hxxps://roblox[.]com/home/

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com/home/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3416	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
4188	msedge.exe
4188	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
5884	msedge.exe
5884	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3416	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 2732	4188	msedge.exe	85
PID 4188 wrote to memory of 2732	4188	msedge.exe	85
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 4276	4188	msedge.exe	86
PID 4188 wrote to memory of 2680	4188	msedge.exe	87
PID 4188 wrote to memory of 2680	4188	msedge.exe	87
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88
PID 4188 wrote to memory of 4064	4188	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com/home/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a7d546f8,0x7ff9a7d54708,0x7ff9a7d54718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17740273933697163464,9673150420187745004,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault87700d10h1ad5h4276h85dbh6787a1198ad7
1⤵
PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9a7d546f8,0x7ff9a7d54708,0x7ff9a7d54718
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18259844510103588745,4870244042658314148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18259844510103588745,4870244042658314148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:5876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3380

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Roaming\WaitFind.pptm" /ou ""
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cca9cbe1a7caaa218dc900afd76079c

SHA1
18f2330cc85a7568c2c4df44311937d3efb3b211

SHA256
22d2f794cd58e1e784fde0cc72ffa59233ed8cac017e570c4c6d18f90fb0fe4d

SHA512
5cc5c1260f6420c6c00d3d89fa71085918285847b73383920ff1fea0faf8ac74d19410a6212e3781c4e152342dc13fa3fa943ebadf361deeabf66c643bdfdbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f81a652-15dc-4472-a0b0-0db07c5f578b.tmp

Filesize
1KB

MD5
26bcc7ac9d9a53f1996e28c1971311c1

SHA1
064566580938cca27b4fd650d1ab212db7600e99

SHA256
f6db24608f7d6cfcc7bff3641b8ff14405b21cd8d2c2ef47835ee00f918afa2f

SHA512
49f5017ce6579493ba6c7d9d84b10dbf37b8eb27d8776e2316d5b9ed02f3e68f8759a2c33b64b56730c20945c540c0f7f11470277689a88c70d74f5cff0f25fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5c6a094c207e139467a2a14f5734c6d6

SHA1
c284842fd62c8637a394c46fab071ce62b9ca3f2

SHA256
2c0529e81554e738768a70ce779f85a43a262aaf979cf207f76dccdbe7b8c1cb

SHA512
59b2c2e270c2ec0f49bac24a1c546ff230b843d17684a1d05ccad5afce06275fef7f060aef7028d50be5aa384702b018c1ece686e3dcdaacc1c8d95c0d13feb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
4689b242912ee49c6df8133725f34a08

SHA1
372d642b1d675b6926d2ea2448cb3f930616c990

SHA256
b9030027d196217f91731e4aae62af0bdfe8e51bc73168e5472edd1c861d5a36

SHA512
05500f57be1c2f700c7df3e59862598827e135b55a41f6c6a54fc8fa7a97f1240b66317180bbea578e91605fe05144f9f2aa65da5f35fcc49465160a4c30a884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b42fd1bc6894f014f6e540caa0765821

SHA1
2ed09a165b5b3bec9d2ea7fdacf610c02677504b

SHA256
b27489913939f33507015c450d624c51c02d127a03737793c6f0b808b5cc2505

SHA512
fbb3700a26a9070823f6b4fff0a17a46d59cbed46bc1dd0b5df3332a32e9e343bde1f1f82fa413054e2bb12bba1f961f7cba4ebb37bbd37cc9b568d679e546fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2a3e40abe626d8af8779ee122acdfb20

SHA1
f56ab80883a166096707b6c54cf5e0a5d9ecc688

SHA256
702313ba326a30de1d6284d92b00244acf8be9ad35982bf87bb55aa6ffc4e2c5

SHA512
74f0d6a5afe9bfbe9f8db7b5eae0055953eac9f4921423cff34c77d4ccadcb4db3f1b5f85a84a8878dcf98a767f5da0d55782b4fdf7667b0d43a1e7d7afc812f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85253eb49bf9f59d34d3209caf8b5489

SHA1
c08b4c1d85bbcdab6282929c880a89e317718f9d

SHA256
866c4cf03434f43cd82b9285741dc5107a9bb0c17c63654dfdc6561ad0fb1741

SHA512
30567fd08edc1c1e3f55e5c634d3164af77c2cb03f42c767f684e546938101baf6fa9dacc17e2c0ba43ca9667c266c674af7ea40c42df3f50e96d9d2cf75a4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
884f2b63f4f4fad94c9e933e9997bbc4

SHA1
421047b0411ce0783d34d4c37720533c87b636fa

SHA256
6c6339c9828ac6515e9524be25b3549ea37245fd86b10b11a8a353475fde7223

SHA512
08d9008c25dd1b0d6573ef926e950c2e5a9656b3c7a1484e4a4e593b6e2982abca417244f2ecb1cb675dfb099a959640e8fb2ce9b1252dbac73e284831f0c4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c5cca6ee304152630903f4e356bd7da

SHA1
b47ccc6e5b0029d8e11fedc0fadaaea561b9f1bf

SHA256
4d028cd0ffec8e6f5de89890c13afef619dffddf4820be3c1355d4e8cee9a0ba

SHA512
e806b254320a29f3a6fe67f8b18d3159e6ea4688727616dcb5706ba9aeeaaf929e6da5b626ebbd27082b454c0f00f5d756b5b1f029f2ab45613e02a380fb2ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d11dc5efd98fc777d5b28af2fe8e486

