hxxps://e6t1[.]short[.]gy/roblox

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://e6t1.short.gy/roblox

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
2408	msedge.exe
2408	msedge.exe
1416	identity_helper.exe
1416	identity_helper.exe
628	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1728	2408	msedge.exe	86
PID 2408 wrote to memory of 1728	2408	msedge.exe	86
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 2004	2408	msedge.exe	87
PID 2408 wrote to memory of 1984	2408	msedge.exe	88
PID 2408 wrote to memory of 1984	2408	msedge.exe	88
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89
PID 2408 wrote to memory of 1184	2408	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://e6t1.short.gy/roblox
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88f7c46f8,0x7ff88f7c4708,0x7ff88f7c4718
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,18315604470283540944,17061768970456464828,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
23KB

MD5
53de0b95fcc43b9b700d7b92255816a1

SHA1
4d3c8fa34b8f535eb48361f434b3d501d48ecd33

SHA256
9feb0a11a6ef66aab0cae9db9003caf6956e40584669360e1b1cca3e3d0b273b

SHA512
7d2ce8836584f9352a34ce398e7c731e766bb0ebbc743b04dd51e4b0eebab5dc6b323e038508a1ee3b108fd63e76980fa8dd3a3abfcf04af8bf3a019d502a6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
36KB

MD5
728039e7f9eb6ce2ea691383f8ea9040

SHA1
1ca10d573ee41a58f1caffa35c3333460fc8c066

SHA256
a9fb8c2fa7ff09b5f65d332752f56715e99c5d6803032c9e51efe6f2d7876db0

SHA512
accf74eb7f5a97d9b100abb7c0f752bc49d38c610cfc9f2a4e8aab5bf36f7021bbb847379fb7f9d518684cd753ad57054878d3df5cd3efd0e920863a5cfc5f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
67KB

MD5
383f4498e1775da4384bb29e6b3a4d07

SHA1
d7afe5cd32e4fe92080cae20890c0c85d73897ab

SHA256
ee48f8f273317f1dbe941d58584f9a2de8d4751e1f0a5ae4d37be578fc62266c

SHA512
e423e39421acfccb60504b29e13b1783305bff8f845df191f5a978b6f4ab35f955c6cb847ded12cff91ba82fe2b1b77f8255eacb70c7f8f719337b069e10be85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
95KB

MD5
a76c83bce6c46c104155170a06a64299

SHA1
061c18f7f8640f0f0e13cede54ca55001101adf2

SHA256
168ee8dc732c21b3a5835f972fe83c90cb8ba056ce7a35954399028c3efa714f

SHA512
af1de26d22f16d861985183ad2ffac02191209393b0f3fdcd2976dabe7d99b0a227ceb32de30355960ab092b03a9029e78b909a31e366c545823fb1dfb98da82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
43KB

MD5
66d562e3299ee732a53db150038c026e

SHA1
f514a9e346cd443d196c1bc401f078a9fa147323

SHA256
252d971616775193836fe6c0c057edc13c511ed2bdbdb61fbe3c4567a3a8e530

SHA512
ee24be2709cb98ccbde710654eb1ba533e432819caa8c6bf1fedfeceec452fa3c5f3b2402efc06e75d59e55b6e7beaa71f88bd049fad8e17449c0fde217a6468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
43KB

MD5
0acd8ff34f3a5c177d02e9011ee74eb3

SHA1
7985774d3676c27586c71bbf28b1f53598951a05

SHA256
ecc55e4682a2b83956e183e86dc4d475e91bf192ea71faab52a8ed8cde83a3a3

SHA512
bd5402b5214bbe9e499ec5cd9c6933592e1d3599ee80f72fd2ce2076fcd50dbc355cf3d58e923ae2400d09742768bbe9086c7cebc8d2560e741726bb37374ac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
42KB

MD5
6eafc48312528e2515d622428b6b95cc

SHA1
8c21c748004366757a93c587668ab55cb6a4bdf0

SHA256
dee6942321440ad24c989d45fd96bf0c0c11e63e04357af2128118eb75eb887b

SHA512
c501160df9b93014d510cd22060704b434fac4c6ba242d3e625e1bb6e838aca31889197e74fd4d082f4333147ec18197b2a31619d55d37c9157ec275621ee64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
49KB

MD5
1d3cbbd1e451431cd0992c8dfdf70318

SHA1
cdfa4eb19dd99b0ad047078f7ac7925ed66ab69c

SHA256
e16943df3baf65be319d1f8d52cc6f1fedf96b3e0aba3f3fe8722df34df88518

SHA512
947c3a14cdf54c66b335f82d97a3cce4ca474117ddd140d32749f58ab6fd069d9f139987b06d9f3bd5189ebd211f3a2c1d79c1c9d7e8f27f9b0ead13a22a0058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
80KB

