hxxp://multipleroblox[.]com

Analysis

max time kernel
295s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://multipleroblox.com

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
137	api.ipify.org
139	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
4632	msedge.exe
4632	msedge.exe
1408	identity_helper.exe
1408	identity_helper.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 244	4632	msedge.exe	84
PID 4632 wrote to memory of 244	4632	msedge.exe	84
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3800	4632	msedge.exe	85
PID 4632 wrote to memory of 3128	4632	msedge.exe	86
PID 4632 wrote to memory of 3128	4632	msedge.exe	86
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87
PID 4632 wrote to memory of 1260	4632	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://multipleroblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90ebc46f8,0x7ff90ebc4708,0x7ff90ebc4718
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2014770286350875536,9522213815537293080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
625KB

MD5
22e0f973289dbb9a7b68768655bcf663

SHA1
5d1617b5f6815403d3c7d6c009b4ed5f981edebe

SHA256
9b16897901a33e4937a3570365eca72f8ae0ee298d30aff3a96469a5721b3809

SHA512
6792cfc1fcad604b24d7c4e48f04cc9cd28bab5fe589673f748932a8b1468496f0ecb0f81aeafb7d5993d47af46ce28bc7a271ae77cd888ead6ac4123dc04a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
1ae51838282c327420dc4a8405b4c06c

SHA1
08b38158f14c4ca61bb0f6c9444e4d149408fd56

SHA256
e849f38a7816ba120b646076d67b9f8fe00dc9fedfbba17d793b2b52c0b1b8a0

SHA512
a5bfa4fbd59bedb025cf69f53f72137d4fa2e55a3c41f2fc497317fcfab6fc2266690e1eb3ab343fae842ea36b49f431dd966fe31e1cbd1e02c904520d2e74ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
79KB

MD5
43bef98d1ba2489f9695b5a62d5c0981

SHA1
111bc4d52652849f537e59c85decff5044a82af3

SHA256
12373ed2a7510271edd4d510fc6be22ecc2be21e14f6a8faeaac4a461caa1c1b

SHA512
6ca83ce39ad6ad667453ba4c6a0930bee0a185b22dc30be01e41a1adc2f7b1469cbf02412c859f494a8724e69b185b01cc1e044de328ecfc79241fcb2dbfe9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
40KB

MD5
2a46072de87041da1c43b650fde847ca

SHA1
d4db2be15cb50de1df44a49da9bf70623a75dbc3

SHA256
dacc2122b07fdaa856f8fe1b09848df9624b56238d2bbcfa5c5e1bedfaa59c0b

SHA512
a28cbc6470facb67d47f173f4a1e2d05ffa8d8e832c4f8f467667be0fa3a038cdad01abd460c6f479fb283fde0dcc360174c3271b26ba99c2e31b34afb71a1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
51KB

MD5
82fd6b1943d7425e6ce488d82778d97f

SHA1
5026f268bbe3b9e502ec04957c711c3ae08bbe62

SHA256
f9ba4b2f458b996159a9685fcb3626e70a49eae6c06e02d7874aed71853e812f

SHA512
119eb28629e3f373a95afec97308d3ea4ff4fbdfaf3ab1597cbb101ddf08129e1f1380fb95f65098f5dfdc1ccfd7ec7e682ebcda6dc3a77fb28b8be4b25b9941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
70KB

MD5
b32a0453aa73cc46edb5150dd9d8c511

SHA1
bbd4d2057fdfef79142cca8bb8c29de377d1d14e

SHA256
bbcf544ede5e804d7a124964876c3faaa36bb197a82c2dae031db4d10aa4540e

SHA512
917b70cabab8fd053e60d06d38fdcf1863d1a490dcf70f3af093c02ba4aa5aaedd848c33bc8508bf96449cb10cf6251bd5f70a33598739b45bf6c5ce5c370421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
e298bef2bddc3a4273405acfc6097761

