be40d740676a8acd3964da73ea1be87a837feec88e3c58a92494640093b78dd3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 10:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d3568ee04356e012a281884a5a1e9bb1.html
Size

430B
MD5

d3568ee04356e012a281884a5a1e9bb1
SHA1

23ddbd7216c2e79c99a1132c69ecb06e92a8b029
SHA256

be40d740676a8acd3964da73ea1be87a837feec88e3c58a92494640093b78dd3
SHA512

e938c5cac98b94845b49b96a108460891c37fc1174699d2f3b6ea4386dc4a473127b6fe6d4e43b35b6f00253b77de71d881838ae5481c705f2506a4b09f62897

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2172	msedge.exe
2172	msedge.exe
2792	identity_helper.exe
2792	identity_helper.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe
2564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 4204	2172	msedge.exe	88
PID 2172 wrote to memory of 4204	2172	msedge.exe	88
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2232	2172	msedge.exe	89
PID 2172 wrote to memory of 2004	2172	msedge.exe	90
PID 2172 wrote to memory of 2004	2172	msedge.exe	90
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91
PID 2172 wrote to memory of 2180	2172	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d3568ee04356e012a281884a5a1e9bb1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac76446f8,0x7ffac7644708,0x7ffac7644718
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15281713566212049906,18192689514609875245,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
7e3a839675306b24e5a32b20efda31e7

SHA1
529fd41260666c9b5b84c575eac9e0c6936c0008

SHA256
04253c24e4c3d92ff6d2d4fd3c2e1289f30d4a6c1cb577f348101c3777738252

SHA512
477268fac12aefb97f7b2bed9e85cf45def49060ffff01e3fe64998a7f31a54640e67c7b6ac7974e1f94e9e3677ec6e5523bcf30e346d57ebf9eb15b59a126c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b7b7bf0a0c517c5260a305aa5dd36989

SHA1
6f9ec3fb76256b1e7cee2296df0ca58c1e66dbb1

SHA256
65fb4622e50218956a85366cb0d82a0030a628f53ceca5f4a903ab211ed7adc3

SHA512
af9bcf199e9afa9ef6d4a2cbcd1a5bcdd01a95b2b75cfd3d3f9ff2f8eeea4c1a192b14e4bf49f68d21108b1cf6f0d5471f4525f0d028109906260fdb2d17ccc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wheebsadree.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c396ca5e86f1cfbb90e754a398bcb3b6

SHA1
c9bdd2da88702f3560cc8fa662134ebdefeb80c0

SHA256
5be9f719e2fee7b1485d11f812aae0899d600a8c1d49c2157598423062ee7d0a

SHA512
9b638647138d6530dd75ff9ec54e7c1b4da069eef3ba2c62388d61da6ce412cf1ef1a0df9f2ce38ad735ad9b808537687b9759ae740f366eb5c29114f6461d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bc7dba3037d1b86a95f4587c0532fa6

SHA1
0a8ec737346cd849692ce16aa12493f8bba51757

SHA256
a7244e6ca16ee94e477bb3c35c275ce6fa75587e1c4e7d94ca2c62c3489a5ce0

SHA512
3bf80d494d88fd9c98ae0f483339853d8ef583710caecf3d23677d3d409221e64b05c81cb5be6c8571ad658c731fb81c70405cd0aa1a7cfd4b9db582a5abff92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebc97e1a4cd6442380a6aaa4e2c9fc42

SHA1
9fbf839d1e145eb7bafaa885d59dc2329acf50e8

SHA256
be6ef19d973215a0244aba931c4b978137f67956d8d5b420433b2febebbde5e1

SHA512
331d2785d83a424f800319bcf601dff3bb4a261333be3ac868edc6bfb24115241685f74ef0d9d7cf59dc7a173cfd9db57627500c090bb4d5ba96eec1046855a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fb7354477607a279caaed985b4e43d3

SHA1
7e3ad0c37a69d27b0fab6e10a1b540c2bd9cd7a5

SHA256
2202474f44427b9fc2b4bc193fd7f3cf5e8f335b6beb07397e0b91dfdc737cad

SHA512
014d6258aa68ae04273ae8e309187294c45eadbe33c04b8dce99324f6d75911907e1ee5bc3d318c9fd17621f0fdd12fe716b2db6aa8d3deb701e24fb06d4b4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8f0b0e81044ff21b613c496fc3171d35

