hxxps://www[.]roblox[.]com/share?code=66e4f23c91c4af46b2f208e19d7067b1&type=ExperienceInvite

Resubmissions

14-05-2024 14:01

240514-rbjc1sac74 1

14-05-2024 13:58

240514-q9te7shh9v 8

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
14-05-2024 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/share?code=66e4f23c91c4af46b2f208e19d7067b1&type=ExperienceInvite

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{78201C15-7605-444B-A986-C29B699173FD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
2968	msedge.exe
2968	msedge.exe
3888	identity_helper.exe
3888	identity_helper.exe
4488	msedge.exe
4488	msedge.exe
4860	msedge.exe
992	msedge.exe
992	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 3844	2968	msedge.exe	80
PID 2968 wrote to memory of 3844	2968	msedge.exe	80
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 1512	2968	msedge.exe	81
PID 2968 wrote to memory of 4820	2968	msedge.exe	82
PID 2968 wrote to memory of 4820	2968	msedge.exe	82
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83
PID 2968 wrote to memory of 1960	2968	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/share?code=66e4f23c91c4af46b2f208e19d7067b1&type=ExperienceInvite
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa8603cb8,0x7fffa8603cc8,0x7fffa8603cd8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,18203533652822817456,9313817667903862788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
41KB

MD5
c5d35c10ac8ab13215caa788d62eff52

SHA1
1279a8d55f47d21485ac8ddc951c20d1fa8cac42

SHA256
7eaf75cf2b7dd1a0601393dc3084a0e634ff509804a3ce8f6367cdefe5f25eea

SHA512
c87c7e4feb35f8b91efcc6d3f1ff28dbe61275db7518cbfd4a7c61f8f7d62f324169f0c9dedd78951604f07124cef0fab107c963a0cd15d4c253bde0e399b7f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
86KB

MD5
862b6033dc6723bda6b54609820b9b3f

SHA1
64881c76d084f2ff93cefdc4e0d829b03861f696

SHA256
decf0a34519cf25f9e3f2e3fd6c15a5e52f4f550541a151121e9a5bee5d9220b

SHA512
695c1d1e1a682851b5a3eb52e8be1563a5d2a26d7925db8fd8aec8b0eab0ffa1cdeb18c4c4abb0660c71a3cbd6939d04ebe5fbe47a27a69c52d4151520d520bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
26KB

MD5
5a520597c9bae77d51b9d646dc50148f

SHA1
69fde653601257333b4adb2bca5c9ae59d52adc8

SHA256
3d446a2f0000e54063b19d0f6204d3fcef80ca2d0bc65a4f13de8d6f94b1b122

SHA512
b90e87bd6f708b98a808f778e58869973a1fd54e3b089379e588ea88f55c933add9d30e954045a8a9f15f144c9a9e5ec46d4968426f65f6a388aebecb93eb91d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
84KB

MD5
2ae874bc4a3805ad8a2067fc080de790

SHA1
da3cb741b170c8eb62c6e8ff5627dff819b65e34

SHA256
4aa25645df6f66d2b2d4e012ca97649c79edd4a0a8ae330388645fe0fac57200

SHA512
b5a56eca70d10a819ee754c4343b94d3f148b4f08b47b4d6bbb8e76be417b1d535feb20f08a08f3e29e517533e45cec8ef80a50d5bd8d1af6585202dc2a12a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
57KB

MD5
d998fc602183757bd29a3f220e09e00a

SHA1
72a4f2cc21c3d35c47b565df21c0423c8e658daa

SHA256
e4ea20d42e11fc69849f325b06529775b3c02b1bee504e4dcd0e4866a4f34dad

SHA512
75ccff99032990f104aadf05ae6029309be62462ff31ce3823da863129199f7be606c3b3163cf2b1ccef7e8272c7fb99055c2d0863e803bac0b84db3dcf0744e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
159KB