MD5
12fa69e6b7d09e5fb25f520daff6401a

SHA1
b5fe0610bfa4007a8b40187659a05f188f6c3b9f

SHA256
c36bd505b9d5d18963959c18643789567780c590021fb8f4fe81d15b7e6a7ee6

SHA512
13c61d7371cfaf835afc29849d369a8d76413dfbdd87e361b295234e9135adc316c1143b18d34a07ed59ab0bfa8064d925fb51175b2dfd49b6a6bedfe9aae7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
99KB

MD5
5c7dee2b72eef0730ca7c39e9c9dbc80

SHA1
dcaebe9d789331b3e98942edc4ef7fc0720d1bf5

SHA256
1c1ed7e68525d471296aca7b85ab8f13b18ee5e6cf17e60a4faa70485617ee5a

SHA512
58ab83765ff1cb1123afe997523696ce84851ed2e035bf1d513733c03753ee4385b6fd77a2b9e39f29c28781c696377b1fbe8c3f05ae90721d464dcf8b1ee8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
38e00f7de6f417aa3a458560a15e2b8a

SHA1
b451a3a2ab0b04170804d6cf823c6465f33f6f44

SHA256
cafe3fe334035fb21ebef6484cfbe1efa85c46f02113c57f8047c875fb9928c5

SHA512
659f0a9a53e98b2e5dd3256c55b96e5cff82f6b323edd5f92f8eb9897e1376329454734c6c799963ae392833d948eac84fb9b483a5a099c9ab942990a18e7f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
138KB

MD5
2b711873529199e0b4e8f691741fe7f8

SHA1
3dc0c5ec22773b9b41a2dd0d8776b13991529032

SHA256
47898b3f4bfd22709608e67b1e3af2a9e4f6b4ded61b8b597a9e5b85eb2f64ff

SHA512
6102de563190076fcc98e3a9d5ef20983078bfef7e628e3dd480c06220d264b091c008d4c271d027f7693b438b1f59a0d0eaad04f30cbfed1687cef84db7888c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
120KB

MD5
ab38480dd2c5eab1a8570e57d3760b10

SHA1
0ef82c1201efd9c1338dfec348744e746d3e7804

SHA256
6d0a7f80ecc55633c07788c97a7ad93862aef942183d5cac973e835e45e16505

SHA512
03317a44d4bb2b00563c41bbee2bec0c7e40dba8be567b640318f57bc5747caa6bcc9d0b633fbd9144cb0c0567cf44b577362cd92ad3c7868bc0811469a0b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
25KB

MD5
45178388c6451946f0e1c3f2469decd2

SHA1
a08a96906c68683664f325b65c7cf9f8a462e7de

SHA256
d6636a92b5b5b20b9ceec6ef8f6edce616d01618b992d14294f5953bec907c63

SHA512
c79fdc3e633c1f53360140b2ac17ea60f28c40e7ebbc56d2b2312bc1f1d7adcc9bdf6d6b54005dc25219a6d8674bd9d3a734f6ef10861c912ad398a1382cb88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
76KB

MD5
f8b42f9deaf4d22861387d93f765196d

SHA1
0100afb5357ed28a93b4a2853234bdac6e3cd92d

SHA256
ac04b15ec866ddf7a61d0eb726b69f877e32faf9a2085dfc5f6d77257eaf29a6

SHA512
f088c3b5bdfa26dec8fd8a10edcae29a071e64d2b138a9435640705411802088009a935f2a6e9c5213949256d42ef23323bcfb47df0901f0994d627aff2cacc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
26KB

MD5
71c6e4dcb559033bffb685bfcac9213a

SHA1
25f961c9654c8b6ebdb65fc84b3e218fba9fe9fe

SHA256
77dcc1c86b052027db7eeeec2d6bad3d899360ca512a5c8ff38db272e9cee5c9

SHA512
f7065427eab4f90046446685101518f036d4472bafa41da4d0c80f30e3accb19d90f29c0483ff7b95a8282d1ef68b60457818e4c1457d307208b56d536e9ac68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f430a1debbb6e68974043132dc62ee84

SHA1
5b8b2844068d3d42d32c0f082fd253bfc41fef6c

SHA256
3547e92c5c6ff1178f87319dbe81479e6d70178451e8b4170b1436e80d705245

SHA512
1ab1bc1003dc66ad736d97a055af5bc6e12ffeef74a94ab6416dd0134277ea59ff1ab84e456eddab40856be4601be628acd6e480892cd8a645a5cdc9ae101808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bd5b012812a721a2e67264a24575f70b

SHA1
8bac89dc4efe09def8355e2b13d8ec0b9230c921

SHA256
0372219aa62cf7de972b2ac0e5140faec3fed93b37393f101234293dad67fc82

SHA512
89a895b1ae7366e23551b16b25a333fcad7325cb0fa32081792007c3a9fe5242c392b0f6f8969f14db6392ca63b1576d9cb8815fb6b121f7f97c502079801a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
31876f87fbe90138232b66e5f195497c

SHA1
1148fc77c482ce440ba20a84a5bbb44b2cf261d1

SHA256
bd01006562b5b8c5255f0fb7fa9aa253a3721d5eef6355d82f06cddafe384964

SHA512
8745f97abfeac9c538a106e1f452695f2eaf7c90d4860347a6f48bbd1e5f5a1f4184af828384c95fd3e92c261d064604b7af3da4f3728bdc2541cde4c672617a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5fbecc9b6a8f133dc8c82b017d7dbd2

SHA1
121938669d40cd26a8d284e3b5a9483f10490db4

SHA256
df2efd767aacfc4d6101028c5212bd8b1395d180dd30e9f167516cd656fe79af

SHA512
8dec013ac8e32a8b9d4a6763c52dfcbb72c7f7af11bc07aea0485e8752118bcc433fc281d39a3509affd4e589870707fe7afb8642545649cc66d91a77fc68ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e66c4034829e60bf872ea35fb425f672

SHA1
612a09b35a2c9341547e0f4b4286932c19972ef5

SHA256
1c50ea8ce16a715871e8aba35e21e842bcbfcff9cfd0897b7dfc2e57d13eb961

SHA512
b11efd8e8c207722bc0c434e76f507cf2ae9f8f163eed73e0735c145d7a907cc3f0a256f25aec591e3356a77ec19802a1064f3360e22c42fa3267b3df0e2784a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7acb1f335a503b36323bf865cf2d786a

SHA1
77c13a65d94412d7a72689e6f515eee92a8f39e0

SHA256
a00afc737a333b486fc2383180df99b684d20b500d87be500fda3156762889ca

SHA512
7bee70a300a1c6937c68564fb3587e86c42670dd1774d6d2c0cf969254cd4509da09fe156007a3a88e4fd3bcae8dd540e8f4c0789f6ad0003439b4f7eb8a3f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
26417da1b96fdf09da4aa62498d16957

SHA1
e73063a0af468365c10230e826cf5eafc4584ebf

SHA256
f73ece4476a498660853ac4b52308f0a45b06364866e0b47ac7a521a69996d68

SHA512
6d6d5d241f082d262f1e7a117bd864742a18803d82be65d315f4c648e4d8c35506b91b8a64b3781d89a77f6e424e20ad7d96ad9b63f73819f495d21bc47a6d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dd75df6b16252b27a90ba97c89a884d9

SHA1
40b3e4f2789d8312d54cea07c25d3a1e1bccda0b

SHA256
73143231bdb09d0416bae4b1a49956de3b3bc64f2ceb9230c67df76c011cd210

SHA512
052aa1d578709b1a0fbe3a7578a28ee484032e7376ef7b110d01866efe907349773f563efab815db8438c384030759509c485c7e96129b6b031d95240b7e56c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
102989ef7408f76c98736d4a6b75db92

SHA1
e3d5bb7682cfedc32bfab59438ff3ae74d3db9d1

SHA256
2bd540aa6a23749549175f29aaf8e5b87c90e85a5a39003f6aa007eb7b46d7b2

SHA512
cededa4ef96262d2d2b88230e02c8f8158d7eed36afa3864f95707ebc3d71a857d7c0f5b6aa33d3afff51486e9abfd3af45eaf0c4ca4e8ace808fe816540642d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
191ed1221a8791db95a1ae5388a78d3e

SHA1
2362a8704875bf3dcf231de3fc9c5f1c1aa91468

SHA256
61c235d3b30f5918ef11ecdf5d4e0a653a6481311012619aaa3713f91385e04d

SHA512
de58dfc9a91ca87233aaf7e3b16741f33cae1f87e9c5c648b9545adc8f9c93e4a4f7dc7512d563fe552ecab2f568ee9a865d48b458ea21db56a5f769e745304d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4610ad2923c8b895f38485e49db2da19

SHA1
0e9f2fb57d0da3e359533aee3f505ee45dfeebd0

SHA256
e9a559f523f79ade29eaf2923cf1833d581fe8ea9870ad7e0666cb839415f5a1

SHA512
c9d45539fba5435217acb24700e7c916c608a380abcf07af99708ce038e81931f7b2884fa5a2830331cab560550915b693d96fd89861ee1990a80bf98d8e8e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd74.TMP

Filesize
1KB

MD5
0a809c435a0bcd6ddbae411024086731

SHA1
893221f05cbc14277a0d2db21df3b412a2077bf5

SHA256
ecf0389e6d155ed97fc6b5f5afcf7eb23e973692d2893485605ac1ca9b61d823

SHA512
c411dc8a5c51ad656df27678f702dbcbad7c39806ae159619a025801a75213c19a3dab759bbf12aae8cef84338ec3c4be0246ef6b5e736fe3cff9629b8fca1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b9e11971a4d1899be5aeaeb5c253c8e5

SHA1
e32fb806049c374138c39548b773ffe8bcbcd279

SHA256
add59f042237be1af088261495d3d481fae15d43882a7237317b9204b463149c

SHA512
7df2d9828bf9c3c1502fe1aedd1f008fa7f18e55d10afdffbcf99c36e50a7893f1e2cc0627aa4c7696034fb15d086a6a075a1a12530b61d1c3dc0af35a0f59d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit