hxxps://customize[.]cz/add/?action=click&web=mojalekaren_sk&box=box_category_sk2&itemId=hxxp://www[.]bestbuy[.]com&position=2&showid=516089370&redirect=hxxps://alegre[.]ameridry[.]pw

Resubmissions

21-11-2024 11:18

241121-nemm3a1qgz 3

21-11-2024 11:17

241121-ndr66awmam 3

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://customize.cz/add/?action=click&web=mojalekaren_sk&box=box_category_sk2&itemId=http://www.bestbuy.com&position=2&showid=516089370&redirect=https://alegre.ameridry.pw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
396	msedge.exe
396	msedge.exe
1820	identity_helper.exe
1820	identity_helper.exe
6324	msedge.exe
6324	msedge.exe
6324	msedge.exe
6324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 2468	396	msedge.exe	84
PID 396 wrote to memory of 2468	396	msedge.exe	84
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 1804	396	msedge.exe	85
PID 396 wrote to memory of 2372	396	msedge.exe	86
PID 396 wrote to memory of 2372	396	msedge.exe	86
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87
PID 396 wrote to memory of 4348	396	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://customize.cz/add/?action=click&web=mojalekaren_sk&box=box_category_sk2&itemId=http://www.bestbuy.com&position=2&showid=516089370&redirect=https://alegre.ameridry.pw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec00246f8,0x7ffec0024708,0x7ffec0024718
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13294027303089477449,10524106798179406554,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
bd024c742436b69c5e1b561c6261374d

SHA1
416fb4052f8afb0a90e4b476f716db2a30133cab

SHA256
3e618d22f350213e660017bdcc5fc6cb0383c727f285448d8c1cb76d0a9561f8

SHA512
b872740a1dc8a53c6378641bc3964fefbbda160d84dbc8f1f07c69faf9a5b2f69ee51ae83b71749113aa094d4d101424afd75489af8a9ba04ac6dd0cfc755d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
a81aa098f539bec516d6e2d3b12829c2

SHA1
229783056c16fe9798ff933e7e0d3e4eaeec60f4

SHA256
709f45cb1af3395fddb7ec5b1863aef97b3d512f62db27e9261522af915a6fe7

SHA512
056a7f51a8b7f37f15cab87e601f7f4399d42e4a3b47cf23989a84d8e3ec378526eb4c7acbfeb7a07dbd32b70f15f06dcc375389138bb703f689e07dff3e6f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9a4f4fbee71fb5a3aae7347be1b986d1

SHA1
31a4d45c0a33ab3fce523982e17051a7a33b2d3c

SHA256
26481fe1cf47172195bb32c67d9b97d0779c4ad36d9a1062761ef9695aeae238

SHA512
349a313fa52429d26a2f12ecb99dddfdd8d88351a1c1862801e3c26cf207dc034b8a86f5d06e31ca476a9d549aace471a16d1b71e9ac056969f89865d1590c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9fb71011458ec0c0ab1aaf910aca570e

SHA1
c5201060b9ce18270a00a846e64d7284838e9125

SHA256
d2a15c6958f3989c3213c6577dffc37a9e87a971d7a4897f4c0382e6fcf50127

SHA512
90e250160c61cac8a56efcd856d64fe665926c19f6686016340e406c59119743317c5c4e686154d2fb9e14c78911353a43d30a26c8ce1d374daa359c9ee2d2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c14780e1abf823955c523f7f1e437219

SHA1
6cb9490a0202aa9303d01a52a2bf92c1b294a9ce

SHA256
c0aa0ce6a31c406001976758eea4ca359696c1ad9416401cd6a2b8aab48a2e7c

SHA512
547d2bb93a4c76e66d4dc3a19aba385fa5e53a815115efb2ac1185aa13182111da68973d3c91278ed4156cb87b64d186b08aa4cd38a12edfdea59b7189c4911a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d5cecf79f6086640dbb46ed68efb4d1

SHA1
d3dd89b3d20d48a21c05956b2604f763f560f0f5

SHA256
c05fff72327ede1456ebb0698592f7eb9215ad3fcbaf1b9f4925acec05191c0d

SHA512
73aade8bd99efa7716bc78d3e44082300a47b19f7a98c44867b847b8013f1872f52133ded5290d22d0060b91b0499fa0b6f224e73fd84e2bdbb1d957938755c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af098d9312551d7881a493c839a4ccfd

SHA1
77c6f284d53c5f60215c5f8ae470f24a62d1fc4a

SHA256
d588256f430b1e439249c64dae1f64af172063e4e7a2f3e4ee81addf6609c5ff

SHA512
ea637f1edf16526e2b1c2f202b6c50c77cf224844afb4b766e36875a7883f9e2f83806748a86d28d0f988baf3854bb6d892ffa6c02a6708085d4a6839e700a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea013f069aa89b384c7786bf67d60d38

SHA1
c565ea78e838793b32ac42f66ea969bb449df447

SHA256
4925f9bf010e2aca733ba3f90aaff801a88d15608245dc4ccaeb3d5a8d2fdac3

SHA512
a62c54b5c92f735dd84da48481514a7d7caf684c345146ec9870265a0a5a5539f82c664c90ac33f2c51038caca802b638e522796ce11c6a75fd5b0ce66f6a888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\2e4845e1-2001-4753-8cd2-3f5a3a4fee2e\index-dir\the-real-index

Filesize
18KB

MD5
607c14da8e58b4fc29b1c17bbd1a1149

SHA1
1283571857895fb44b5df04913dfc93bd32c9e10

SHA256
d8887ef1cc04c3860ea6f558e031c8543c427a66456e4a38d106ce18e157e1a7

SHA512
a26250b38f3b9ab317b42bf8d18703b49b3bb9124c0d0c19d211999d3bbb6282543bf6b9fe27acc0a77869cc4ce76d45f8cebbdddc0b7aa79f5d1e4b8112a085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\2e4845e1-2001-4753-8cd2-3f5a3a4fee2e\index-dir\the-real-index~RFe589ab4.TMP

Filesize
48B

MD5
4f2eb5f4ac9d83908e42cfae37d081e4

SHA1
cbc01a7df86a130bc7e9f33438882da969944b78

SHA256
e7026c77b167a0a7df5b0e119930ddcd66f545575c7bd6f5d8c2de3bff3e529b

SHA512
9686b188946852a98c40e472381e5321bdb5f64f5c552365500136afbe1fc937d23545af8b3f253eb31cb546fb94da0c666c08807ca79925f90530aaffd9ea67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
ba5b3d9b15eb41d391a688c9d3148944

SHA1
45510eec7ed418b6e213163c359ea8a4e56fa870

SHA256
5704ee43c2beea5426c0d94654874b1aa2762af61a3491c67e8422cc67bbbc5a

SHA512
ab586c373f667149a18d1e5af05c780caad70a8d8ff159fe3e9c8d5547f8be3d87509f1ed6b7072e160afe067a42d4ad1f3d30c273223ade27bbc9908dcc9e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
228B

MD5
1ec2f33c27dfe21b936a12c68e339a3a

SHA1
b245d5200f5ea061c9f0d852a6eead46ecb9e436

SHA256
cc665fa2c8a4f34707486520803b56ab24442556aee0ee8841296d63c2630db7

SHA512
8d520e4630dd26f74125a07675371144c162714a20a2617726c1ba7b94f152051b3165b30071c12ae125e56cfa5f8bb90bfa7292f4d65215f53eba34733bff19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe582a66.TMP

Filesize
235B

MD5
45d58e913f9b2c3efe0be6d82f8c3fa7

SHA1
dc252c540312efe9545804d3b8e2ede790fc2c6c

SHA256
78691627f2868a79fc539b4efe3148b1daf30056c7749303b15e19303f4da5a0

SHA512
8809c00e6499758c32278c6ca32ba2397f5bb82ce7f4689f147d2e6c292d2e46d1a3e2d1611e7d7374671bd2579a836ef9dbe602c16a8657d4c6fee3a3962d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
08ccb498c47d0c18a321bc8d84fdb9f7

SHA1
ebaf4e4b4df2c346a6254ce59ca572076a9c3686

SHA256
0de0ffeea47dbdac8268ea2214a0e43878e598458658d1ffac639824b91fa81d

SHA512
073dfcf1cd9d77b156accafcd84d9ccba0222a8a15b3a73f50046c686d4850b3fed691d5c2bbd9475b3d4c9a21cda76e000d3cd8843f5507ae0bc5f56ce68a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582a28.TMP

Filesize
48B

MD5
eb787531c1f0f8c349c99bce560eebe6

SHA1
10ecb7f1c0250243cedc854c6ec2c5c135c296cb

SHA256
946f300fad2f096c146b0e72a20cdc4017396bc276d30891eaa72ccf3193f6e8

SHA512
1beb2c4cab98ca9b6bdc85e37e13875624960c5a127ec91a8209d051ddd4ba24480d650fbaa97413fdf994f757f956782ac268ad39c7cae01cef27e45c91e86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bba50ed24d1d04384c2ae62e5347f43

SHA1
8017959534f7f1dd51a28bfa151bda607b1bab8b

SHA256
4c352ca2812b661cc914f7bdea44be908730aef02d6ab8663468dd35789ea02d

SHA512
a013c14ca1e0d80324490cffe0d6d7e6b1d67f61df7f606efca5585594849ed8cef433b863c825e07503a6011972bde593eb0b82edf67c33db042ae382cae6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c159f1236298195c98429a501ff3ecf

SHA1
ed0778ec6a62b6da4527a487fb201feabd188d21

SHA256
66981a0b8a2fedc246dd9eee8a93448f026601137d91630ddaa793fc03617f23

SHA512
73a374193a47e0c9c2ab20b3075426ac2325e5667a70003c8ea4813ebe088f751ed81d2c334d426ef1a533f36cd21f2e44357e8ea96ebfcb25ac2ae8962bbde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
913b2f70ee27832ea52575b0495d447b

SHA1
c5f7d5ecfe2871ab7622510df0c390210b5db99e

SHA256
d9e7c6ac346564fc65b705173f9ca44f5ea9a1cbc3a946cd64afd3f800701544

SHA512
7fed103e2ececfad14f4f67697d4886d410bc606a2e4359fa99281387e0aebab71a3bc9234e1b451d2e872b9a829f87f2067ffd00867aef33ffc2bdfd1c3722a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb09.TMP

Filesize
1KB

MD5
9dcb37ce6ee106b9d831ada63826b00a

SHA1
6010a20811c0659fa9183589957d002410f4bd5d

SHA256
5f39b8b6542a2d735f5933a815e0b7515be269b9aa8fffe89bbe63186c1ba82d

SHA512
c96260787216e88b806181ea73962efbeb60d604d4e1ba713e1a9d11ff2e7e79257af06aa1a0093042b003319ceab6b982a7ddfc8f73d750ced07fed1c681c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f1da75113dd2af8836ca04243aad2d8

SHA1
77fadd3b2941f0f6619d09c7b60437ddc9631345

SHA256
595659814f3a4cd23c1bc6c98add56d2a32013a111bcf8c1059e7120c1aef87a

SHA512
37f37142fa5c4a3d6775809cd9b9ccceae7d6028842706d416de528268739cc87d831a965c1eb3efd73b68657c1bdf5d2fc94f95d529f533b6874740b00253a7

Download Submit