MD5
72b7a5bf273154bb9477bb3df5cdc4db

SHA1
1d6fe67fa6716ee234f8493770222dc11172050f

SHA256
3b3d730e8b23d0e259ce02d1acdca4fa0e1e86f6375bdd032a46ed60d5f99c47

SHA512
c411e39526a9a3d3d32d44fcbfe692ae3025d444b7f4f2e14c9231d09c5a45d6bd3a40cb3a4a7a58be85e0871b0e9fa8201d55ede72b893e459f4934f73d3532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
24KB

MD5
c8a0f2a9d5ddae75ed8eed0e167ea4fe

SHA1
18388578b113d84a8851cce26427a75c00bded28

SHA256
0ac7052dfe5610ac39f04c1473592fcb1d59694fbda188ef26365a7aa384981e

SHA512
66c0f1c7f60942690dc585bb976efaca10e33793e1330ae0f3bd4f429784ae822e797626220284bebb711f71265a2d6704188f917b4c35668e3af3684590cef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
26KB

MD5
881245c49b0865dc56c6dfaacc135182

SHA1
0c26c52e1fc1fddbb8d4ef676336add82e5c0edb

SHA256
12896b404502b2c479e52bd5e37e47bc18823efe242fccf0305515ffb20dde3f

SHA512
f4f4c02044779f72413695f575c2bd90a147c349425764d87ca3b995494154e00f65c880c10dd97ee54cff20fdca6a8cd53e7a0f74fa143b89cbc08775a172ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

Filesize
97KB

MD5
aec72f29c0d1f512ee04ab48f328fea4

SHA1
c18348fa5f99740b8f2e86d01aab5c57282d3b99

SHA256
63e1d8d70eb6f73d623b2051092407e9b8a3638ff5368e78afe9e35e26c2d172

SHA512
0511aa9345908d6c3d52cf5dc36eaca95e1cde594127aebae5760752d32c7ab8105ea71584d5caf801326f17c863fd26a2894d9f952f7154ccd3d9855754a1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
217KB

MD5
1e38d3227b98e2914ea92450d047e197

SHA1
a2599a0cf3eb62a1e5ac7cdce71713cd509e63e4

SHA256
fff8b5bbf61c22b0767ddeee5329e5485660e1549a822c2b5aec3edb2277a50f

SHA512
0f1e8a5ba336c0ca7a89e4da0c6c822b41920c5726cd6daa1016c458d3429e83756d1df54a7d5aa0c6ced1f8cd2271b119640f02be71226a4d91f3862b6f5c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
23KB

MD5
7beddda4c69363c3706601b43753b854

SHA1
2910f568303532815a175b0c6f4c83b27cbe6d75

SHA256
ceb8036308f0333a4be2b34a69b0791e0bd0c3fc804d1148c3b3e6a4cabe105f

SHA512
27a65b9c039791521c85ec1e648b1889495072133725269ea92d757b433bf3c1753aeb84514e35c3da1e9cea0b95d6029d5745a3747366a58696bcdde5ef65bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

Filesize
156KB

MD5
0fe4284f5d822205ffd5ea745387515d

SHA1
43a62b4062400a90189fa76f0800e46b28e6e538

SHA256
c8dd5e9b776cb14a679541191964bff89dc832192954919ba79a456c7005b643

SHA512
01baf185632e734b6e7508eb9f5c0508e2ad46bd345a1dcbb89b7cb6776b231ebb3fc351aa67f8b5ed6195965192a2287a1a73bb779e74d420d0b04b331d8b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
155KB

MD5
66dacc8d03173cdbae2d95e59bae9869

SHA1
7dae1d0a22a48ae871b4ef4ad02d664e2b7397ed

SHA256
607f3bf4cf2a073331c93c78fb844b25d58fb8998c893f4e62ff50bd9c59626e

SHA512
5e8b31ac6be87a4e81adfc4c9df94a8fbba7ab50f74e2a17d3f8db733bd3ebc73e50d5a331894aa511e7bef7a48a9271aa1aaa4b3c3a6f595ce5f0c3b335e567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
229KB

