hxxps://steamunlocked[.]net/d5eb5-sex-with-maids-free-download/

Analysis

max time kernel
323s
max time network
334s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamunlocked.net/d5eb5-sex-with-maids-free-download/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{FABBBDFC-8392-4824-B4F7-F49ECDC24E37}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
3112	msedge.exe
3112	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
1840	msedge.exe
1840	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 3452	3112	msedge.exe	84
PID 3112 wrote to memory of 3452	3112	msedge.exe	84
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 3252	3112	msedge.exe	85
PID 3112 wrote to memory of 4148	3112	msedge.exe	86
PID 3112 wrote to memory of 4148	3112	msedge.exe	86
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87
PID 3112 wrote to memory of 5092	3112	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/d5eb5-sex-with-maids-free-download/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3ef46f8,0x7ffba3ef4708,0x7ffba3ef4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,5038640646389760758,14989127463424827671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5ef3eaca468a2e739502afa6d077d150

SHA1
c3eab1d2a84f057e321e7c5c0994e2ad0b17ecd0

SHA256
611f2827d60cbf006abb102734b8ebaeb772f2bb10ca9b2cf8bfa17ae8f82ba2

SHA512
4e9f9028dd8127940971be928eaa8c4f232c05a8aa40da73d7eaa738c9891cee2c28ff36f3dd7197e4aee56162d465c405dd9c55348c8c59fe6582c909cddde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bbb95a1497339d84b1bb3bc245069dd8

SHA1
10207e9fd637e68442295af1ba486c8d2fe9164e

SHA256
d5d69db39aa682c08264f7adf87fc5f8baeaa159b220d35dedaa165d466290a3

SHA512
c22e1ed993c22e40dbda0abf7913e385177e94bb2814a0f5dee949373f3c06b5c85596fbb3a10473f23cee2060453c0afed583f25892edfd7d194e1e469b3fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d923883c4c208b29510007fff8ab91b9

SHA1
b8dd972a1daa354ae82e7bb891baefb0c27d198f

SHA256
10d1d76172c486bfea3b8b80c93eb140cdde075c918ba30b8a71a06d7dd2a82e

SHA512
17150904c67e890a6db7feea24d52ba743d391f523dabcf8627c72d8b69600d53bd9444c451f545c29cfb80b358511d51b1517dea9fcbf2517fbaa754183042a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c8d4eace2892a472cb170d9fe7a17e23

SHA1
73de97696b631ffeb2540def157100d83880971f

SHA256
55648858fa5c46dc0470e19fb09b6b26e7b6e1da0b94809727dbd31517080c32

SHA512
7fb33e6e3841aebcb6cbb3b739c1de7ed7f5b26ee2dc6cf5cc39cf5053cf6dee095c022e454a156f5e2c23f7fc4976776db3f83846f6223b87a24a6aaa1c3c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ea6473afd13e73119a6abd7660def727

SHA1
53972ab7310330edf1924ea34627787e05915f9d

SHA256
c00fa09ede577f0bc016bbc9d36806f9a73e2961912dab5f140acd1d55fc6cc6

SHA512
110af2c75aa0019f5691f5d56e163720525ddcf9db5bb596cca8499487622723d5e6a84f5dc42febe2d0b83815152a3659b5b31c3ec61b6b1d3cdfbf95603d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
941715c4aeddba84cf4537e590d6d69c

SHA1
e9a440fb75c5aa794d203352b522bd4763d3fa4a

SHA256
3ac8f600b10fad55aaec99e0a8c39bbf06ff7b5bd0231985f4ba14b013ab0f81

SHA512
e8e42046bc98fae8c95f6b61f0ce27d7ee31897f67949659478f0dd95d4a500e4f8f88f0263f4e7f3ac2b57a88849fd185c11d6ca7459769f5ea00ec5e6fa3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07902e57eb03e1fdd05c8e0a2566faa7

SHA1
baa8a5fc5b3fede5645ad3b58d9803f142727c37

SHA256
3ce5cc2b18ffe39229a4a083911a4be1a21f28c49a76f14f549004264c830a48

SHA512
64e109d3e5bea43aff48dc024f046f5389ef4ac5e78281fc13693d91d433812d9f1e337305e19bf80377ec6455b0ff18819a01c31d15d69478a8e1ee8ca39a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d27005317ea57a71380a2b3570d9894f

SHA1
558918b99a42eeeed5f1ff6f14c9dee6e21892c3

SHA256
f368dbec35490f56f8ac2ff45491dfae432b4dde59387c5c97b4fe7cf75d50c9

SHA512
71b667e93a8859a4121faa679c58c4f5185ff7885f4932f90cf9ffc97e467b04f9a9ff877f0b8fdad21e57ffcc0cc37d90223738df59d60ae7a46eb81a061ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6a4185ff9ffd95fc4048ffb4d9ee10e

SHA1
a6c8cb4217cb6281c9eed542f8e49a143ec74433

SHA256
f2b2098ba5aa26bc8cfb9f20ea188b0d058f4010b18b2841fcafeed84d199049

SHA512
0adcaa416117b435707e92bad7f00e465b084eb8a56646891956d926bff7f26431efe3ec10a33c08f77aa06e0f8d40e6618c617822e1b752c81d26955d96afca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
26b0102d0fd17dabb733c6f2ee43148d

SHA1
ee493a8f300b697da3780771f29d68986ee9ec2f

SHA256
e3da80941bdc99ba7852d3811cedccf239f308b1ca17b64553285224da142efe

SHA512
290753c05c00a5229a1d2136dca02738092bf852a92062948f0fa6303e5e127f50171de4fe1d93c556cbb4797b032a955f715d66dbd48e7bcf13d1e19506e2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59213a.TMP

Filesize
48B

MD5
fbfbb9aed03b79cf89bfa175f62b0af3

SHA1
0bf94ffee5f003db796e85c8781247b27bb53940

SHA256
c115a4e39d0a61118f1c02c4646e15e2f608aa21ad5a4bdd06ed445397630ea5

SHA512
f37020b332597ab3cbebc46a858ad1e957ce10034366257dd09b7358ecb391e8e674e1684dfe6972db48468a64e592cd067d68858930578859f557718a548848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e77409dcb6aa7b2700c9d2ccb8221600

SHA1
d49887f7d2b168c4bb228265d46ee2ebf0cb0cfb

SHA256
975ee399d1e0fa487951a4eac23a0a7e226f5a9c1858362acf0403dac2f16db6

SHA512
1cd9e61bc1f47b9f422f08140f23d754e8722f7cc5eed8113047d4e2eafa9e341870d27df50416c42c3bfd18609a959aff6e2c8330059460649586e7276ac7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4047a9568d25d19c0e7e9cb75d54d17

SHA1
2bb663326d4086849ff7bab097b502a791a4c1b8

SHA256
400642ea3bbf851657d4d1c8c661d4164f6e1d2d7eb18f4e9a30a3e0d9cdf849

SHA512
9c2632347bba69b752d0659b8b9bda00be76692cdaa949f67cb806d63f4c5605d2746f8158fe8bdfb038da06068b1b2c6c12ccc5b84f85c1ce1c1b4468e882b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c08c.TMP

Filesize
371B

MD5
9a69c639ea794e07cc2c495288421535

SHA1
5567f5952ccfe3984f25e344ec48fb87e774e13c

SHA256
8b364c8363225a7b5acc55f868f0915611fb63e7b8a0fa9cefddf8c9ffcbbe21

SHA512
13f69a16fa0c23aead704cb14552774a1f12cf47ea770606125b34c0162f8a817ed0d18eb8e0b3ca1dc04ece048a4a5f3cd2e5def8a2c11d47fa8857f71c46cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf56589261ced576f75a38cc6c6a44f8

SHA1
0b64529585508b42669e611e8046bbf7843ee0a9

SHA256
6714bca507036434c4312feab010a76ded21b607b4790d3c7eb1e82552af54d8

SHA512
cdf2c5b71f8f78aeb14d0492ab259334744589630ec19bebad804b90e7437052d618dceba360244d5a19275bd21ddcf2348fb25ff10b2221b72364e2633aec74

Download Submit