SHA1
08e8d7f9160e1c228ca307867fc8fb87c0a48f25

SHA256
45cd2a9dfef3aaf38d0f733c53fa77d8843a6f6bfefb239aec06df7114d51117

SHA512
760b881a55bcc50b10af5694c87cdd9b0d9ce5df4e268a01428a8256fe4dbed03f6b3ff47a1be710699f5b36b3431577f1fef0b6037ea33b3ce17f08c15a9cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
29KB

MD5
c48dad5f984e1d7ecedb89e6e73e94a7

SHA1
843e55eddb99a9800d779cb9a860eb0a1b5e3821

SHA256
304476467e3fc9e244f8d986a405beee84da3e81646c64c8476d70e64e8c7ad7

SHA512
c78e81ceb18c94a0b8c95d2bf976a29278f2daf6c552404c34ae2613a98ba138453b431ccb0ab08ac4565633449fbd22f13e7b91a1c3721bb29c265650f390c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
37KB

MD5
6bba7a367dd795411f1a8088c9de5c63

SHA1
3e89364b082128eb027622bc5f37319d04a05fd8

SHA256
c325c37e841a237ade7acb18b8cbbbecc33553ea0ba78e96cbef86a0b9eebc97

SHA512
93058d7a22ddfd65499e0b1c94297b49fd97dde37ceca98fb38bdda8eabca7e4bc4828a40b14bf733e10b957b3a11bbf9e17b4e12c1d933088f7fff01c226e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
125KB

MD5
a4160421d2605545f69a4cd6cd642902

SHA1
aaae93b146d97737fabe87a6bc741113e6899ad3

SHA256
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

SHA512
d2ba5c00c3b6c1fc58519768b0dcd23951e74c00fdd424ab4565e7c2dc9c6b8e8077dc75015d9158bfd12f4573a7feed6bc3fb16eec96785c356511c9551416f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
139KB

MD5
1a1ff307f921b35780d21100ce28cd94

SHA1
3a1ef68388f7ded5db29873ef5b438ae429feec0

SHA256
b4acf289ef66af08cd61ebb9c1a11008dc49ed83b74476b127b4cc22f2230a00

SHA512
ca5633684e0144993da253ea65f203498f882d287a52a9289e1a357a81762a3dee228bf6d754b10430264193f3bba88adf1a6f021f8b6c8c7b8db9afe7ebe5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
96KB

MD5
3693699ccc4a0147deb2737e69c0dc05

SHA1
d2068b372fd6b87dab0558b9993fc13ec2b8286a

SHA256
c9eedbb2332c80faccb264a6a98b72ccfe29a6034214cb17126e029fe7cf2fa0

SHA512
28db5b1e358bd583fa2c4d20ae04e0c607010b056e4850887eaee477468d29d2cbf4949e9ff5d2753b98c4560e4ade8dd7912c0f35e237c3572a58e6c8bd122f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
35d3043de8cf725b0b1b7b41ff48da1e

SHA1
520d5b5b10746208c8af62951484a1b432b64202

SHA256
93667b998363caec8898543d9aa0585def66d68c1876dcc8453e6c49574c3d1f

SHA512
e20e792949abeb6f3bd8f9bc2d254373902a42208b12d731b74089d9b58a740c34e6c72746830d5399e9d04145cd30821b828c5bf8ff67707b1022c781c8a7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
978eaa28363d7450153273384c91fd04

SHA1
ab09056ad5cac1e0beb2e0e18dad735f85a2ebfa

SHA256
c48dbf6e542a829d5cc2d478c3a64fc2f06352658ae63a123be7b59db35eef24

SHA512
d03249f740f99a6a344cfba1290086d9095ce6cf4cf691aa972087c5e9636ec2318cbecb57ac87fae1815f32ca389fe7ed3f7265600891a2bb109f450e031ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0511894a00d07391e0ece20813b5a378