MD5
2d984bb403acda46cee523ac2d81fcda

SHA1
f4c672c64b37b86f4a534341faaf3d749e8c9758

SHA256
bca914641739625f0c21ffa8e94c48420b0e7f56d389d6acf4ef38848352730f

SHA512
1869d8615ae669288a92d008ade13576833189236193dd68202fc28198b526fc0e173cdf827870f8258565e65ba0b309cc7cb8c911b1e1ad672fa327a38dba53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

Filesize
301KB

MD5
d2a2f4b5c8573b7adea2a4f52f3871dc

SHA1
5656618bcaa48e6ac148e8434147e5fb25a15784

SHA256
a485f283f11787792a0364432f33a810c80a0fdd1467ab897a726bbff132e9e0

SHA512
dabb1137cfd20d403144f6892b512108e5d9514b114e3288eff268e8e54428c6426abdbd95fa62a2cb03caa9606a88d1c54327e246f81b52b4e13ef3181a192f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
16KB

MD5
3909365318873746ade4113c19c88cbb

SHA1
83bbbfb90e22dfb26a07d7d75c38f6da11ab398f

SHA256
0db124658ea6c6a1a472e50e0aeff9a79654d0caf1c5f172656275980ff5a651

SHA512
60adf28a63e3a9bc2ff1768a2548737815a449fe11d6afa4e1dc21531cfd48e3f1f7bd5f61f9e383418479d8ba1884736dfa4179a8835d184df9bc687b94736b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
33KB

MD5
1a889a0b9de0034525f25042a68bec38

SHA1
5698580c8cf44b7f5494d9259305ff8387fdbd07

SHA256
4c85f9a55ec8f8ea5ef9be062fba9187e9e2deb6485c6ff81576fd2c9f1ab94f

SHA512
943cb3bbb5740b63a19704d0905860a004484504de276ba88693395952e759fa875be5f7671e232325181429b5bb69d7762284061889d9d1717148f5d2c30420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
53KB

MD5
988919d946d70de5649e048d4d27a76b

SHA1
7acee47cd810be206fe31e5264df3f06018db1ff

SHA256
75dc80794e0db27b2b9007327a8752cb4aff31313b2f61b256f0a1e2fcf2d954

SHA512
3b245b85c68b062d7085289d30ee78a9af455a134f8b6d1037260accf42c0e55ec6c1a2662f3f460c59bddd3b1fa05c22c3c1e9f8560411a334ff9bb53fd5c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
26KB

MD5
be0a8cd358c2936a2095c860f7925df7

SHA1
b9e711d6aaf960f9caf8c604f9e65f475ffbc336

SHA256
a0e3ef83c10e4e766cc22baf3e21eff56e6b85ac494cadb9df252ebd0e6433ec

SHA512
867d5fc94824b83dbcd272cf0b7b72fa60f0bb2134bbaaeefaa6fa923ba35da50bafc58f02726bdf7656a6fb6fc9545cc6fb6451449b7761e0d5d73229a226b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
46KB

MD5
3ecf04abe74daa5c70115a77d85764f3

SHA1
c9077a0310990b52fdddb371667cc487fa3f804a

SHA256
7be83b0a5b285d71d53abb6ec3df75308ab99504e6f061f0902bf1e51105890f

SHA512
a9a073f1e53ce17969a30b1ef517aa2c66726e401fdda5d7c09dac7b84e422e7eeac708d3c31bd5bf11a083d9ddc3754e4d399d20b17cc0f5125f96be9c34786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
68KB

MD5
e9bd73c79416536e02796194cf3a0803

SHA1
5a9f728a688916d3edeb9c5a6bd00537eb30f2b7

SHA256
057cf3f03ba720968f2056682b9291c94a33ba86f012d6a32002efe86c397fba

SHA512
b545f94d98f1ab495ef581c2510f703272ea245d7a8c68c6e07d1c9348d564eeaf8e542e0e9affb77cbcd12ba9b7b7e17a669daf510c3e5528e71467a7986276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
43KB

MD5
03b830600880fff2314fb9edf3d487d3

SHA1
6192e6520a3e879ce740d81c6e679e882eb360ae

SHA256
dfe3988bf9fb8514ad79e620bf06121762d826d7760f7bda49ce6aee472b6374

SHA512
81f1b00e79aedfcab3a64b956c993966d1adc7903ba031aea57a7d787a3e7840cc7c154b40a64bd51a4a042e017fa2ed256171c05a4be94929a55fcac151e880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
117KB