SHA1
7a27ce3274da93c573ee4da9df6991b736dfa3a6

SHA256
b4adf89aee81424ac777f14326faf441a30a0a72b166a22ffb0ed1fe6e94ac5c

SHA512
f84d57513c68ed37a3a09430344055486227fb96cf061eefe621f2824cf0410400d755712316424187f0fa1778906645431b25450e904604c218151257dd0eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ab42d4fe76c9ef50550778e5a4e5bc4b

SHA1
ca5ee9f5820ca053da6181b4b9aa7bfa1f8b73b4

SHA256
43a71d0924c19d54bfd5056995516f800f58bf0ecb60f2dd3b0cf4c5b05eea9a

SHA512
48acd88418c828ae0e501c3a13f2860e40865a0a834501c7f946c93eb35e13e1e87ca7cdfad8b945bfd8b9a5775fb62b4f128e8a8ae743e0474b042108c27690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a141.TMP

Filesize
48B

MD5
e2272552d259de690a582ace085b93c0

SHA1
20f678a9ad502ac3b2f1b96d23fb96e7595e7a44

SHA256
60682c2a9592610669cf63ed8e0b28fec0743df50606adb3a27e6b61af9853ca

SHA512
26e405b7b9108da76308922f6f4a6e1f45cef7d3e2f5264259b4c3dbd8f1a5b00a6bb90191097788002585c40ea5390eb712b58d72425d3ff345828d491dcd05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c299a31ee091f5a1bfec3b3544c8827c

SHA1
ea31ce09397ee511521ebf9a38777070bf9ce32b

SHA256
fcc3454a90b4c83ae6a44f78a15367da6a05be58df59b53954d1d89c379910d6

SHA512
9a0fe8638f87d275a3c3d0f8b6bb8792c7b33f81bca625b881358b641e4e7f8f26d0df11861fe4f06b3dd8a499b7b9cb2f8dcceef39b0758e6b508f2d7ccd00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc0457c8b71eefe841daf5a93cc1cba3

SHA1
89721a69d23b52176a8165d030e036ce79f93495

SHA256
56f8ede81be7f45ad1facec4d505e54a48e8dc8dc319c768176eed850553c2a7

SHA512
d1590a4c5b0e18988e028a6192cbe38a89657654669a42e96e18a2a19ef6660cf990b91561901e29fca69e0c83697ad75bf0024ea2e2bcb2e28655ed45867655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bf4d498465086768c048a712c1ce0582

SHA1
d1ab15b907e37a215ef6a15afb86c566279fe8b4

SHA256
b6d857cc060fa4ba525eaefc18bc709b30fc821f3ac8098599f1981178ee69fe

SHA512
770ef565ac76a357dd9ef912817a5725d324306a9804a77c4a24093f57bcae64c3ce7f4e600f76eebbc6293af5e00c618617aa226225fed358cce1e263f4857f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a028.TMP

Filesize
1KB

MD5
cb71e452ab4dffb9d3b08f0545b0aeec

SHA1
befdfd479bf199a311256bf291c6288373755f49

SHA256
dba5daa492c4bdc8f8d9a831bf92de8d638f737ddf823de8a55e30bcd302f0b1

SHA512
4da97ac7d27e3276e516e73b848b15730752f6672303f873c7490a0a980374a17e715cd91566bca40aab4ab9cff00fed4d7c06e23ea80eed5758100a321ccbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
717b3520cc67a9811a3761fc7fd5cad9

SHA1
9f07ddb1e878c4cdd2bf3283b47da4dd7c5b3b4e

SHA256
d721f4a30c36b82714083ddf69f2b6bfbaf7aba43ba5f9faf98611655fca6f35

SHA512
e43189a4f80826782b6b458fdbda6433da060424adc18e414510ac75c71a093b8ee8332cbdc9a2c42984d0b73eb64ab5aa2f7361f2f96194249e32e03c6197f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fdec43a7988682cf2b0b4bcbbfc1bb94

SHA1
9011ff461f433895b02b03fe9d853890dab2d73e

SHA256
16c486d28136fb58da2863a7bf95af08ba259874f9df25b706c6289fc4883e67

SHA512
ff41e142c1eab5ce0f3c083580fe9eff2f5b0f5c26c3015c0f6cc8dbbd29028a63101b970a644ee1f86e1b9ecc2f951b55196760350c45f85ced2fa3549fb1bf

Download Submit