hxxps://wix-engage-visitors-prod-19[.]firebaseio[.]com

Resubmissions

20/06/2024, 11:32

240620-nnct8ayhqr 1

20/06/2024, 11:29

240620-nltpysvekf 1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wix-engage-visitors-prod-19.firebaseio.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
956	msedge.exe
956	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1336	956	msedge.exe	83
PID 956 wrote to memory of 1336	956	msedge.exe	83
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 5076	956	msedge.exe	84
PID 956 wrote to memory of 2116	956	msedge.exe	85
PID 956 wrote to memory of 2116	956	msedge.exe	85
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86
PID 956 wrote to memory of 4888	956	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wix-engage-visitors-prod-19.firebaseio.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f1c146f8,0x7ff9f1c14708,0x7ff9f1c14718
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12138111711121446080,8468118030642776584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2a659454-35b5-40d9-9699-dc92e7d77c16.tmp

Filesize
1KB

MD5
c60ef48198068d7548b1a58279c4c6a1

SHA1
6c190afcb940124ab6306b27517693acde5c3534

SHA256
31f1ecaafa6fba2cbbb2da4abf67073bcadc498acdec2f146cda0214b7938861

SHA512
3f2588bef6e9cd2cc9d33c4cf6eb79ced6dd84ffa0ee26dfe3f91db23b26c7d704b4bcb5178edae5de5bc5b10da364716c3040c4c32bc8606fd9e461111dcc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6cf8a1cd-d242-4ce3-86b7-141fce54c295.tmp

Filesize
533B

MD5
0d617149fa4960f60b5e5940680c915f

SHA1
55c5ac8183e2854fdef9dcc5e3f034b5fba65a6e

SHA256
bcc205afea035fa875a09e3b7ac92114d68543417a73ed0ae5c126a62475299b

SHA512
d55091f6d8c65c2f7f8b4dc77b0832aac21b4dca154a0accfb9628b008feb11a044d4109571b4a4b00003c78a47ec97ed12ab3fb70ac81a91e6e0177a9cd6185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b096c3c-a560-411a-88e2-cac5a8250b51.tmp

Filesize
5KB

MD5
07aace31c781fba67ddf37b669e34206

SHA1
a1cfdfb7f3365731c92223380475ed8277baa315

SHA256
68314f7ca1f26ac92492d9240a1ed54fd997b492549c89d883c1649603144710

SHA512
dc6d2ebea14ab29c67bbffc3369aa5053e92de3bb517a7483f4212e4f1f916d7d3b40494283645537318e63cad3fcb4148b793b13152a4cf0e848c7e2532b28d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
237KB

MD5
e927428c62ae691de2eea1577b22d356

SHA1
17467411e47cc352e5ee20e9e174e10be34dc18a

SHA256
de4a9e01e41eed439327b6d10fb4b8e02c23e2eaad0acc6cd3254732aea002b1

SHA512
78af22349a986535bc3a6b023e5d478101291c63e3d07b7d80b960029506fc35609e35e4f36421d3acd7890256d8f55ce5011443d49d49c2cb570ec861ff3c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
29KB

MD5
3e06fea280dd95af4e9e647c7ba79499

SHA1
e15010c2daf9c314275960af7f4f13b2c29702a1

SHA256
a3885730d060ca9edbaaedc28efc95aeaff75ec5bde5ea2c6a66ce8c52df8b63

SHA512
52a046a33195be10ed89e3dc9e5a1efeaf9379d0acb7164eea20d4cc89ec6918ab1e5e3a8b65a53920a86f9341f9bd25bb8a5e0a7752a3a9b023fb3b220dffc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
972b8094939630ae495cd819e13bc070

SHA1
97e8aa9c588f7fbaaa14e1c5f800dea2a79b4b0a

SHA256
fb4a6ba7c3f800f1ffe5a70cfd3f0b0a811aa9555abdc08340263f7db603f923

SHA512
58702b83faebbae9f2cb3da9dd36517bc2937e750ae59392a118d8519d473cfe4c3f61ab15e4b9705a989571daa077c450c178d1f27e49850404f6a47ff1d56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4caccb10abc162155b4b2a5ff3a61444

SHA1
091fd61545493aeb7a85de75aa3a40c977f318d4

SHA256
d9320654bf49a50da7ff3c5bea58d91adb724e34537f9155c79868ef35856b80

SHA512
d4a1b415a2fcbc918beddf7a863250d6cec6ecb3f12842c59d84fc57fc67bc0f8c32f1f64e3f271063f3fedbcd48e67241596976de081dce9d27fc4b643d3520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34f62161843113e243c48688a9744fd3

SHA1
737a438f2ba8385086ff7aa2b735043e2c043851

SHA256
f7569fc3d5ccc38482d3a684cb3fd49e5b12b908002645a592ef20f2c6776928

SHA512
dacf435e5b99b7369e0346b7bcdbe64c70149339893c42c9880c4d37c88f259004fe25398d4a68bf07679fd77f8959c65c0d80fd60af0ff94300bc6fe7737a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
b6bef80ae89407c3df99f83073342127

SHA1
0eb84bea43ea8c09b800e6f9c501a1d9803ee151

SHA256
c37eeb4325858aa89ac32cddd656d6970182df95cfa51b8debdf223446ff45d3

SHA512
7c754e79f945a2257abe2b9ae1aa65d5fa3f13c24d444eadcee8d1c1aafc0b383561d557b084598987469fc7e8b72a54ecfb766c779c6023dffa0f38b2f363f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9d1f5fde80b9002d60a0152db717c80

SHA1
5348927bc38b95ab7d9c705f6de0e75d42309941

SHA256
b4851550495f450aa0f91344f7410c65245896068d4f2310c66dcc2a6a1b86af

SHA512
2158e9ed2f6854d05dcecfb91df6f6e962d242c95a1fa352cc603d7bb368c80ab7b2d80c732069427456e2d85fe023ad83eb7c34287a21753082d66490df5eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b879e08a9f7ae65c4815768f400fc6ec

SHA1
55346720a5968158136aff7d18fce80d505ea17d

SHA256
6ee271e48baa29f6761dbf929527fdd5bd99d1edcfc36fdce6e97cc1e17c8255

SHA512
9454f009e96d2c171e01c24a55403f36646a02c1f138fd7164ea79900361754b015375e164ffc34888a85dd6bc0d89c79990d0fefa52f8e96e9d47a350755e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f46845b3f95372db3e27e4d197b2fd15

SHA1
bc00d89bca0fe6d4c3b214edecc51f7ccc3eeff4

SHA256
c6d96111ac624926f6338551065bc5501b98348a5eb0eb8100204d3edd69dc42

SHA512
ef7013f48cc580a0fed290412b997b815eb0a2c549fd6d2f60db85e287e14f622d93f8f6defde979e2305f425604c37f1de7f2b5d248a21a1f51df745502c473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
694e5204c800aba9eade03783e6eb859

SHA1
a9cd8433959189592b953e9e4c49d25ab693b988

SHA256
cd7ea54e4902c7417e2736bbe10a40281c753257ab30c1d9ba8fc1f9b2dd9714

SHA512
224ae67dd144d0eedc195f5f09b6ed47067d9721a2fc5042c47bbe01b2b31efeb3194f2467ea7d3b154fead6871660643d6af2863d3226afe879548b9d40ef07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e88a043d3d88825590b996c1b19994e9

SHA1
cb4fbd86da7f848b0d127828aaa8e65fd2af34df

SHA256
14bbb22499190c8d665ace00bbafa454ad9df29120cb1769bcc02fa065714c2a

SHA512
adaf3b91d3fe6a9d9b4aa60588db852133f6f9396ba40c989b9a7d37330f21b25b78ab3f8ce776ca57730bb9f9c493a5806b8425cb0c7b889c98b5487c767c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
1edc72ba300e6280b9519015ae782855

SHA1
a6ddd6b01e0fd696ba5bd85937177e9d5bf96b3a

SHA256
c283f037eaf6db424f2cc12b4b158afae3746771c523484f11337d6f2c6214c7

SHA512
422351c5b6bba5a6eef99bb983de76c00ab81204a38902e78c163d4a5487b7a9f707694de0e637d97fedb30107558bebfa0de9b672e42f5556a694223061bb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
c15014275b11eba5e6d3e96ce9881833

SHA1
f9a949995eeee8e596c9e137c97c05fcb134260f

SHA256
4da5da7c1802b7dc9a0da60ecdac3720c2a24d22d45e3d8378394a62fe165f33

SHA512
49eca434453a8110ec5dd877c223befaed7d2df27e4d02bab1cdce34b415d9a3152269153e0537407e6093102973587990e2b4ea6b421cb45268fd26c81caeaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
f9015663fd1eb072530747b19a9aecff

SHA1
9b387385d91873c99d43f36d2c8f18cb14c24b64

SHA256
8326ae24b47b556cc10fce027f82a88b084062ffd7dc4bc5a1249344b2456949

SHA512
f801852d4988cc32e1a5869a8516ec2c91a4acca1acb2b4c2c3c25ea0f6049a44cdd759a18543663f5ff970e4d881ebd270ebf9756f5aa937347c9c6ccb04d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
9e5481a2423f23778412e7b904cf96d4

SHA1
e80be57eb971f2049464b6afb0adf4b4fbf561f8

SHA256
20fc1858df9df91d78c7b5bc846c2e0ffc6b225d19a326d46e5fac0276b7a315

SHA512
62fe18fede4eb87c0e1e15672fe58188f9820fcf1824051dd6ce55be09fbd59433afcfe1eb2cea88de336d6b9b07acf6a8578413910faa85791c93b1da925f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57956a.TMP

Filesize
368B

MD5
95e71fe9c373376975cd4f56c67e2a0e

SHA1
e876855ab489ab643a040a88b5842988e9e7fcf9

SHA256
6176db8f2b228adbf06206383fcf0566c0b582affab947fe4738cbb25f546bb6

SHA512
87db27f1e1771add3ab45fadd5e434f3b576e896ebca058afae0062364044f7445f758bd17bdb741f710f30931d7df9a3563dfecad74341eb0fedd17c885f56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b6f4225eb15ae63433307f364fc7be6

SHA1
d1cd865f6b177df27b71b9c9efe20ace55de92fe

SHA256
394dc5194414a26ace9ee1604d11c496f22c7922f90571fdb032e1e2526a8ee9

SHA512
03fc16be6cbfc370ed85eaf24a1aa54e500218bad57046e4882fba6fcf033ea254163d55aae233becbc089c9a6f855b04f3934c2398a88b0d35811b969d76571

Download Submit