MD5
debac91e0be1dc6ace71dc21428485e6

SHA1
7137989522a3a3e2fe2e6a8b8bb39eff09aa5d15

SHA256
7188fe74352340cc0eef4dba0cb67afd59743c745f390fc606f848bd4192a675

SHA512
4d99589e4c54ee292a4871c9ea4013f4e3eae1440e473142399fba68afe8c8df460bfac0ad9dbbdf10549cd4a894dacb9b773dbcfff00c95179f175676cc6f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
147KB

MD5
60b0730bf816b1c034ba0995625b35d7

SHA1
545ee1a205d982be6d924e3551379c3b4647e689

SHA256
7a892863f91795d0653769b11184a91097fcd38b6d9539f52ab4727c644fee31

SHA512
2a82bf2ca012ff52b242b17ac23beea7f694d3e5ee2267c6706990776732b7b5cf360163eddd64b5d77c42f4f9cc78ef50a4a4287b2ba33f20832b36ca7468ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
234KB

MD5
9b61d85a5c45ef1ebe93b5205634b71f

SHA1
4601e168131cb20559936c74cc4804a7dc377613

SHA256
f25526c2349a83063110b3f0fa019edf6a38b1c6e0f88a0ad49237e8fa46047a

SHA512
c8a870c870f59a1dd326457d1811b8d753efc8381e7b8b3ff112e6dd94202f7fe23c826c6f95a8ea0afb835fc6df5ccf0104fcbaa2aa37a962e8b496b3e84ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
267KB

MD5
c784e596767a005dd89eed12b1691f9c

SHA1
075fa7fa391a4b2943556657b81a41bb9dbfb2a3

SHA256
aa28503491754ca3a59fb9d0cceff6c12457c3c4ce06e9f54be3651741aa207c

SHA512
8e119a639dda26cdd04bb02a8e13267198714a7243dcd8781005d34f1a8d45e75d2bf5f83486489f0daaa74ae692056107482c80157a447e7906e7151bd577d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
39KB

MD5
40e72a03070924506d5b8554d8ce0c39

SHA1
5618719ac65bb671effd4b575076320304228625

SHA256
a80a04befceee3cf35ca96e643819cbd8ac3d3c36c17857f927861ad254ec654

SHA512
3e3eddd6faa35f3a89ec8fa36e75c436a8968e57b86c5e890ba56023173ed4b8d7f0cf050c16b16ead6b898f4a1c6f47242d350e2c73a7c790eb7f904c98ce00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
60KB

MD5
810247cb7c177c6cb9b14e3d56435042

SHA1
ff66c767e789f9fd4e31474fbf1d8e9ce6c7339a

SHA256
da81f439873b37961a4f807952193fde296959b5506af0807ebb140a9787d0de

SHA512
53cb0f4b7e628582bcc33420bb1a65bebeea0a196045a14936c64cbf2c87bcbd1a2b006306e181828bde006f37b23bb51ceb71a2ddda6bc01527a54729fd0647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

Filesize
36KB

MD5
a1d0367c51d637aac96a4656a67ea869

SHA1
823d4bc433dc85919b13a6d5bbfe994bf4ca7b03

SHA256
091f370dd4b35ef464fe0a0130303dc4b79f5e70ff88fa362f8f973b46d39754

SHA512
a3f0a413e4c6f52224d1f8cd0e2c7fc63a3e1415f341a179e30aca431f2b0870f5ffe6a7e11cda930a2ef85e8c045cd84b75ca40b4dfadc5e474fb7c192d22d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
ab7401fe271dd2d28553c9c29681f7c9

SHA1
98bb22fd7abe810c00b64d4263cf6abc8244e124

SHA256
03e22f894c2ecc8790103ea51d27bb41095aae516d9768519bfe87c9f83a6d94

SHA512
6aef60d8e6a5a937649f4833209ccd284467d47c7018f18f59119b7f2dfd3a1487a9c9b169f1fda44467a67bfdf5e1a7951ec713aa578b0fd56e39bfd71aa9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
258236d3f6bd2f2816931448ffc29a1c

