hxxps://roblox[.]com

Analysis

max time kernel
1759s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

1^/10

Malware Config

Signatures

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2536	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4100	ipconfig.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1000	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
684	msedge.exe
684	msedge.exe
540	identity_helper.exe
540	identity_helper.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1356	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1356	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 2492	684	msedge.exe	25
PID 684 wrote to memory of 2492	684	msedge.exe	25
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 1452	684	msedge.exe	88
PID 684 wrote to memory of 428	684	msedge.exe	90
PID 684 wrote to memory of 428	684	msedge.exe	90
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89
PID 684 wrote to memory of 2324	684	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf6db46f8,0x7ffdf6db4708,0x7ffdf6db4718
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2038561095706903501,3405493613879984200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1824
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:4100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x52c 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1356

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\gyat.cmd
1⤵
- Opens file in notepad (likely ransom note)
PID:1000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\gyat.cmd" "
1⤵
PID:3184
- C:\Windows\system32\timeout.exe
  timeout 921
  2⤵
  - Delays execution with timeout.exe
  PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\10d5dbaa-3615-4861-baf1-3904c68e63ae.tmp

Filesize
8KB

MD5
1c35fd7c8639937362e988d312e30670

SHA1
0f0b7dd2430db6e4eb6cdc9eaa680f6a8065a1ed

SHA256
4341f8f57b77e585351dc743075eb648119fd20c3f007062e990851eb41d990e

SHA512
1747f091677a590d8e39823591072fa90f28ff4a671daa13e7ee3a724ed5c922d3f0f543c33d96198409543174332ecaa9f05d88967a6f1b68dc15f81859b8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
6e62ba11fe17b83243492e11e402cd11

SHA1
14b80297a275edff2cb36dfb101c34abf0dded23

SHA256
7228257e94c0fa3a14e2d0f497c41c67444f06787b0007fbebed5e50d49133f0

SHA512
1fd7544a262e21b62bda42ec0b1fe8c9949e9d2b5175ea6080f5963b270914c24e3c336e82dad3aff4cfd3b26a1322af65707911297dcf1fef8600f42866391d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
25KB

MD5
55923bcfada2cbb2e906bbdb1a6ba885

SHA1
ea947748f849af07875907aa26eb8135fcd4ecb0

SHA256
37083d9f21c08382bc86905d900ebd45f43a2ab268c3935da71f7de098e79829

SHA512
2380c4ad89b952ea034b22813ab1afac44e7c2de0470dd3b39a6b98d4ce07f80b080051c9fb76f100ebbe9c383fa1c84c27ab716d96880ae992c0c71daf19131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
93KB

MD5
507c75a1bd2a80b1afa2e7554418178d

SHA1
9c956e6267e1451d2b8a8c1101ec8b70c90d1587

SHA256
dcbb51c42733fb4177068a8f3d07e04e6b9895c385e62cfe63f0a546e8e485d4

SHA512
20060b71f3c9180ebd95221841cf360803b827419d8a56a2d9f90c9c7b5d3ea0cf70fe4d79b80ea95303296554f959cead6ddb59073a2eced888ec11d4081cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
95KB

MD5
f82c9b6b391655a4e498c9b3e929b281

SHA1
ce7f28f98b63dddd31779947cee5fe2e8b12daee

SHA256
2e12038fcaa9d6d3dbf0912e63c750534fa528a6eb652641048cb2bd17f0779f

SHA512
585f001296ef3d47b10cc8d9e0cc457d196d6ec1395a94c1640e98ed0fa5e98c84ceea748d5079b9e4bb5546438a3310bbca988c7e7cbb5f4335ce106da92268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
67KB

MD5
5ccbb26a83d0ba5151026eface4882d0

SHA1
bde9492693ed3c4087a951686ede89c741d1992c

SHA256
ef849c9b53bca3aaf620f9d785d4a09423f36d41e9a7370e15a01fe13616dbc9

SHA512
5788b42d15bb18064ffc6e320f9e62164b2c0856989d38539ced8ea33d97fbff46c7d2369c69efd84d6bd4b71fd14875c82e45fff3f850859578f793938afe43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
e18fea22db01bbd13d1dc40181bf67d0

