hxxp://WWE[.]com

Resubmissions

09/05/2024, 20:01

240509-yr1essbh3s 1

07/05/2024, 18:16

240507-wwt3gahd3t 1

Analysis

max time kernel
2641s
max time network
2650s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://WWE.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3788	msedge.exe
3788	msedge.exe
964	identity_helper.exe
964	identity_helper.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 1444	3788	msedge.exe	85
PID 3788 wrote to memory of 1444	3788	msedge.exe	85
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 664	3788	msedge.exe	86
PID 3788 wrote to memory of 3104	3788	msedge.exe	87
PID 3788 wrote to memory of 3104	3788	msedge.exe	87
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88
PID 3788 wrote to memory of 884	3788	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://WWE.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa647046f8,0x7ffa64704708,0x7ffa64704718
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17557468210642553280,14570536650335807611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
112KB

MD5
1ebeb59f7a924ccb014010fbd19fbd52

SHA1
cf82c958cce5da51bc2b4b3197f536dfd2bc9c0b

SHA256
b241bb50961bc55ae02e0c1e1bf07afc5b9f8d34984e0136ad83c721793fcdd7

SHA512
bd877e726a602411e9d2a725238aeeb6032f66ee4dcd2b968ae11b1eaa3db611809b68062fd8379e2edff82cd5b2374d9c264f19853aca74d8c38486642ced0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
29KB

MD5
4db2f8051b79f0d63776a2c3774f8f5a

SHA1
1af63535a1b94e71c3b0b7cfbb0bb51ffb57e435

SHA256
4fde5dfb3e3aa5cf3dd8e5dccaeec576eb4b501f505ef05b70ca2c24e7dcc01a

SHA512
779e44d18600f07b9042b1e8eac9f0243561036c6e3b786236b0c972a24cbcd6f12b60fdb6cfc55e1912c6ccefc5c69dcc4a485e0f63d3aa2802f4ed904e2a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
26KB

MD5
cb9730521646fef01a3a198ece746240

SHA1
245b35fade029a8b7d6c732dfc79d38103fb0352

SHA256
c0efb52a8618a35eca8aeba777fabacce01992addaca8e89cf240f1f04c3cd71

SHA512
e144e66230ac5d72c986e979a19e0bda6b3d6ad6cce29b8ea26cb4908e650057e436513426f85dca1474379d96e2464893a5e79a505549d7ea6e0c73b65c02e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
140KB

MD5
84a77af7d2563efff9d1c1afc6616e6b

SHA1
15150a9c398aa9323bd990eec834eb29dfe49d54

SHA256
18bb0401707503c02e870067df8d5a7cda65e6643b6b643e729d7888a09eec13

SHA512
c8814ee4e76b18a3ac00480c47a739829d1dfab84b8eae72b9fac6c255e997d8ed993bb97dc9396458d5b5d444dde35223d747ac4d5ec5531ac19c160f527ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
85KB

MD5
f130f1342d1b7d7dd6f0f0b43ff623ae

SHA1
2a0a101bbf87906dfe2e6cad9d3da4baa22ef24c

SHA256
33b23d020332324f7703d20b071e1d6b7e13be28b768c07c4a19f1ee1c038054

SHA512
8b12d7d3d39df7b718e37e5671695d68da249503fb0eed99a1207681d2477d900ba9c084a76c609c14cdea5852a7553db9fcec421d83fc4cab694c18ee9820ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
26KB

MD5
846218c9ff745a56ca06ed93ec57f55a

SHA1
532062cfa69d976ff6514e92f01fc8f3995e24dd

SHA256
4054980b353e50f1788fbfa20b3d5bdcf72f41f1ca3dce6f64bad0b883e3549e

SHA512
0bc5f2efc4de18a7cb0143730bd5f02ded357552aed8f0da06010031ae9eb2bb33daf9da859945feb2a9acc6f3cfc70a150355e17df4837419fd5b68a5d17697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
80KB

MD5
409c9108e24189fa64e572be390e81ac

SHA1
9eaf685fe175fda2f80ddc20ad623ccf21ef0a29

SHA256
ee09d6f5520490df0c800034e0e483ecdfb1ba5a5dc05022b6f038eac54d73f2

SHA512
10b99d5f52f393d012643632b109228c498184614f58978331a17835c684d9a3e89a14921d0fc833fd56d3012467316db272c7b14393e3aab9ff2e955adf2668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
56KB

MD5
9c45b4860d91728dbfabc59450c46cba

SHA1
063bd7cc9117f9911aeec39218ffbf6ebfdd1c94

SHA256
943ab147b991bc2fc5fd7a67fb5fc03eb05dafb318c0513c4cb1e6a0b3eb63a8

SHA512
4b844d3b2f19d4965025888106902d51a6933cd7c6fb78c2b9d66bdacb3cb8a6071772909776d0368048270048819f41eede439f6ae6d4ea45684e77bbff3180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
87ceb4f1b13340ab7d9a359b922dafbe

