561509ff36b4c4fd0161ea3c96a22a37973e9954e754156029a9b94913f46064

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d37696c0fa5275e5c8e2ce467d5f36cb.html
Size

432B
MD5

d37696c0fa5275e5c8e2ce467d5f36cb
SHA1

b15987a9238577d1b20563c3e8689feb1d7ea3e8
SHA256

561509ff36b4c4fd0161ea3c96a22a37973e9954e754156029a9b94913f46064
SHA512

6db98a2cd11d78910cbd9c62c3ce4fa292241584ee078d141eaf7f8cb49fb76b738a292a406061018e397b188cb1bd924d740fe1831f3390996899659d27a0f3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
3600	msedge.exe
3600	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 2172	3600	msedge.exe	86
PID 3600 wrote to memory of 2172	3600	msedge.exe	86
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 1748	3600	msedge.exe	88
PID 3600 wrote to memory of 4868	3600	msedge.exe	89
PID 3600 wrote to memory of 4868	3600	msedge.exe	89
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90
PID 3600 wrote to memory of 3660	3600	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d37696c0fa5275e5c8e2ce467d5f36cb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7bd646f8,0x7ffd7bd64708,0x7ffd7bd64718
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5643983605399664597,3159549198761632451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
3a49e12b440b26e48a17b99ff88280ba

SHA1
55c3ce031f649ef2311ea2bf390f8156adbe0bca

SHA256
9d6dabb1e118d519e86ed70a41efe5192e99b2ee015396849912f37933d30676

SHA512
84a8ee08db3b3e47042273f401b0c4ef4e526996e3c2fb50c2462eb2b7eadb4921e260f8c90a42a2138e13301566b5d33102a9cecff1482504cb937a6ef5b43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f79b7466611012ba618c083befac8c6d

SHA1
723f735a6935216a0f5cb98bf7386c522c23cff4

SHA256
e36e04bc7034d0b373e9fdbf14fbd7b37ffbbac2a85c50182a5dd0a9f3517705

SHA512
78a46170fcae8b1698fa61f4202ee162b921ac36881753acd14c6ba79654f71cbd50a4ff07c6cab8433a20c686b2e9cce95d7ce491b0ce9d1a748f9af1fe2816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wheebsadree.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
837f27d0f27c4d086ae893bfb4b46d4a

SHA1
eac21bbb1175f0e8a10186e91b0b29005520a35a

SHA256
69c1727e241b9db2e8f30d90dd48b73de22892d849f2a320db49e5a21fa626f7

SHA512
33bfc4841d402d4dbdd992d0f14fa0c3bc04305a9dbcbb81548707b81de5b67c0d6fd46916c30e24ee65f0d25ddb378979f90acbcdf7ab861bcd7c30c7e4b893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e3a470e62091559c651462a3e518451

SHA1
033a464bd3049cec0fe957372b820167397c83be

SHA256
033b590e6755d831f0eadab776e5a497d5f07a5bee1419ba2de367d3d66ecb36

SHA512
dcc772932a68f9c79b9cc62691d61d8cd52d979212254dbd020df80de1d4b41d9af95b0ef4ba7a9968477d656e37c7dece9d2e2343557226d5409cc3bd309639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dc0e4fb4cc1351b824a33840150be38f

SHA1
597f371e95e1964042448751d10865692e6f47ff

SHA256
d70487322e3c48105ed5c167fe1874eb42077f3910a945c55fcaf56fd75cce02

SHA512
58e41d8798d02ad8b6b38900dc010435b45abf8d7cd96b7d5e0ef77e86c4393ee0469b8758fe4facb145d61916c792cd24c9aa4c8bf0837fdb37fea3a49f7268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1de7f6892f0b5c40fe675fb5b876fede

SHA1
eee27be6cc5a83d2f5dd5e824fab2c7ee3ac89bb

SHA256
8863612183d3ffb887f5f47126a8c3d4d50ef0133e60589a9808b07ea20a0d2b

SHA512
fc36a15b5a642744e22a056d69652d144763a0c2e47733f3c6faeb7da3e12008ea4aad161b48a006c970a901e32c9a0c3625375644e9e390e7dd08cb5f0f9fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2d0f37ca4a61cce486c0086d360b1f6f

SHA1
ca1172cac01269ec3d4ac4e6e62fc0dd3f65f07c

SHA256
345c0b1874aeb5631af77abc739a88c634fe613aac891dd0e7e752d0f89a7fce

SHA512
ff3a779c01095760088af7ce088c39cff7c60d09edcfe91085e807be893c4b54fc49dee2a85cf29fef82a2a7948090316c0354584489c0aeb053f7cc77e6c727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579d88.TMP

Filesize
48B

MD5
95fcc26e4ca53eaf8a3951aa4f2f5aba

SHA1
1e2508819a2cfde66b07c011a5ff925130e8c444

SHA256
757f497b8a53c1530fff44ed55bf3d39247c76157809bfe510be8429c75a4493

SHA512
36b85972d90d97732748a0e806c79f23d7d9b3df05bc34cca131128af27a31f39f874e11f38b4fe70b96576a5f7853dfaf92b5258bc519fa4cf94232d38b0386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58a7c8a1ae506d5e021302b43bfccb7f

SHA1
ed416320a7d005c14b8ca20483a65a562379ca2c

SHA256
2bfc120d094bf3e4194719d99c3d0d2baec3ef46a8a36b927440516522ae0f22

SHA512
d69c60d0a6748194d2e8850975a9f6e784f503e1f71b9bb6958e2d90e07e595ba082bff1c1f08bf315ba24d08964a059663cb2600e9a3692061ef382e75abe8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
631b5ed8a71fc240070737648d0f09c4

SHA1
964f02ae664d9623ee7279f2b23f6e14b3ebd7c6

SHA256
689ea01fd53245735641f884415c1ee5bed56b6c70a551d42fe48526101576c5

SHA512
5ddcd68b0069f173cd18437c0435ebc7f6778c647ebf13cc86e1f9ec4191f706c44fed2bca853223e027e54bfc426b24cb34559ab0253143b386c04f8f64b460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e501.TMP

Filesize
1KB

MD5
c2e5ffea3943eab262e43c157f8be45a

SHA1
ba9e652775a32441be53a92e3cb2861bc72072fa

SHA256
54271d13d12b367558ff4be365160e08f8c8ef226763cab08b3641c45353c979

SHA512
9dd298fd983742ec0dfaebef44d20464e7b5a89e93883d22d3e5ce00c6e9f6f1c40eb075bc478e585c9ce123d51c45d6f4a3a84710fb98f7e19d7347e3ae9ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b513f972bddb29052179db11daa95645

SHA1
de0fddd425cb8e954cf1aec5eef6d41686b441b0

SHA256
f2fbec6c6608ad550ce56593a045a34abc8f1681b05e73457ebe9e247aad6ff0

SHA512
1810c6243897e2683ff447f1d38e3eae0e334369b368f54c06beb8be996055022d5c9de15201d51613348e4a5fd2cfe7ae3fc91044b5802a61b6c658f4dc013a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67fa32fd0b866ae1f360f4554d0320b7

SHA1
d774010d098f6876587cea64bf8dbcb34af92521

SHA256
dadee85cdd5b6933e3a50b27995f5441ec686fe0526b55f11e7c0df510b196f9

SHA512
957d7534469d749198ec78540ada20cb0153d71bc9600692dd65d13b961a6ef4d833b5766cdc9f1c4cb37da4ce8c2361c149282e767e3c2f6011a1b80c0bc7f2

Download Submit