SHA1
cd67ad1c33e316b7cf5d2e1f21c177208e2efa8c

SHA256
94d40bd629d3be19901a6fea0dead163c6306964db558b7d18ee1eb173ee5445

SHA512
2339c56633aeaf5081776f3d3b24f09824ac1785334bd105b4921a2c610edb7e334485736a706fd096b6e842d4df78c25fb23fb54723353a31bf686ea6af8414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1cf404a7b5c47082baa95d9eb2794078

SHA1
23c2a8caa403fdc63fe9362cf3af745fa2685e49

SHA256
43b16f6946e3647b62e99a0337baeee7394d4e7b96a1ff052d990749fffc07dc

SHA512
6519bca6aaa3007156dbdb6e74a96b9bfa7529bdd226919ba69f5b0acf069ff464aeeec3b42b7e3eb04b5be42f217a562a1eb90cba326eb58bdca4a8a1845554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
f1d4ba3789eb8eb9943b284eab7e6e10

SHA1
a78c95ff0b868b49dc08e853057a6305aa8ebd36

SHA256
2994e870eac4eb2a4baff0e6ee67f5994aa440a001e31476c652ff22ffd78c20

SHA512
a422a48dc5c2900c78b0648c26512f22f9994a8ac216891c66a6ce723b7f52135699827a8db70fdad43b03f4273c26f56bc1fabc25e18ddef5413ced6bc3f150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
743B

MD5
5eae85d189640cbcc70ef77311159712

SHA1
1080d05ccac9803d8770c89c593be7b70b86441a

SHA256
55c4bd0dcc316a107a3c035e17f78ceeb0257e77c1fa8cf59a11ff5cf9c79506

SHA512
0705cbac36521258c10a0edeb81578c04ad68410c0b4708be722d0f89c1370af7d2ecf4d239af1bc35d75fc24a9b6b09d1f76689619cc7820c65de185449206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
745B

MD5
ccc636272217341badad1b1b11d109ce

SHA1
891d0055fb15df145bdddd7b53e8f7e326bb57d2

SHA256
31c4fd2ac69d4b1fbdd9007febf5b9565984156ba74e9d2188e4056fa11f9da4

SHA512
c1232c0b6c7e6857daf36e7dfd2c923da86d5b2cce9e9cade94f29199a900bf5308343b3c47feba964e101cf0951e42d5b5eebba7b5c131b44d2180bb00fa4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe58e3d3.TMP

Filesize
607B

MD5
1f9bf3171b6bfaace2acd443e1d810dc

SHA1
6c4979cc7f65ca1834781321be1b1b738e8fb77f

SHA256
4735ec21de9388af8de622af0f206641e19e7b1a0114dcb68d147c7c68fb7c64

SHA512
8239655812c3194b22706f3919b12f9a17f52ec6ae5c7f3cb682fed50ea6a157cd9372c64594a57d9cf4ec7bafffc5c7a3cada940a4079609c43e3eee3099ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a44f0c7b6ababf9e48d191ea65237785

SHA1
9cbff9b4574ddf07c87066bd2f60f305f75d66be

SHA256
a0f7003f753cc231b2c29350a8f79015539699400a294054514803272667ccbf

SHA512
3159c19b534d8cef7a0ebdcc05edb97415d1de331030d68d003dd782e73b020c930c4e4960667f4dece63aaf873c7b9b0df3443d84cd674be0bcb6eb7460b16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb46b57a56f684b26098dd60f21290da

SHA1
94d5792db10edd3bb1107c8c52620aea043069b5

SHA256
17213ce04ec8976bca052d8643183d6b1224b4800b351a0ca3707839666fc38b

SHA512
c787c53ddc2f6bfec63cfec107bda16f3f5be36b63648a9493fca0bfd94b74c8619086756d140329ab093f68c27f61f4afdf8d9cea2e51027174677f98494ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3fc97db2e4738c1a8550d1e69084fcd

SHA1
d06b3196106d58a2d5f7fa6b8c53996bbe4c97f1

SHA256
6aa926ad096ea11097762f47bb96b13238f0d9cad1768705d7d10c44e0a8dce3

SHA512
fb84eb6ba0e2be907fe1d5a3d3fbf1efa727a16739cfb41912a24c0dc716bebafeadbc278b9bc08548a693e92d01bb95f55bd7cd63b7538819fb1a1ab701f806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbb8a11cb28ce0b5b3f0326e87c38d00

SHA1
5862636d7284341a93ef15e6561e8fbd1ea1ee89

SHA256
f99e44935b01209b47fcfb2691f25e912219bbe8d51a1f94dd41f3d206a87c60

SHA512
7709b953847b0865cde9b91378e5e64442f0005a3468b0b526afeb138dfa395d084f21809ce7a50bd4ae1f0bd13a6b3817731e58feb32a9c7ccf0200f87d5c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
409d7953361c51078457069b0e5d0b48

SHA1
264064b29b4a52ce2c17d127df978eae87c27cde

SHA256
f2a511d9013bbb1a18956b804b8412245dcc5fce4482b72fe6726908d39d84fa

SHA512
f25edb6049058a4745d7fcedb03542ade5c6a26761f3b5c572988e1c07626f5dc0f64f847a579e83a413d8f86473b1ef67381af6504810c3dc429e07836224fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb50617ee77f8d7e70833a6530e2a8ce

SHA1
db5646bb1e4377923427e74b46832b8982cd0f15

SHA256
d73712876d6f4b9830204226c808eb204f280847b28ccb7f40fcd67bd8d92c1e

SHA512
76c46091f0fe8b62ff78c535e81c01b6194ef66f3dd699f939116a048d6b542a809801d483e1c2fb219b583cb5df225027e1b8cbab915a9a1049547efa3ece71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b92fae635a11a711ccf7bf40e4034b66

SHA1
9aaf96f332ee920f622738e900ba9723569e6868

SHA256
1f50c561d4012a50006ddd97f4c7e465a0c4b3652160ddc63db4d8402958ce56

SHA512
fdf66b33724664ac842f80674bf39807b24de952e9b01d93610aa29806ebc5e6ff878a9c1f93d5b498ac2a02f2b2a02fbbf89a607ddc736223bec288b7406567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
56f12a3d3eda524fe7ce16dd9603a670

SHA1
e21ae8aa2ff59d6b67b7a5c4e12c5d5a7a3e0f65

SHA256
2668c423e29d5110d17649787c9b2876fa909eea468bca649682966a0cfad457

SHA512
c1db70bb2c1dc9cf9d7a1af3bbba12076c8f37c6efbea50c5d37bbdbbdc5242a55f977fe869350fedb7a43041975195a9a829f9f26aa8a071cd476b4fa689eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a63a1567a0397b04df255e690f5f376f

SHA1
fa6f084cb4f911d959a22a022e40dd451365e54f

SHA256
d67f7ff7e91034020c5b4d50dce885d1160d01c9e44bcbb145e982a8e28009f0

SHA512
c5553b0055750609261609921629d282004893b7d887430fe132db0cb0238ccc329ace410851ecc0d63b359c89494ad7c1232be3ca21f2bcdc401b90a65ef4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5cbc6248920d3312f201173d239619bf

SHA1
700ef6093a9112255a0190c7444b44389ce6040e

SHA256
60d3768b3b5a010f7af2642e1c981a0a706f10f6dc93065d838578ce671d9ece

SHA512
f41b6e57e25f230e93ee7b6af4fecddc287da21d0551cb0b5a60a9f1fba07f89932397ac325b9f60e597249a2cd9758e85e6844f67859d9ae78492c6318f3541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
84d1277a03923fb51a911c1218b24010