SHA1
3872660469ff6cd3dc27e5f2c23f31d5f20c969b

SHA256
b5e868739ce6ccd5b5485af78e9c00460fab29ec77e4505b9c1cbe3d2184a5df

SHA512
c425685b3889dae9bf41c45232917bb4c4f013dd6e63af8a17a0d801da6bfa00beff3dd2a9e8497b30a9ce5f7efbcd64a29242a14e3041faace8a8b47eccf4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3373da52804b70eec57e00386f67d530

SHA1
63ca9cbd4ee56e407b9a18714b4b1ba1ab0e69d0

SHA256
5820189f8a6e8118b5098461a8e0e508c3bb0ad95a5a1bbf2af05f8672d769d4

SHA512
0aae25a1f5d86a51caf629acd7716b287d18cbe0c9b17d6ff6b58bb4c9f736fe3dd41e70581f966bb5badcca69d86721a05e591ac49f383278196d6e8f13d449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a409d20fd512d05d246c1d1833f96e71

SHA1
ccc45f2caff4f4187fd54c7af8ac5c96f6653813

SHA256
9278707e661a170729edc4723cf20b259aa8e46012bbe29014fc9f1bbacf4c29

SHA512
1bdb65a9f5eab122be12dd40777943955c348cec0891e00fea09b4a6f92542f540a7d266e248f0b02ab70a6efbba931f470aab7b21b60a741d9cd3c05a7eae25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c853f4f9d12d8b1a811338c3255ccfa7

SHA1
7f3d065378213f9496ad3f9807d6791475b5dc2c

SHA256
3b3409303afda908639529b8ad68029515f3bc25ce3bbb534b0917d7ee35b57d

SHA512
d01973e22a48b671bd1f65e19d4e1cb634954e25f3ab5757d301ded4985104e46bea974dc99c9f21bfd36ab6916055ca94dc0b53ca2fdef1643a902b92258af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
497d41ff8184af709e6cfcda987fddf8

SHA1
74a39fc9841776f0320aee7b6b5cf89b38b4af24

SHA256
36fb13cd91d00da7648c75b1a1edb7a44c70be0ef515e71140c9735c069c7483

SHA512
01efbbf192f60f6427f05701c71829551b0fe3c398a8b5cfb2a78300a5c906b79af448f55992d30b6ddf6552bd8c8780e711f197975a578a9128384bf38fa737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
84f3e973d84dc47c92eac0336655541c

SHA1
e9a789956054b0e7cfecb2686d424c5769daca2f

SHA256
b4a0f1dbff1fe5a660e654b332aa632b4466514a13b3be9492153f99771e0f29

SHA512
db63b2fda3ebe6d4d4ad2374488085ccf9f9a3625072776746a5f369af1b3361bfacad85d2ba898af27dee2a44457fc55b054e140a347470e86dc438c3c9860e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e7a1b58d74d3b8d0739d86affce44d8f

SHA1
3235bf1d3580802473b1f79350f4d8c620b06eed

SHA256
593b1bc9a306ec788763601943b614a0d1f497705af951c06feaa62a2d700d4f

SHA512
d1247f951433a55c68acdd2cdab31e03d76f4ff07f8b8409a8d8bdf3c17a7f07ec75396ea8585d43e0eb9ffa4fe60d7055ae24649c2b5e72e0ee0288b37b645e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fc4b4d7b3885e20dc5e6958dfa6a4773

SHA1
00f429d45c59166fdb187b7f0290c5bb41cfad25

SHA256
95dbf8107f6b5875b5462a6fa5bc6cdcd88928f763e8f373da1f269dc707a8a2

SHA512
81c0552f27ba06a81d16e3f0cabb4011fb62d246f418f0a44533bda6a6b8140f033a63ea718aac4f34132294e1354eb6e8c4f01f458307ecaa5d38a0cde69652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ed70a88fbc08da98816611536a002a4b

SHA1
a28aa3c4784e54ca94f51146db5c679de2ba0fd9

SHA256
143430ec97a15eb50f1a33b4aeba59b285bb81986f3f7728cf6c076f8399486b

SHA512
4cf661322c381db18a9b8dea65c5b05d736205317cdd91ab11a1484546adbc51212d5a0def9fcbf464fea4a245fa8202fd1ae52820ef5f53734db4c301c0a2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e98d99aae20ddb96f15ec029421953ae

SHA1
a0dc799ea93ea4cdc7983b255bead14c4939554d

SHA256
a5387a6e9f1f3706cbf9e3227e4efc2ef81c94706106c428f43a63ba76f06074

SHA512
c9cfb86e2c72bb673a47c8396972e19bfa5a1007b1d848ffdf49aa4eba00e4de7246f9e2e37c880c99d3edbb5d73a8446dfbb0941fc47430e3e5ea78f61a0535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db97f654904738f21da7725ed06844b5