SHA1
43d7d680a1fbc3af02bc1d3e16e3b20ffa2bbca8

SHA256
daa4122b1ecffa9d015b2452587f7beaac64bddcef4fb6a05a9a46dc898408b2

SHA512
149452ce921f4ff9e2f1e24386fbf2c80995331c6471ed558183e569fe2cd8a08001f0cfe98a659a68dd9005e6ad375cf653c0e7a1d3921ae7f52cc27f7455e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4fc08c27a0409862600f7f4ab02d79d9

SHA1
a6da95de64fcc2a94720697fed37a58f67482395

SHA256
51a83520b3d5809ac9a65ac0ef678440725ec8ac38fdd40d65e8aa5157892f29

SHA512
d21fbd682b7b3c5cb2e0f608dbd25ac3b58b7ebca2caa9b355ff5536c915c00a623936d31768b7faa3998e797d0d8648c33cad643fc599a34eb67a9b4c778ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\LOG.old

Filesize
399B

MD5
658b0aca3a7ad0dd8e40bededa4a88f8

SHA1
5c620a1aae70caf9709fda913b74e2c59196fc5b

SHA256
0e37716561158d95fa316b8b3da982876028fc6542e768179bbf930bf889d90a

SHA512
ad4cdc71e205a33f9950c254212f2c4bdde5570d6b7bca9f4c9e952b97f4cb78c09f04b15f9fd7aa474c0d0a45873a4bb4443321d2c37083b6b326cae0cac885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\LOG.old~RFe59f8dd.TMP

Filesize
359B

MD5
61e4995109dea7a17a5fe64d31bdded9

SHA1
0fcdc09c646a6b5ff27d8fbcd91c25027a6c2ec0

SHA256
db449262c60627efb138feba4b946599c07b467ffa68ab3161a74299a3efb874

SHA512
a0f7819f262c7a495f792957c448aa3c2aca41a8952d3a4e61707e8127ab89f7b0dce30c883f803ba8b8b2d0163b57e41b6b4d939d30c73f43bb6ba6df8c587e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_devicebind.ebay.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
916B

MD5
ef89a507d8c3bb4e7db793bb481387d9

SHA1
43869ed828987a9c3f66e4e78f6dfe844f4c423c

SHA256
80f30ecd23107b7f625081fb531bd3543fcc52f8031e8ebc96d1de59a785582c

SHA512
29a708167e7a9e0d5f78ff9aa1c13538e52874ff0e77250af480447d5b99840ef6eec0ad584a2b6ef5d57005f566fce5d63c5537ae4777e9c068b17b7ee011bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
159528d3240ca0b7cfddd51b4da33c0d

SHA1
598c766ec25d187afbc1b793ea355623e534bfe5

SHA256
b626484cb804c82b58d4e65d0df7deab0e839b252c444ab8b949ddc10f5fa73f

SHA512
76592a500a66b8b5c6c4b45615683c923d9cdb68c0019cd8229165cb727fb6079b4eba12d8cf7d0348a735d3394493c2233044e6af3f32a8074a5c65bf493710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6dce832373391e257569d2af8106455d

SHA1
375dfabdb79bf8d633a0fc3b53b865d694c4a2b1

SHA256
4db4c13c4587b0a9954a580c66a510325b3561e8292b5cab57926ef4adfa7a11

SHA512
df29c30afea814d61e0bb342c27d792e68a97281c9ccc010c90a03cf454bf7d48fbe653d26eb93dfc9983741829314a69b9218b8c9f0439c65b6e3eee0861e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ac9f5d11aefbe3deb2ed1a84cea6f6f

SHA1
bbb064767de9b10511cfefe7b3473989b45e4d9a

SHA256
dde0643dc523b3f7db8fcb23857dc5c23adb39bc64cedb10fc5db3384cd454f2

SHA512
fdb0a996289f1be2dec51e472dcd782adc9a268f034a003401beeebf8445e977467996c1a5f2ba4ade403dee303bb66a9ff965ac527ef0bf73984ffb5c22af78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eee78af134a71ea9a366fc605fcffbce

SHA1
a967960e65f8bdcda880e748a0f05ff802bfcfe7

SHA256
31cc9dab4a38b9fbd617b2c0287ec0d22bcb573ad8070573c8a5a8d3c80f88b8

SHA512
97593133ff574f4f039e46fa828e145470f6ad72bbfa39e0b4e8d17f5793b180c376fa74113adfeeadcb3bf977b54ba47dd6ddfec8a878fdd51abb536f3e61ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fa3ca20b0d08292146867db7ec345cf

SHA1
baecbd7c8feeb3fc7f2d30142876f3d6f5c3bf98

SHA256
776415664b520084e43dadb32153963704ff20d0bf3ae740a1997d68c61c59db

SHA512
a04f758a48af908db1ab38678c5ffb499bf9ab83b49c0b8b598a3eedc8f07a20b7a321d22bcde73c54f48c2b0bcae302388b06400d8869ad68b2b1f31a175907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0608a634b2a57670bc19c31f4b40b9ae

SHA1
e34a3cb80994ad8a067f2423e98fc8086be3782f

SHA256
3473fbf2565dc823b1f4f37a5169a28c3f790ad3c858296c160b49aa564be624

SHA512
51c80050a40228e43e8242b97f2f23c57a90b2e23d6b73e90395c0cb4b9149275778143927facc669cd87a83f0d5216ca128d8e494cb6a774b9dacccf7336ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47757d4785f6ee15977932c4dbebf529

SHA1
0c848723eaf28bbccfdeed6503e291b37240d960

SHA256
fc9374ccf68f6a92ed02cc321679013186b7877761be4e94f69b19542bd44048

SHA512
10ee7ffab811b00507d3480233cdc6da1b8d731c1bd4503c51b73e46dad8556359d7178fe38f0780391e933bcac24b33d6999320ed8b5a6ba22cab26159920b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c3b41b6459394104e6367a7b2e0984a

SHA1
471960029c32209158f48632031569200ed5ce63

SHA256
e1ec227ed40a8361f58326000bd180d0d4a62a8f1601d47847d8ad6a71a12d4c

SHA512
7ec7b29de506ca7637d1bc68f35ee0eff47134e1599da020682a983d492e46ddb311a04908fe9a80d708907dadd458f1445254830258f82556e282d97e9de514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86988653bb49960e2ed233b83921373d

SHA1
6059b8c1f26ef44432ff6f13115d9544ee14e258

SHA256
2f915e347223db6eead9e5783ae082f44c953bdf82be1cdc397dea69797388a0

SHA512
300e33c4565e61e9922036aadc2455101ddf36020bb1579aca02542fa791ed4b02a68e824def2b7adb675bdbfe0e44c6e02be9572bd1c8497bd5cf9eea364b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
41d08021da43a4dc24bc6ce459c984da

SHA1
c29c68f3264dbdcbe168f740757c7d25b1d29ec5

SHA256
f6d7895126aa6683d9ddd6a58f6914fa798b4642354103de94db435b428298e6

SHA512
656e02db15794843f7b0d64d45b3f1fdc616b9700bc95fe64525272067a84cd0f3cf1393b9a73f4193f8bf924dcae2a75eea4d70751d3f68dc94ee172e233f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
45652dfbf9e1a37488c8baaddc9d4877

SHA1
3f5a16abc6801542d87738f8a8ba21149365fe1c

SHA256
2b431cdf50ae38e29eabd69ef0fd7f40de606fd40ed1228975073129a8baf110

SHA512
3fcace98b188f15d575bb8bf4ab2bbd6723c0d46817f09440e7dc99ef2f7167e6959e90e689d3bd8514cb5108db03d29174ffe7ddb16e608733b065bb40592ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
83f0d399f1b9447ff476582e39679b3f

SHA1
3fbe6ce9b6495bb57a1a28a36438d5829f38d04b

SHA256
089ea27b0aedfcfdbc147a3494f01c9e8198fc0cff0dee73d721eafd0382483c

SHA512
325e5c83427c552e018252f909a346e136d7bd2421f0a77465b33c6205526f7b341c3065efd8b265e4fcc72a4bbdcb77dbb0966d65d1e3ea7b543415d52788f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fc633aefd739d2e4f172016563538bdb

SHA1
3cd3a59a42eb3970ea52d18a137a11495263548a

SHA256
f06d20a67f20189137b09359925ec9b6088b15c062922d0cea3546a3cfe2c08a

SHA512
426d69be0878a7dec7bd4648ac773cc27aab45a85f269b56fd11c2f5be6e3dfc7611a3de30f5b4a9590e55894920f81a86921b2ad3f876db5daf596759d61c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bbdd8d38b26de654720368b9bf59c2c7

