hxxps://www[.]roblox[.]com[.]ni/users/322299129813/profile

Analysis

max time kernel
209s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com.ni/users/322299129813/profile

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{DB8AD8AE-26B5-4B5C-95C0-640673CA845B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
3836	msedge.exe
3836	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
1720	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 1808	3836	msedge.exe	83
PID 3836 wrote to memory of 1808	3836	msedge.exe	83
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 3452	3836	msedge.exe	84
PID 3836 wrote to memory of 4884	3836	msedge.exe	85
PID 3836 wrote to memory of 4884	3836	msedge.exe	85
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86
PID 3836 wrote to memory of 1176	3836	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.ni/users/322299129813/profile
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a984718
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7595808297945964836,4463932841945800533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
9be9ad9eddb65e7372b06d9e70df0c57

SHA1
06f795de44f54121c8e76fb4a7c6cd13ada5b3d1

SHA256
3b965390c4c8b96c80d05aaf50e7b95ce8fcfe5524815c46905678dc06f93806

SHA512
265c1e5dec589a7fec04c9798ffa3f0ee8a085d70d2fc5331c87f1ef1c6b555c782c14b47b2b4b80450332ec3895fe05655ec36e20bda3f41c2f834ff51c0f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
73KB

MD5
b2d077b7c6e8397b9e4977fd486c0453

SHA1
fb9e1c0041ec510faa7e7e0cef1162c3629c41b2

SHA256
d873a8cb54225f74887569c6f503f9875ae37a68e5dd0719b618cb744c3166be

SHA512
2601db70b0de4eab6a8e5bc8d1c2b79b3be7cdceb9f8bdb819f0bc7a0e8b248743700ee2f3e7d898f89dc975fe55f22a051d03a07fd3426b60e9b2636f0bfdf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
86KB

MD5
903351785c6d1035f5981effb0986406

SHA1
321c14288fe3d79aa26693f46b4c5076e7bb3381

SHA256
45ec7eb947af3c2b6679920e7ddb8d94f5c65c212214c8c6a312a6e7f08c53ca

SHA512
556595babd363b7d6d0b2599ab5e2e3f50b6de0fa753a7733dd6f4f3de7e48c5caf12ecc12adaee651440d5afb3f9b817ef48ddb29281187663e525fbcbba451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
48KB

MD5
793b639f0483074bf878fcf19c131678

SHA1
b1a2ef0fd4d7944a9519e54e3201a05c62c90415

SHA256
b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869

SHA512
1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4e97da073d7f27aa77a320b159a515ca

SHA1
72cc2c9d967d1bf64ec61747816f4ef2650858b6

SHA256
81a9c6c9b9557ae604e34d4cd817b5275e3d1d11de61dc9428df8340962455a0

SHA512
9f3f905a7421f7a05886df2c16c48118ae9f3055cbbbc910fcbfb3f8704b1bbb68468b5f5d92f7f2fa73b533a0411adb13e45a1290de7cff3387cbb40cb4ca2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9b178591d1c4304a5f405acafad1ca3c

SHA1
9a29cd9523c69cc9eb63ec4f6275042b68bb5268

SHA256
49f9c729ae0cb508b03d243b93c385d0dac9af83a667c229a7a80c77c9b7d8e7

SHA512
d00cc734b21d519c35ae4b437d0832157c7daf510689e59a17abe7ca2b621a5a2e27a502c89a6533dbff5eba1ecfe6814785dc36c7cc45aa07a3cd81e8595c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d1354ec28d6299bd9e461eea87411f95

SHA1
ed0da65d4424be4ffe5dd48ec238abaed816ddc6

SHA256
53e2ae645a26d68e3e27ff69ff471a5e602046dc8c5f1c42c5423edf55ce0acd

SHA512
8811216e26d75c87ed5c68a3f51e50407fc2d8615de8dcda8e0114693af7595dbd533a873e553e252a91f2a1a7a0a189166983e5e063bd32d056f6e79f12f4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32ed1aed130cffb42649b897273195b7

SHA1
bde90340b77d35fb07313ad65c490da401ba0148

SHA256
c2619a587ea3043040d4a9782bf69bee3dbde51ba1ebe0c8c02167dfcb418ef6

SHA512
1e0cac594bac68b4b63b283a64dc1268e5de2675e0427ccb9934d2eb933bfa731063a649d3cbfeda8f8873830268015bd7cf9cef90793dd4a5faef863ea09a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63ecce84918e619622b04d245f824288

SHA1
84c034c0d6dea8c565a7cb06c2b76d3ea2b76a38

SHA256
2b945a370ee312ca4674f15872495a7845776da954052ccadd8fdb6c138648cc

SHA512
da3aeac8ad6ee488ed4ce4dc3a94f1f531bf23ef1df52b0acd03f19c77bfd297d24e240fbf357374752fdf49462e01e3e11077202b8af95db048e83b07143246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d812afd2438c6324f1c926f79bc8fd30