SHA1
c20df379a0e3893dc197e5e43a098cfc1e8bf646

SHA256
82f4b4e2ac09e97d32bcd9a33673f55479808824556df114554e905f16084bf2

SHA512
5bf18820780b51efe24f4e477e3b9f12515367d7faef9444eab645f286e107f680e1ff3fbae233c65c2598a60ed8ae44ed2148284ad3bc3afeb13340ed4fdc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
bbf742a818bbe1604e05ce1266878090

SHA1
6b5845b65d712b444c4665c4af393e5b23b0a7df

SHA256
5510a3173ae299e0e53ad3756242220892ef28858b86f4806611f026c77cefa3

SHA512
2fa164cf61ff645dcca1c5c62d6f1ec4ee433fa4640f340c1c5facb96313b9ac3bdd8d95686231f78f84109a3f701bcd653f1126e869cff0ccfc5a1721e8b884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
150b1da0d73c1501398922800de70068

SHA1
ba1472d187719e1a3d3d5338b4975739812035f6

SHA256
95d259321a62ced10da0e4e27e1f6bf60e068e7ccabae5536b8e3f04bf666dc2

SHA512
5e28d3d1dc52f3521551b706c70560bae469ebf61c18049e4c9bf3c48308d865fc9ca0a33319338f250158c9e52075a1011501115d6770969948d9d779e5745a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3ca1ad27bab95ada3cb24fa0b0e560b6

SHA1
5bca3e92a50b102cc178ccd322fb029bf0b75600

SHA256
7bc7c244e79dcc9efef84db3fce1f3d59e52dd5e6db9425b655ddfa6005c7651

SHA512
22a50a601cab2b59140ec6285012997669278f9b838e0b7dd155031eeb4ad81e4631069663418fdc0e9b7d1d0cdf5933828521f78a0ebbd1c87f163cbe3c5ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8e3392c97974ba31c2d179c1f53cade8

SHA1
059dd36d7b3e207f7a4b4e9490395793ef816b72

SHA256
ebe6f6c5e2557c6347fe5efc84deb1c22bc77e0c5d813d529e2a9866ee2a359e

SHA512
d342673f4e5f380a5c8588d113d671e9fffa0b8b8fb38dae470428937b1722c1433c7082f1af6f65724cbef595c8c357528ebc2bdc6870b735b739023a74ff1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e0c79889604daba2752801eecae265c6

SHA1
edb003b485043bab7fed7f7dc3fee45998647117

SHA256
2da87fcdefb2f86abff8ed5d8af06bc2d722b0269e7383e5254fa327aa7c5250

SHA512
24766adc6e35f0ce733165065d6e2078b68a0d14b70f1569b6db29949cca1044673dff2c5402031c9cc63390f4b7450630bc66d9f6f090d38992c8278a50160d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
1bdb4daffbc015bd0634f5d1328ad491

SHA1
c7379f2ba1c3e3942fff35f3007ea822e4fc46c2

SHA256
e66d9803d9173da1e310b44168fd2cd492e3241454581ea1bc18ce73697b08cc

SHA512
110f573a3fb02851db62c7b34acd3e560c9fee8989f298126025904b276bad1e0e37d819d4c32ba240fc7577afb76212e6a528385ed3ea5e0a8bb6e3ee9c7742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf37.TMP

Filesize
1KB

MD5
e0db7b0906b39d6327407387f0788fad

SHA1
13f02603322e841fdd72a55edc343c95e05f5457

SHA256
ecf7c69554f8ba4775fad9cf8bb6bbdb6e072d2b769c733822bc0df49a8a5781

SHA512
2e74285c5145d3970ebb1436ebb8b7be2f671de375ab6eb0f70833900dd3f86e7b6bde4bb368c35c92e15d387a365f26ea819dda5377b5c1dae979b06ee06dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71909f32d45f071e3b283f7a31bdb7cf

SHA1
31413b37ba384fb39f9845e6fbbbb909f2fe1557

SHA256
b4ea69a799aec18b664e1ef971aedd2a6209439f9bada9ffd9463ee9cd1035d1

SHA512
02113c3b414c8daf12c53a7b0bfebed89624369b777deeddc889f17050caea0883bb8e4a0be21504c03988f69930568f4823e80d5283e60150288be83117ac12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit