hxxp://roblox[.]com

Resubmissions

25/02/2024, 18:46

240225-xewemsaa59 8

25/02/2024, 18:43

240225-xc1ataaa42 1

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25/02/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4280069375-290121026-380765049-1000\{5FE5CA06-8DBE-493C-A47D-D9D08F1A2A65}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
4156	msedge.exe
4156	msedge.exe
1220	msedge.exe
1220	msedge.exe
1344	identity_helper.exe
1344	identity_helper.exe
3940	msedge.exe
4688	msedge.exe
4688	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 1108	4156	msedge.exe	28
PID 4156 wrote to memory of 1108	4156	msedge.exe	28
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 4128	4156	msedge.exe	82
PID 4156 wrote to memory of 1488	4156	msedge.exe	83
PID 4156 wrote to memory of 1488	4156	msedge.exe	83
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84
PID 4156 wrote to memory of 2164	4156	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff86dfc3cb8,0x7ff86dfc3cc8,0x7ff86dfc3cd8
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4124 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2011775061690778577,18407975306624431906,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\577ec8ac-dd24-4d10-b419-336989b8e356.tmp

Filesize
1KB

MD5
1a3739f3f07e5214a2ee1b33a9092cbf

SHA1
7362d01f78d9d011d786ae7a62be3d676ce05e95

SHA256
00c396764c3e332d537dc55c83db3df5485e8b10026562e5abf844b2d91fe8dd

SHA512
c84c882c41caba5c7b19fd86f69b00d10f22787628590bfaa8fc41bf76a5e97f3e61bc5fb706ae07b86c94d265052b11036ac1440cc3857aa6b2a7784a6668eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
97KB

MD5
d347e96ce4517124b58ded44d539c691

SHA1
cdf955ccc2a9edbde36fd89c385d86189e44a1eb

SHA256
fa785a5e3361dd9bdb4b0b2154d071e690d668364931b24f706ce639f517a11c

SHA512
cfcaf432f2440f8fd43d68ca2f1f0265c44c0356d90555e0266b38239afd89ba625eda927a34a9431bc1319440d1d2ebbeb0b027b46bb127fbf803672d50ce5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
49KB

MD5
7e76e07ee938c1eb57c0b9fa7c705537

SHA1
acff5e7503c356f75e8e447b75c128d3bcd7d7c7

SHA256
28b1996d337b0ebf3b0ece1dbeddfa24a20ee68b6ab0e24f7cc4bf87831c2d48

SHA512
dc665156a5cf12f7ef2baecc17a4c10333b2a9bed8ad0306bd85967357add6c695385cb105b494a1f246d2032a892ff7381322bede8379473c8179c3635da85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ba37de04b324e3c2e278caf3dea9443

SHA1
feca767af421697001695b677d6d9f30e38eee92

SHA256
5d9d774f4fb530160682a855a2f759963803fe2a9b4fc387295019dbfbef73ce

SHA512
549a0cd7304cab73caad885fb8a502f3f404e3482cc7cb96051e93e3058442f9ab565d0a00c28abdae7ad3d4e89b9a0039a20047ed1317ab2c9700096ceb85fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
871b45220713e1cf6d2bb04eac21cbb6

SHA1
307d406901cda7fa088bd7292a8818ac86f255eb

SHA256
d2c7df9035f5a77b17bc856fe3ad59f06b70adc461111e9f1d56152bb04e4bfd

SHA512
44494c40b06623202ab104dfcd8c51971573b36f26aeb0dda7b1d70673de477b0ac6782d9cbd03c822f5d5fff85b2cd81ea2da58e9f0302a26d92aa211ef1a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
774B

MD5
1ba4346471a9db158dc7e1651128dd56

SHA1
2366596b13cc0f24324d6489737b3d4b8f44f7c6

SHA256
bf60601c9d90bfc1a8b1c8c4fe7d85de926e394b879ec3c8b0f436b114c0617a

SHA512
67c9a9697808ef386452a4c40846e9d027722010fb538d71fec7b60fbdf001db5cd7e921d80a2ac69365d4a025d33145bf46f54a88ffa8cb041650c3684f2852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6a5ee66cec3687300897cc3172af6ccd

SHA1
76cb5bb183933148e75333c68f6d7d4594fae3a3

SHA256
8c1569387b534ed186f76524b3e1055146ff4e448fe936b4b65525c2f5805974

SHA512
c44a272ee656392397c7a871044ed94c058d669a51339e51cc0d9d03975613d297a049a86919297175a263ad2f1e5500148686d3b5acf7a0145f7db6c7f247df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
1KB

MD5
1c61c5fd44546de499c1f02ec0acb8bb

SHA1
fae83dc24cc2fb2439afeb191e66220ff84b5c3e

SHA256
0a1426cc1fb1a5fbc14722d81b1fccc4145fa37745c05b67b0d32597d79bcb1f

SHA512
91fea4b224e8677df1f7d962ddb8da2ae9cc4ae37c79c7db39762e2bba3df483838efb64ccde864f18c26525a290137f08a90f9172b762c7db78e8f563cc28f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e558b064faef794e04530ba4411782c

SHA1
35a79488a549666abb7bf61872778fda95207009

SHA256
43aa79514cc52336c25237895d9a5451b431f74a12b12ae621260a0b62f97fc1

SHA512
6001ea532f9f4607592f5758352020c16314243b5a31c08e2a9df5b10483d600def29b36d69f66dcfab28a23bdfe91ac94432ca264549a8019a09a0b350a9d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d8e2e45c87be82f634d7dc0564f96c3

SHA1
a7c38397a3192a677b91940bb75b3a4c8463f6a7

SHA256
bb51825d197804932668944c0e45b311aef6674adc9ef38c18c01a7586839a10

SHA512
0b4041d3ff7d42f89c46fc1c788327f380f4065fcfcfbac3ef8e1e84e181456bd2bdfe297f5503dbdf2116ce3e4694d4986b4a1a4d7b0601838c92dc6631d1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c4916feae1c6c9188cbdc20480c4457

SHA1
41b26c2338b2b75c7ddc7e893083052aa7f442f1

SHA256
431565789fbac674c0de4c194baeb1276715514060c0fcaeb6e986b0c3088f8a

SHA512
3aec44fe5709c45ff2f661618b0b174e0c343d927f983788e536e1a319a5e3af9d1fb3b5642dade7fa3542513a8964f7b62e5218c4960033c3369a592fa6c72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b837a9e64cc81c7c1c2217412cb1622

SHA1
30b87175c9b1d25111621ef7ce5f90e000177db7

SHA256
771c5d4d2a67d4a1edcc7aac0174250cf76511fe3440c0865ed2d604afa1976c

SHA512
2ff401de5cbba5e34b9b4eeef43f12065f3fc4e89251978029b3224fc6c67f43090b2c513d13f929fe255293a06b581fd1b61e4d280fa23ee5927048773a8641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
52035c4035b2fee546a3568f45a1296e

SHA1
e721fa73a617396cd999e6bca348f27d031cd173

SHA256
c0ec75b30a89919b8c6ab8841f936d1f60e2c6396e275072e776c94602d534e4

SHA512
4decbc9d8b4c25b2fce4624923ef7b6f96902f855a0ea7f930a4842b613a45dfa51b7c175a5c451347fc2d8aeca3428fe99095e9d50bc2622e1f3a87b60101fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3009cbc940ea529798dd7cee76afd1b6

SHA1
3155d9a564b00eb13b083fe7752b5ae2a1ca4308

SHA256
0e8c4b8511031ba84352d31f9b3e99cba249e0abe05efcdee7eac9a0358d1286

SHA512
8470752adba06695b8db4e99584917b34c7cc0aa85b60288e57b576facaefd1d3a007f2a10f505d83826e31985d8c4a8bf19fe5fa532464f768dd94907458e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e06addff1cc4cb19eac17967aba10bb1

SHA1
2e25e1957329199b8a5eef799e1c8ce8c5d164c9

SHA256
77d247febf0aeac481e8f954d08478a7ffb7834b7720badbbd7ba3aebb955724

SHA512
efae6b3e4430f695b552793387402cd0e798ce51a9aaf271070dbc63ade8ca3f3be8036647172a044f15f14fa0f5efca911b5c59c2e3d915eb6146a0c0e979af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7993e465dba358595bd79168d8e5eb7

SHA1
b10032041f4f1fbc436dcad497fc4aa779fe2e8a

SHA256
bd8aab4d57bc68493c244bb8da1296c449959e405700402b45e4c4588fa22ca5

SHA512
bd297c11e6d0eb6b903c3a8a876317381ce7925b8bbb5ca8566ef0c0cf368b8adbead52d46cc4a181e78ff9319837d3ac78d866931de87dd8fcfee97f8b3e61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4363df2b261311a1f8471251f3710e5

SHA1
c9a90e066fc3b48cec831af84df2e1641e5fd2e1

SHA256
13ddd4700293b10f364535c286ea4304f1226b97608d5ef95a5f3f7bbfdbc6a3

SHA512
6848bcc6aea5167d1d295fd4668daf7520364260ce35f875e9c1be076c42f910a1d608bd5aa02335a3445adae6d54a758ce2022bf20667dec0ef33d9c24bb69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578240.TMP

Filesize
1KB

MD5
85b87a76ec1b412c975aa3b8582e3d48

SHA1
5c3f1e6dc87d3fbe3fce735fc3c60e4bfa099b66

SHA256
42ce365772406e46966fbea56cc2de61365b9420176909f9c62f9cdf582de7ce

SHA512
6edb3a7f2510916ec2f7322bffb68e5ac4f067818f6bce8d0012eb782472367190dc011cca12a8a28b5d0246c6ac8ccb867152e42ae45cb81a7b808c9457ccd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4297fe9ab05703c9b1864e07d51c01d5

SHA1
f903b9f3e57bd2a071909616e6ae681e90bdfcfe

SHA256
0b0a74ece21816ca8e41ade050c12cf6abf24ce9ec8e91582229d7ffbd2b18bf

SHA512
9b26e76f3f78a6d8e6686a4e9472b186117c73411f3116ffab3e83a6dcc53244dde6b9d54b20c90c8a1da44ebd1423dad010c67456d724ab30083beb342dc477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1780dab11207502303678cbd0311269

SHA1
7aebb51034a28317d97369cb769a96d1ed03801d

SHA256
6103b1b3484c436971dce6344cbf7ca7fdaecacce72401157c26c8ad2a013d59

SHA512
36128bbbe51581bf08c655ccdafa376bee795cc5cd8c8d09792319c75acfc4508e7012331ed44bcc6151ee7b0161e1a44ef6c5096887a4ba285e038baaae6ba7

Download Submit