SHA1
b2fcb92d40c9253ae5221f226b0d3e71e0d05666

SHA256
f98a4af707f15a274a479e46fc22f2afb4a0b967aaf8c10c4e6d668130c8301c

SHA512
86f84d407a8be8165535ee68acd8e2b2b3b0c21bde55480d418cea8a496f33efa8b27bd8f6ea37929b43edafb5cbcaa88d52c713835c7f02585b8a2d3c3d9f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585abd.TMP

Filesize
531B

MD5
2a43b4fc885ddb5bb77f958b41eb2dde

SHA1
24ae17d57a92a4a1b921b9c107e009c75cd203fc

SHA256
cab8f277b1b72d462b8fcf859347aca70e8d0afcc3c07dcc2320cc4bf158858f

SHA512
3449fd7c60aaea575adae6fa36711aa4cd076450367574c407043c984c15449a0dc3729972e71d6e40ed5237bd537a8fe2a9156557c98a8c4e37290091b0b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
59659a37876a29ba4cca53d8582a761c

SHA1
b2808e646a7094ce3a6252a7d1df52e87749397c

SHA256
0f09d765d27fed0172b9fc2872396e688a5b82d3bd7576db34080bb0148dc575

SHA512
b25f0cdb5ec8775850b90bbf21a69d4095ba5583f52869ce71446cb6707af3670ed6951a1980718f69d92112bbf8539f21abcc1a36f2fe23afbce040d50c835c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c1b40df1ce8349261b648bc58181aec3

SHA1
b1fc111e782cb90603f23625d73efe60de30a5bd

SHA256
1588457b02dba4d2980fcf8b367e14eeceb335fd65ef535374db4d24b6a8840a

SHA512
336ffdb9dd6d6b86c51bc2e0897391edb84ef0856023e6136a885c33e632917e6960d12288708a017cc901c6af0377bb5f817b41fc7dc1c030d5d3e960aa0328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7a4a6b35b8e098e3cc797fff50c94bfc

SHA1
fd3811abad123d8c95a443408a0df8a9ee0b1cf8

SHA256
57a06ffd40d7552364648e9c8bd37e74075f12cf114ed5f9669d57bb72371669

SHA512
b39e9e9bc2826d6fa56b7a86000e0962a8db33d4e0f2826c8ca52eb48b2fbbc96b4eb50b19f056d50019e0ffcda410ca2fcb98c03d7fa2a7557b5993437f92a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f85f1bf351c4057fa6bd2f62f22968e

SHA1
1d9a7acf2db39c04260255ac5e3f3b8b545b23b3

SHA256
07ebfcd896cf20770c2b14c256e92d69a33955a16faee3f1362d969606d10360

SHA512
20bbd4f1367d65c57ce4aee9e1c7166a2e07ae606488ca11c0f4734c2533efb73f4821d8d0730b970d055cb5ad7844a7c535f7059d2aa324090d1798c7e48a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fcb8ef30e15bf761bf74bc6adef996f4

SHA1
d9f685e2738fe9a099629c04cb9858770e0309bc

SHA256
232dbae18a64796f7bda01acf0b22a3f04d231b9af0f9e1992b3567057ce7d0a

SHA512
100243ad4cc6321b72685088cc5e42853496bfa8c5004390faf236ac75d61b46575b07529a68c22c429ca344607a579b772735371f1192485a817b892aaf45d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
259cdb0d87000b2401e0af4f47b12a47

SHA1
50790e1f64ca2da35c8cf2c2661de149481a7140

SHA256
157628ce4302c9b4ac33cdcb3b58306530e4a8f44982d7ba77884f071005fab7

SHA512
fd94ff7ab36ccf9e5bdf8125af098cf2a920f94b046f7dccc17050b9b27cfb7dcc60d6b2173f0f4f9319d2a8efd601b25565194cbe280f9cceb427515dbf5b23

Download Submit
\??\pipe\LOCAL\crashpad_4188_FTSDLMSEBMVNRDLI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3416-373-0x00007FF9761F0000-0x00007FF976200000-memory.dmp

Filesize
64KB

Download
memory/3416-386-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-375-0x00007FF9761F0000-0x00007FF976200000-memory.dmp

Filesize
64KB

Download
memory/3416-377-0x00007FF9761F0000-0x00007FF976200000-memory.dmp

Filesize
64KB

Download
memory/3416-378-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-380-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-379-0x00007FF9761F0000-0x00007FF976200000-memory.dmp

Filesize
64KB

Download
memory/3416-381-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-382-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-383-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-384-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-376-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-385-0x00007FF973990000-0x00007FF9739A0000-memory.dmp

Filesize
64KB

Download
memory/3416-387-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-388-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-389-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-391-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-390-0x00007FF973990000-0x00007FF9739A0000-memory.dmp

Filesize
64KB

Download
memory/3416-392-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-393-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-394-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-395-0x00007FF9B6170000-0x00007FF9B6365000-memory.dmp

Filesize
2.0MB

Download
memory/3416-374-0x00007FF9761F0000-0x00007FF976200000-memory.dmp

Filesize
64KB

Download