SHA1
f07aa2c4fc6326addea2dbcdd3342962131113c4

SHA256
c21f22947882ff833d78661f28ac67ba55f91574eced67ba422397c785eeed3c

SHA512
a7caf0fa165ad04b42d75c2fdda08fdaa73ef356db0a646e2f100ebde67e161aa1f371acb22e9e9fe1a41907b6978ed1e07f5052a541260d31ee41676f42dc4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8e83f82382dea5b621838017416852b7

SHA1
1d93391284bfc6ad67b6e5dfbee61bcaef6a9134

SHA256
6b212c96a9c80945f7ed983c5d7740181381bf495ff3ad6aca6b3ebc5556a5e4

SHA512
0f9cfd918b3533b0fc0af2f867cbb54f19beee6ebc80c259e79057dbd96f3d00080809f976619d535e5474f4653cc2dc8935bce19291723c7d15d6275259e15c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fa188b4dd2e36db4a1377a4905fc3322

SHA1
6c308f84698ff363b4fded28944ebb49754727e4

SHA256
22fdfba92e5e8596074475cec90e57b73143e4b8fc2da7f44061c76c2d0be0fe

SHA512
0b7042f1e6cfff08972f759ca2b2e2e9e92832b039007fb4a9f02b8bc49c23afc6cb7315a40e499e50572b49e9d3f887553d9d21b97cc18ce684ef17522dd724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
255ec5951ff56eab9f242957fe8531bc

SHA1
0fb9c7bfc84d17c519f176f1377a6fc6669d4261

SHA256
a319ebc127eceb0bacfbc497746f4222bdc3fadf274d4e9a8b49bcd3d80feb2d

SHA512
56a8b8878bd4664ac409f05905d0fee13db892cdf7c474610f0dc8e3e76fd07b5f31a2ec52bcef3f7d24588df4024ef7dcf02cc7abcefb5a848710cca9278d84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
717711df34063625e719cd7298f77a40

SHA1
2c9ede6fce23d4fb93836ad1a493c465493577e7

SHA256
9848eee56250469a9930e517b88329f9c001e8ff590249d249da22d3f5a1cc33

SHA512
d2e7ba821846e54c4f0f44ae0f668b3e42616eb85a26091e1862369cad4460bad0a6c1fb377a716bcbbb305a140250b3e146296bfeca89c95f0232b4b26b60bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab11ee700d3d25b17d2dc37fe18ef2f8

SHA1
c14d8acbe7377437cc6c29f47fbd6751a91b0ce9

SHA256
b37a3a79e34159dc2df12a696a09caaa38c9493e7dd372228b734fce3bcbe327

SHA512
fdbba7ad51f0435f962b581e900a7de0df810935a48f3257f9bb9a72b695d5c0e1b7308c0636504cc46ab15199bcf365e3d2a3dbd36d0771943c04faef8be96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e74ce2806db2e26647929e3c3db5e02f

SHA1
2e01ceed24525a62e5da6d28c98aece447405462

SHA256
0e8801c3294ddae3f9263dff0bf2d363c165297a4e9736a1a553c53927633925

SHA512
b5eccad65868385e1fd9155e431363ab78d70ee53a821d55fa1f45e50d52f1a9dc4a3b547c48512985f368026358a02df9731cb8f109128c50c229cbed595fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579f4d.TMP

Filesize
1KB

MD5
a9278694804140ceda04cbbe11c2e3ce

SHA1
7dead4d57bc4946f873ea1018ad5289a28e7ca80

SHA256
55347bb4e384afa25e09136ecee14ca71ccbab841c2b033f22549873d7be71f0

SHA512
fd9151854047794da10d569af9baa2fb57b454ea8bb4663b178896252a24a9b46683d57e3c69e9d7f155e193037e0e2b5677c7918963b2ed14248a57575f85de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2f70c2e4334a28fc191a8aa0ad66c7e9

SHA1
e9bc3d2a520ceeb7366b68a31541a05f3172a8b2

SHA256
f431dc334b0083b116717b9002a2205495c039c5cc15aa8f48d5b7732f7d02a4

SHA512
aead90dae6f9513b78e2ca0328b37e3a2a9339e5d22351ce0a6b1032abc891e9ce889d8b8d0430b6b159e0b41ad935e4597249cf73550236bf2b640c2840b2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a511eec653f5ec74bbf3074f716135a6

SHA1
40ed8f1286937acbf3b26d72a1feae1b41ba3307

SHA256
190c24ca1801dbc8f5d2606816e92d38f38aa990838ae9b4e9ad6803ff9b7560

SHA512
674e4f46fd00d7b5a6ca0f2a0c0f7e1912e971c1d31bcacdab34788cb818540280df45eddf9771d3d752d66f57d4b688e6cfcb81075a7c8ff954190df37ff98d

Download Submit