SHA1
b8b5a851e2c072c570901f85ac6a50ac38dc050e

SHA256
4dd76d6015e683fa092180f35c076819492b3d1e8224bfbe52eb7d1c4f3595ff

SHA512
88c936cfce915efc6420196d8a28131de75aca703a3ffdc8cbb53614ec76919cb78e3d27f0342e4fc2b50d3400cdbf902658c51d1a101ba6bc1a9a57bc3066be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a5c5.TMP

Filesize
1KB

MD5
0b68cd0868584e40fd723b124f74ee42

SHA1
5cf390c7e838e9079307c2daefb4d3f686e33f79

SHA256
f9cfe673c87b12cdd31c8a4f0ef158e4cb1070c7eb8c14cd421d432a2fb87112

SHA512
f1cb728dcce3027f845d6bdcc6d8f21afb318e46662b51a74efc81f714f96d9f8cb1b301b23db78d3ab37e97159407a3356e6f1f945ec3e5e46756b380cb94ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6c98cc3-4884-41f4-a9c4-e0e7fb36f516.tmp

Filesize
3KB

MD5
5be33c0b8f05877d806a6132720fac22

SHA1
2732e0364ecbd2035408a3c8c7adfac743ab8547

SHA256
6a057751d96c5586b9bb3fb4a72c9f69f15a442fde399da53a27bab974fa7fa4

SHA512
12788dceb74ab0377524c7dff606325be2da5803a0bb64b8722396e9e732c67ccbf11952acf46548f69b133640b2aa8eed4478b76d8496d75df12c4a5ee6bc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa95fc5e-1900-417f-8eea-bfb0ee220fc0.tmp

Filesize
1KB

MD5
e1482f717fddc44337262a9dd40ac538

SHA1
440099f783c2a49c63001ffc9d0df8f34ef28b9a

SHA256
ab8bb80856fc8c7325aae1e916df8ac40f59ee4147d476349c5e048297733942

SHA512
e96df28741cf4be32287606ee325f2a9f0fdb898a7b54290b782bad03f52f7a3fd3d43b045b50fedb9f98d3cd4e4e89e8fba1945f83e2157fb5eaa05e0f9f506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8158b172924638bb563f8739c146f22

SHA1
ec6ec62705db1edd9d926f0942db57933c1f4c78

SHA256
36fe94868a3f7cc2bdf5d69a297e7d8f795668486f98b1bb5324fd1aab609a82

SHA512
c083f99992a9a81d2090cdbd3157138efe0402c23b96652ff274fab3ca5bdb3fc4c1c329443114a0511451a42067d15cfbd953fe541251f1a1b03f2bc64594d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5b29fd40a1f91b3ca7c44e36cd6529ed

SHA1
6dd75a4d1a287d275ec8ef99cfe7c330fbb200aa

SHA256
0bbe07cda2f84868abf504c4262c29ff1d0f226c6a75c18e1396bb42e2373d65

SHA512
d84360206269be477a1be030eec9daa51336ba1244f9ccf810f3e3dc1927cc673db2199925f78c7244d752eb43d8201b1e7216fa289b14eb20d33093c022dc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16a8f921d7701bf94801cadd4eebb370

SHA1
d7147705dc096b79d7c22161c74e260e8c64c177

SHA256
3a6ad070ab91a0e29eeffe7924c8ac04eefb03cedd5538e52565c47c274f936f

SHA512
5fa327e396238cf8c1b0f2402249c58bba250d6f4cf98756a00f100e554651c322dafc4af6df3a1adc5198a02c134b94522c44ef62dc3ab4eeeeb40864969147

Download Submit
C:\Users\Admin\Desktop\gyat.cmd

Filesize
496B

MD5
06a335152e417032721e7f0e42500bc4

SHA1
68c6b8704137c32d4fe8cd0f36566069a4b81ed2

SHA256
d96ce22df4dc27b36436b8d481de51648671386ff60538e08bb49665b05e99ef

SHA512
44e96c0a95e0d9bc82032dae6e65a516439028c99c0d9e55c8ded845b9e0e41adebb47223f5af83a3cb93547b3412dd6b8c7782f3bc4f01ae4a19b940a499ec5

Download Submit