SHA1
be4130a35e9fd9b09f08b3c7d6494cd020d0590e

SHA256
a0232018e2cfc5cff00b022bbb49772a6601f275d4fac513e8311a81f29a901a

SHA512
88d6858c66059ea14ee0e889b41b7ef09017007ff437005d6831ead4e9c38edce4ea200ef59b062bdc82bbed346d3f59c4278fc56c7dfa0e11ca087bc9cc19b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7fd6054bc7caf429eef3599f74cd1ff2

SHA1
f9b620c92e55bbcc1e292f86711d5575a2049042

SHA256
afba4abde733d7a11ce45ed58eaa43a1058ad10bd0b67c687a8fe0fe1e867f99

SHA512
e108fd614a2d01c187013c5e39827dafdb38fef74bbda7abb842ac0d90e1e23a42c0d5caaf1a4a70965877aebdd150bfbcffc8de43e7e7b82b61525d8d6e7585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bfbc9111c0bedc6512dac9d6a7d52542

SHA1
f59cc1e2b8af8672a36c165d7730703b3564d2f6

SHA256
f245aaccfa8be27e9a608c8cc55d4905e02b1e281f6d133e11e8af41303015a8

SHA512
440cf3a4d90335bc4c4f98b49a3377c1b1fb9d9cbb948d4f2d0666c0b3de73a5e33fc0fae6780d58771a616422d9fd8fe258ee5a0ae5cce055391404635c6832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a978926abbfaa7f6afdd9cf8a4f4c1fd

SHA1
363c4106bcaa32fb14fef9c9dd33bdc6b471349c

SHA256
18e82717d4a6d2b34ccd73aa8a3330f0e370eb96a5c7bc2d47cb3d05527e5c53

SHA512
80f36c7edfb8af2fd9fb3b037978bbe91b01a16d9fc49d838122282c267c2e4dc275ec4f8c41c26e496f84e59ab6e452072fc4256a353f554a873c4bbfc0ad54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a187f5757b3539b6ed70ff6c2989e417

SHA1
866d00c7e3bf1d898232ae836537b4e023a010ba

SHA256
ace8cddcae81093f4c84f9f1245e6a8ffd26cc9cbf11a7ceff544b183accde81

SHA512
5329e3abf26d470e5151897684eac11ad70936a5abed71dbb72a4ae5601ced15577f9c66f0f21b7bf38378f4d2d1812852f55a554303b8e0b85eac71e53a06ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6be6c729179fbe1c4dadff30d1ec7ae9

SHA1
80390e7fe0f62403d01803d50779e71e48d8225f

SHA256
1d59ad38f533ccbe6f240ca3ef2c8da722f83637c265d814579638160db01c64

SHA512
d901cbd46cfea1edfc69238d18b5bd5b6e9703ee25abccbd0e37d2e7ddb3d80de47991ef86a54037f829437bf734d41b67c3434c4910b616685086a086147104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd8c299ab47301167b23496d064646c7

SHA1
076c52886647442045771f7e01c98b818b834787

SHA256
1b94e8062b2e7b435c758973864584f87f99d2bb34e95305e29d7b1eb120ba36

SHA512
5b39b1166dc4520926c0cbc41380135aaebac89afef8db3903117842ef36caad82184dc5d32a75a411aa10f2644a7347c5eedbc9da77ba061580b97238aa9eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e815bdd631c7d19a5eb92fda992aff2d

SHA1
5da0c4c5714752b81d38a32029a837785de00f55

SHA256
cf0b4c00baaf6a0552f9831dcebe751ff5c01ca56b59045440d94892d5c6c642

SHA512
ab3ae1eac5c25676d790566a83282f2039eb59374c3e3e89af541847ac0c45c9e6ccf645989d8d0eeaf4ba20f72afd7c7a8e905140ace2c10ddf88252eea0f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a656182162ed8d717f4dac185e965d93

SHA1
f793de1bbed5229e956d96833b94a82f3ac79bae

SHA256
c540e44b405e0aacb21e27628de682e42389452b8656f13e7828bc558a8408fc

SHA512
e52a7804692301e61b759f7dd9fe247fd075042b489dfe985fa00d951c56beecc37fd7b49be3c5cd4382e532ab2267d987907dfbe62ccb783ef414b0c0878639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ba518a9d5dfc5eb6e6c65348cee6aa7

SHA1
e4baeb075193d7ffa710e9e0b437229f24912ee4

SHA256
0ac83e02f1a599e1881ab50c3ff062b33e80c0c61c2719ba32403dab914cd31d

SHA512
545a8362aad2519ff087b08d5e771d55e8ec6579a944776613eac2b8c6edfad143412c803ca3e09570285360738f50faa8109163328d2daab2984ed680aa97ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e26f678406d9a6a654c6dfd3ac0f2ee2

SHA1
08c906a1a9e59a6df62ede07ea5d56b473ed065e

SHA256
403b00794cf0b0e99f9270f2f1114d5a4e3af192b7e71bb9e17705801a4f5f08

SHA512
b38dc92192a4c7918e9981054b49107d87d9e0f1cab9d5e5ae3c935a0621df17f4de5e8aa90f13b1c544716d2b23bce10f1b7bce159ad576bf213937fc0513db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4596b98ee2e814b2fd29244520fc890

SHA1
ce3ea5a6eebfd0d9cd9e6ac1d8c279a2c614d16e

SHA256
f2c66d689a34b71ffb9cb8d450a4edb507c4db83174aefd39fd41c613fc06ecc

SHA512
afc6dc00030abb42d6a394b57ebb97b1c07e706e230156f80064b73d58a5405274c4fa534336c8728d0cdb0e1836b8dcb8d0cebe749fbc6368f1d2f688d4ac58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7bd554d53849061a7a87ad7cbd8e6e33

SHA1
de19947a2d12621eb2255caa973dab89cea568c7

SHA256
f98f166d270c0099f5398fd2f526d3ddd984da475d6d575c7f9169a2b514d9be

SHA512
db88d6ae5404eb4bfb44b6c97367116d3678c4a09d71ad22d9e9f7a00d5d497ab675d9e10d152ecc5d5a567b074d3009a94f44e45046531a5e476e6b24741784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2741ed41bf9c482268efe0678d204929

SHA1
7b7b5becde456bccec9fba602a71bd0de15c4817

SHA256
2197140c7e4de6abf4c2968ceabfae502af83272940b7982b771550d15926492

SHA512
46e6d805dbe779a4c7b41490dc225156ce156090cecab0c16d61c769b371c4ae1b763f443a7d543d3b4103c3c25b0ed42382f84eac413531d42254111e64b5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a34b7c6d8bc75894f40a816ed3b26f01

SHA1
14f895b4cdd5824e79de3d4094fb1d056dc76f72

SHA256
721d68b21214738dde08d3952d7df8d3ddf53d2dfac2c8bad1e563fc76c85a76

SHA512
2bfe1ca2b9683a1139aaedfa070ae4cfaaa7db7e00ef67bcae33fa39df10f2d6cac0c6aaf7138c10086d3ac26ff4b54d24eafd5c641fd1ece77e5c96715de74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586b96.TMP

Filesize
1KB

MD5
4654b6e4c46cb02e393d88da4a5e93b9

SHA1
518af57ca3547d2d31ca645480b6828191e701b6

SHA256
77b6bf77bd3a3d099667686f92b630aef486e97896d1edbfc2f27a33ff83bba8

SHA512
fd31b6e05285ad6522a89bc0eef487f8d6e7e95f099b573dd39dc2bda471d740729942bed6355515833fee813dac5196d497796f73baf4902c5677404531b7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
47a4e5f0f58c05cf002d58b8da4221f5

SHA1
ddb03d38444475526700133e055d91cb117dc742

SHA256
e8e6d7a95775cb234381949bc94c178d4364f46454c3cd6b032602c75d686d8c

SHA512
d72b59ab06b9730807aee74681704e234d4dc588a4872d55437b4e0ee16edd36dfee23e5997540ec3f224536ed3b03f0b75aa5fcc0bd07cdcdb94430fd80dba2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit