7c0944a1b6a2d81de58ca21beaaff03c9c7cffec9610b42f3614a27e74eb4a61

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6a81b799931cb2d2b1d3149e1a7efa2.html
Size

895B
MD5

d6a81b799931cb2d2b1d3149e1a7efa2
SHA1

38db2cdcd3c4097c62863a2722e84d376155b70a
SHA256

7c0944a1b6a2d81de58ca21beaaff03c9c7cffec9610b42f3614a27e74eb4a61
SHA512

d8cd3ffbcdca6bb57a659d8d8724726a4e586d5ce38abe8c2c26dbdef0089f3465d7d9328be0a9ce22b4d0653ba19f10fc71b98bd05ae13ac1cce259caacfeab

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
4324	msedge.exe
4324	msedge.exe
2816	identity_helper.exe
2816	identity_helper.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 2860	4324	msedge.exe	89
PID 4324 wrote to memory of 2860	4324	msedge.exe	89
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 216	4324	msedge.exe	90
PID 4324 wrote to memory of 3988	4324	msedge.exe	91
PID 4324 wrote to memory of 3988	4324	msedge.exe	91
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92
PID 4324 wrote to memory of 3960	4324	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d6a81b799931cb2d2b1d3149e1a7efa2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f44846f8,0x7ff8f4484708,0x7ff8f4484718
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14018082379023984920,5019931551442023248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2298157807e95687d77082c382c9b19c

SHA1
67bcb90e3d0d5da810b3caf3007b1205dc25eec2

SHA256
e83c9642ab236a96820b3562310f5fc4a0f7174212682cb38726a86687fff10c

SHA512
08f88f6df2735d67da2fc850417332ca7785d6c7805aceebeabdc6ee6e49cd29aba3da80bb03390e169b80973199c9c421517da88b863057745dcc0e298f3a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
c81df8efa5f627a87ab68b8fada11eea

SHA1
2c57fab12c9d1a4bf341b2514f5574f976cef89d

SHA256
fff2e0595a8c2a4ce4f6689be064730df2977bb67282b53811d1fce9c4dafa74

SHA512
8aaebb51d33f832d36a2e13bd2ecfd482836c815b8596b2370541b620e39fb3e98782711ac0dd5d31e4fba83a9f163a0312bba23166bbb4116b05eeebd3c07fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ovussaul.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_wheebsadree.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
019ade0e964dca3866050afbede5d5f6

SHA1
247c02cb760b2d05cf3eede53b50377041a88150

SHA256
d6a016bc25a3af0695baa6ab24cef50d6ce09cce12ae165be479e6e225a48e38

SHA512
0f48c82607aa5bccee8dabc7f45a8bead5690ede2fd3145f0eeb42787dd428ecb5b73b9846c117fdfa4348bbaf7d8b7ae57bf0f3848fd04f4ec2474edfd31621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34a9d53556796cb404ca997358275812

SHA1
23b487e5d9a9f9b19548036da55512a73aa4b5f3

SHA256
cbc3985810300f38f34b9d2f9a719e558e5e388115c9f77d23abb2972fee527c

SHA512
f0bc3ae881fcbedf7d7ef5023eeeb4db519fb931fe90e58ef095171e09e98af55836e395a426aa4c813623952422c0a9d2c8676320be2da1b25e508e444b6489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
50790c9712cd9585eda7e70dadf55bcd

SHA1
d69791c86eb2e52f1efe081793a234b6393b6792

SHA256
4ade43c5a20278b39ccafe18a81cc3f13ac66a3fd8b7e61ba1d2996b91206791

SHA512
2c8e6e07196c175e3ce5683b32fe46ea8c0b2fbb50f7124a3e27ef295066bcdd2a222a1850e9686d316aa3d3770bf9ca58851a2ccc21789078b8144075811064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68f329c2e10b29b6c85dbe8f81743154

SHA1
4e28c8a12768bce19ddfbf7c0dd7ee1b5c4be926

SHA256
2bb9787582eb938b138538981798e71a9c4a7ba3a285376553f217152649c09d

SHA512
38faf9d6e95e23865e4870accd80ed13c043a5ab20cf0b73fb392da1cd5bd8377074c3bf8b07738f531e109d8ee3598b0a766756e0d4dd84dd5cbca07516dbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1f7ca4d868e6a59e42541a9397aaae1d

SHA1
5289b4003a9d15b88cdc72279cb480cdfadd6b92

SHA256
32037bc23ff0877f97a223abbf620d5b39a4fb81af2908e55bc3b49d97477fc8

SHA512
fc89ffd8c168e1f120fca869540b381a872db9b0fc62253f52b46294749efc190b9848fc8cc24d6565de28cae4059d8b30544ce7641ac1f72281b8d8873c16b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7c4ed043f7cf1e341a0f14aa17ad5285

SHA1
af69a96ac06d751e2c2617df14ffc5df644d6bf0

SHA256
d64000d9a47de77af55434ec43466fb040463445b97b15cd1115e7a8d22dacab

SHA512
5c2d5ea2a6328c271c6e6cfc4fa8e0b99fc2bea81601eae4b35ee274b423051e10425a3ed16003c72c2c09ff407e2067ab28baaa13805ba611a18db1cec89b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579904.TMP

Filesize
48B

MD5
81cbc69f727585cba5afe0d240077609

SHA1
d2c8949eb18d7c6ae17affe761c644a90184b323

SHA256
46eae7970995f5efadf4fb879a5f7706b26ee10e7dfcf3a0259d0cd550fd83a2

SHA512
492d461533f255a1d3f43f57fe20477350d657cb2e75c88881252c6cb751905d514a181668e23184c96fc697777ad21e6805a1d9149ad84f3f88ff5dbfb310bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0633fa97eac6d1822ce49636a04814f0

SHA1
4c8091b3ba93faf1cd95c6cb937577b89a872d34

SHA256
606c29a47bcffdaa187a1840e0b3fb0c2d76eb6fcd27cfc53c4606ed65c7fc14

SHA512
c80e602a49c0990610595fb6e0530620174c4bc7f4eb42d3bd265812340628c8d58e8a9cbe5d21a9f989aec1ca2331a664b0b64d643897b8e8fb624aef3ed9df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57df15.TMP

Filesize
1KB

MD5
7e05bd146c528970b8476b809bcb18ae

SHA1
16d5cad690cb19cbd89d698a29078b75ab8d88d3

SHA256
054de27853372fea6fb3fadce93a5ae5115c6fa3573c9bdd04dedc26f75be7fc

SHA512
bc55486b3849d376aa49c1013907080eadae6d3f84aa683ccc0e7686a36e70fd8e666f9ab288db802183c674fe3bbe234a120c24480add0caab3548d544c1166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f9d9b485ad7bb92defc5a3e77c4ba54

SHA1
a423507fe6a3ba97616116e8e259b871f7ee6d64

SHA256
a3351252bfc7da66e85abb61f39fc8ff483e173441b8e191faffdbebc4bac7fb

SHA512
662bca62e023b5c3b70222e5b56e901a16c106fece5fa8b47eec3e09a38c112708bbac97042ed7e654883d2d25b9ddee19f51ee70d0205ce5195f612eed382e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
475c2e0bc8ccdd5c43da6874192a72ad

SHA1
35c00657f5d0d671aab2c5750cb5f6bf712664df

SHA256
c710cc7230720c2b8958f6878e83a2e485dd3ad2e83f446aa9900421a5f10c1b

SHA512
659f5cec99f878f0245997eec13bd430352a22546bd46a218dc4cb48ff2b7f2354918e7cdd33f2252f9c4eced2dd48b2faaf29d476747f11d7e0c7d4aa220be7

Download Submit