SHA1
33c853e0c8d01d690c413740fa0270a68b112919

SHA256
addfe361455459dcc292d071470b5fbac1fcf078e427f15135902fd5f74bfeb3

SHA512
81a072c85f3f9d1e134a9871a99cd7fdd651f1ec6f8507f6aa6b13918071529202a278d4aecd1f29e3291c6b0a8e09b918db6e71f6fa452c94c8b54a8d47c8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b5dc275a9bf6b12b5725a7fdf085d50

SHA1
7f43d4f27f46d4b7e1ad7047377687d943b1d7ee

SHA256
ed5f86f4afef5675241d7cdad857fe96f36792eca5ba4b7fa5ee583050ec875b

SHA512
098bed4fabe2544bad134a3a71cc085f8ba187be51fdc3b06e82b518391cd9020011a72b08a60b1f8b29cd31e77316112d0abf0c11e2f2ff46d7a823611d3cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37428f67898d31eb64e57356fe56792b

SHA1
73ed03578f479a5ebcc03bc9f73e37ac8dff6383

SHA256
eb55842aeb377c9c01d6157ef2957d12df729f48ef593387762d9adbd5ae28ec

SHA512
d4a7857906e5e0265d0b3cb95f77aa1173d01a9f20d5bea9586eb84ec51e94bca7b70ac6e9de5a89b9a8f03d68497dabe70f223df5bff32454a162087ecbd44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cba1bb43f78ae46bc41b4cf0e0bf9533

SHA1
5e5ed7a4f62b225f37049225a14d6e50cf34ca27

SHA256
4e4de467ce9dfc523b1b8b90d5df26e200508502f21fbd361102aa50617bb168

SHA512
4ecf3a3e7fbcda112f17f52f95ea62c507529934031a7612c94d640a158dfed8a48e39a74cecd5844da8046d5115f21d9097b0b2d727c2b605058cbe1f2b01ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e1fc329ee9b6c37d0d4af918311cf9af

SHA1
f4e1bbf893d11a80b927ffc2f3fd96d5c9eb8084

SHA256
bdb8cf79d5ba28cd2bab0f8b68e90a060dba14867a1244ec2d3d49ca30fb24e0

SHA512
87b5a0e5d6e11795e3e30a78631484b4f6d896e11ef114e3afc6a5c165a15950d191a9b6af9785bd6c31d7ec5c284a28bba415cb8c4b055438420b335fbe8f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9cf68a44d3c713e6a1d29698685b5429

SHA1
d7ec9de6f2381ef63f29d7f44cd830e98e1fb1cd

SHA256
51de8f0910a4b901e381c0549de9961bbca231bf3de5a9704018a8fcc87afcc6

SHA512
4582af0c846a249d77a0449f81207e53b03dac2a1eaa2df485b7b0abc951c238fa2b7b6b482de0fd073260c60e4a29af6a6cec988698b22e6076e6a77235547f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
405c4bf274a36daacadbb815ca32e3af

SHA1
0fc169ab3f846eefd2cb19232e29bd779fcc3806

SHA256
721a55d8dedc6c283068135ad35c76692324c3a2d54a6f71fb025df337af2b05

SHA512
fbcd99a63d4fb252100028b4988faa5abbfa04f1b997acd86bbdb27c6ad3011e72822a4bc9c659c730c2322464043abf1b249d4cd7d336007d4c5ace526d6900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8dbd80d5fde2762ea6c9780092fa625e

SHA1
5ae00de9a3f4c00d2b622baf65339dd254abe413

SHA256
23a3503001d9a3722ae7c04e64a826fda7cff4fa066c787119d2e63601d21bc2

SHA512
60f4979f559437d213dba15dee9f5b9bfa45070f7df948904dc10b7c21a34e7916ce870e7f486ccc4cc3cfdb09d76ef2e00016449dce0068a8c46de551a33872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd8a0248e11d094e181af1d6cc189b06

SHA1
bc0d70120872f4b1fc3a5f78bab855923f7de6a2

SHA256
a438f8bef90e30d3d670475066e718d8b96bd57bf1bcf9c651caab852bdcbb13

SHA512
8a99bba2826cb4c28a724617733be3367a206a75633efc0a11284f8417ae4f78f08b3069c44cd48b5337e383ae6a13489407b340e9184f6f00b58069dbe43f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a393.TMP

Filesize
1KB

MD5
9126b06acb69d1e33973cbe9875f2b03

SHA1
54c11b1c08adb4f4d0759619026d762b006720eb

SHA256
ce1449be3b714304152afbc55537e18429a261bac87e365d254ceff78649ece6

SHA512
21109d299a43c5ff32282c83f7c9a7760e2c432f3801e1f40c44dd6ae0e05f7fa586a2f75840b02d865730a8902f176227b290cb963eb0753c3f7ffcd5c34bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4a9a999ca204bde1909524a5a41bfd9

SHA1
5b5c41cdee8cce9000764dc14a0fae0a1d500fa3

SHA256
fb5be5a092a6da73e7c970b4d28d21ef1bcc9977995fb6843aef1f2e1c3e91bb

SHA512
291309b7213a7d5e0e0e03454f117c74d8e26c7d96d6d6ce387c7d5e8c1aabe2d1b37017d336053fe90b85e4fed6eab0dd00300f1c958923d69b0ff80de18570

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit