe5c54ccc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b75a80047be0832ee6e78ab5c9d1a7e

SHA1
fff89a31bc7bf9ed5e1557092af18c418f09d47a

SHA256
7c6bef7a10a2cfebfc73a0fe30ad08f8d11cb19dabc9e4e45def15e079903e3c

SHA512
07d3f7974994faaddd197c6a2a4a728584f4c9924952b5f92082a3cb60512847ed9f358d701802f5c4d23f36b9984421d9ff5c4ba3ec311b2471e6db530c949b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a4845046de19feac3612ecb2f38d3447

SHA1
1807cb5827906192db1377764242b70f8b472be3

SHA256
69ac4f26c7f015bd989331291c455ebfa65df0ba84d8ac7100e65ffb3c08ceb7

SHA512
46b234cf6ba7d13c1bf9557b46f997e85526080caed48c758edd4a3aec41bbda3b9128b1fe375f2f5b0ad2fb80f9c5f9e43635ef46da2eb0497c844d527d8f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ce2d.TMP

Filesize
48B

MD5
98c8cd78b255165d07f511b7a67ab9fa

SHA1
04471e9289ed8f068610866938403d2e1e3e2e23

SHA256
548b8a94b721bc549ed5698cba2a54155c130dd6787cbb4925c2594c0c3ab5d6

SHA512
ac68c98b073baa53777aa9ce7818b970af50da238aacbbd6ec19f9e2d4e7cb81f60a2f620f59d198fa6778618c4afb709ee2234501c3a066a177ca0bcdcc2ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
781430baf7ed0800b543a9c50de4e8c8

SHA1
336d53f8605614a92495a356b00efd35c4f7d8ab

SHA256
fb79fc930e3ff72def6921420a2e4df699178cc5daa0331318d2f19bb401c2c9

SHA512
2dcee309517e6d546207f08537141dc065882fd582d897795e22160b108030c4d623728dd6d338ec97b29e50439f352ac5d9148a5a70879c885b9f0277b94fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aedd718ed103c3fe739c2ab90257e400

SHA1
91905e2437ee40f0742978f340903154b97bdfea

SHA256
7df5224eccbb160aa18a1e68ef6ed8084742426ef4039fa2a91efdcdd38b8fa7

SHA512
52c49c25da6aef781c11e9d42051691015203ec313e760b1c921bbab66dc25387c76679f7b48df3eb8106812f505231198aa2749619420dca9e386d43133bc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
383ee1179f63962584573c076fb26bfb

SHA1
074e825cad1aa819c1bbe692f721a29bfe13d910

SHA256
b9f8adfb6e00458d2ecdfc6ae40e771a638675339b1e97739cca96a7a9a4ca35

SHA512
bbf65265de3af420ec99134bd9ee311a12344813622e39005ac9da787739436ec0db2faf5e4dc3b23bd15f5f36ca8dd5b646cc9b09c613a260ddfe45d13b1997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbba.TMP

Filesize
1KB

MD5
c7b3c763b2835d37028a68ea912d5429

SHA1
55407ab127a181499a43ec664dda231d9f6acbc6

SHA256
50b7a9ed48498c6d609abebb7eccdcd9143b830468791bb34018e0f8d7895900

SHA512
7e5eff9012763bed35ba4662720276774a343ed9b5977d2c747c4b17d336532ac3a1a0450aff45b468d387a83d62aa4acd41ef5bf20c222a19f5b11f9f0318d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15cbb20e166b3d1f71ca305166a280a0

SHA1
dca86a97eff60433ca5b3430052d42376d5ee30d

SHA256
41df2e3e009a72c111e6c5050d2b047037e2c21854948a5c46e0da3d47b5e97a

SHA512
469cdfc857475642cef35e506aa2756aa64ba6c5a253f8eb9519c84c6c2bf59b8facdb3d5b38f6fac757a21d97bec0f88c8f5ffbbf28a1658fc07d96e38fa781

Download Submit