hxxp://www[.]roblox[.]com

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{3896D996-A24A-47B7-B3DC-E71696394130}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2868	msedge.exe
2868	msedge.exe
1488	msedge.exe
1488	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe
4804	msedge.exe
6100	msedge.exe
6100	msedge.exe
492	msedge.exe
492	msedge.exe
492	msedge.exe
492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2728	1488	msedge.exe	86
PID 1488 wrote to memory of 2728	1488	msedge.exe	86
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 5016	1488	msedge.exe	88
PID 1488 wrote to memory of 2868	1488	msedge.exe	89
PID 1488 wrote to memory of 2868	1488	msedge.exe	89
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90
PID 1488 wrote to memory of 868	1488	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff967c846f8,0x7ff967c84708,0x7ff967c84718
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,18298384664519955122,12542319771064320578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000105

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
717f69fe96161735b97ab9622ee75231

SHA1
1b880fcf62914ce3386f1fafd3643a508b3803a9

SHA256
b93f7b91b3ff206415cc4487ab5de0c141d29a746099b610619d6428487c4ddc

SHA512
41f813943e7268bc940fbb20f35a8e84ea70d04375f5ebdf5cdfd23d4fb4e6cb0ef5c8bc9dcf053d1a0305fbf5e20c3be33b18834f273ca6a1ce442255c4f71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e832688a1a232e92d0d63ef003e989a9

SHA1
7887618a57bb302b7c250d21bf034a46566e5e94

SHA256
98a798da2a5142777ce4bd4c7bdf732fca31fc1dcb3fc2fc986ca3fce1483805

SHA512
9a4054ebc82571d65ac02f6a5c667e7b840d214769d62d3361522c40cb1c78451f82b6b7be05f3b6dace6fb655038afb83296c03dbda15224b4ea510b96abc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
17097bf321c52b25d729f5dcc6594a28

SHA1
a6dbf27712de413dad2622a933f2914fde939acc

SHA256
406215d75c7a9058664023f36913b26f07ca5fde04830ff9e31e07a46f031a9f

SHA512
8c4d0b1e96a32f50ca20d1c8cfc3441ab1882264833e875cd3c533a71cd9ceecfe4f24213e4c825f0c1975a8385cee70bfc138ac28082b7dcd91ac7bed276a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b703cc8aa0da76092f46b10b319272d3

SHA1
2d0364548cd86ed0b31924be449fbfa455e3e304

SHA256
e9c047566e41c300bfa03db97b4ffc998dbb89d3ecad7404a69aed8be10d1b87

SHA512
4e7511f975cfba077d1f6328ae3bdc96f360ba6db3c9caf844f51d581e15410bd34d7c531d42170669e88438e490ee779cefcad7aab0fded4f46a53a3e63dbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da70e1f61e14bdacf9ba4cb2ad40e660

SHA1
7e3c9643c33b5254a91a00744aab84043967f334

SHA256
60507f6c693e3358fda8348f9ee7dc35ff6aa490da07aebce0afe7bbd82b03ae

SHA512
7504a296084b2baa05b569f2e5b7d8a1f717fccef60554102cd0afa09210693037891ca475704bb77e16eb2e77b0136932ef3ffef9f6a83a359946e0f780b4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ca0fd4fcae31e74b0f35ee5c04ad4ac

SHA1
e753c5d606adfe0117fcef00bc588bfb6699170d

SHA256
a8156b745d1ada052db0ebc692f8dc50424b84d2ec0bb8761d698d5abbf743a6

SHA512
4596d33a749513ac71148be48d5bf0bb0c5a4d9aa04532c04aa2333467513153deca306ae0be97cc105b84f36f7add60f340f264beae2bd1a9070053feca0a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c5bc9d76e044e58704ec0fc102257ea

SHA1
a1bfa7c064b86dd6b3947e49b6533454c12e14f0

SHA256
888e173801e3bee8ef632c868528b2e6ffeaf6f47733e9b824c98f20433ee1ee

SHA512
116b7262fdb4c868811c1c9f33cba4bbdc0b1ae79a7a59d5705afc694ba5e8b270cfd4854367e307a3c552cff5d2b1b3f3f2fec82d8d6306acddacd4adfcea5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d4ca055a8b44d66a38502496b47af191

SHA1
aaadeb048301c913f832989d939a03afd5c03b60

SHA256
c44d3f606fb5c4e5727979acf6e53cb5c54efd812da0e37a5d72a1274776889e

SHA512
06659916d0501ee26b98c5b1dff863e71b832463d4b5f63fa6b09277aa202e2f9badbd023d523273593b5bc0c736da3da7cc27ba2dc3ca218bd13602e044e2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
298b48319ff3f9f5340dc1e6a75a802e

SHA1
868aaa97d777b308897af6ec1c4768a9078acf5d

SHA256
43515bef0ad29ea1349a86c7f22bbd1e8210be26021e91e1139277ef88bc3dae

SHA512
ff990b85127311942609371577cf66a671dbcb50e462719dbccacda225960ff4c8e86a9ebac9e7ce0250fb2594e596bdea5040f8b46ea85f74e905cc7fa358fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5ead3e7e77ebcf76beb49010028653f1

SHA1
842f442523d433af5954f52f2fce14f3812a409f

SHA256
80f7b33af367f9ff79e95bdfd7b8d20486ed86aeabea1e68cacc7b48d0ac7652

SHA512
eddeae7d70fedcb3040c0d26d3cda85f02d38d1c7ce9f2a8445265ec753558436fbfc3470844e1b6648ac19fc27d0d693f9794d1109b0425ba728e3e400ba7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
02364d33ad362f6f1e29394c0f207237

SHA1
4ba76e91debccbe368104b76c3164330b40e04ff

SHA256
ada52277789299f81a66a43a8678462ff0df2b590dcec44a0556b441c8636f1b

SHA512
f5b9788075e246a6b370063fecb62386c8993369cfc9c5036c6ac72834946a30a2aa94b665f3043c7919c2c6ac41258835998a5599f862e9401581edfceb16a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1720d60b0a9396f158140edff86f2ad7

SHA1
c020347bd73a143d93f68f1a8c574183bd3c58d6

SHA256
82dee0e646e022b26a11dbdc1bc2046f68dee3fcd87e76e050b1917ad667f564

SHA512
db94d8c17b36a23ec200f4224cb8dff1bc476ec53f9ad48b33f72eb56e8f65e4848ba48c1eb73cb24fab8456fb73d5016d59bd96c1370a2b87ff4d6721d54cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9da806175c925f79d60507c27df2c9f

SHA1
2efda60a9164ad172993a5ce35fb0c3b281ee18e

SHA256
c524e3b441669c37539f8457b4bfde2f4ce6444c7b8c1827e39a94468c0600e8

SHA512
2a3a4bc18906022df0896ee0ae9c91189feece967e57b7e5c28ee4e3464f922717492f0b8248a976ce3f76a150106388d3d3fb5d201dac78ac0d13df012a878d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b47b.TMP

Filesize
1KB

MD5
76e704e4127611d05f43d31e650222b1

SHA1
3eeda88eee34c32e757159048a600558f16046aa

SHA256
78e9324a4dd04ab7297953a9faf48f83ff39a0ee84574a4a2da4a57ccd2d1414

SHA512
74650503fca97c22b0cb6d0f54f720c52c07f112e8b02e67ffe0238ac48fe1acc0c679d38ad4270a2fd02614f48e1f45aaa9c7fb4969e0b47bc95fc420cebde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8912e178dd8bb5120865dfe9ab9ac21

SHA1
345c88de8302afb03dfa535fc79eba56a918b86a

SHA256
e457f5f9da1bb971109a0c5b6d9bccc53c7174f8589b7fc15c7ed59c424e1d0b

SHA512
e52f6f574a94cf27462a05d278a698de5cbd1ea399f23a939c3fc2c875566f81f073964b62841d1e78fcdb70c8d600f63a6804e5d99f85089a1e7462004afe40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
f58dc9744b820ea3869eb6931b886a79

SHA1
2c67492f5b123269cc98e068b4926a6c2db1de68

SHA256
ae30fa5b269f8b05ed30753daf737e9cca388001b8db05de092a87bddea84188

SHA512
8bc1955212e0e92ac13ef64d2dcf1c0615262941114d8303e3f424c767283e1ca8fc6948274fa7d256ef3467deb0519f906e6a9335484a3942cee95fef5dd325

Download Submit