hxxp://roblox[.]com[.]kg/groups/9649207841/#!/about

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com.kg/groups/9649207841/#!/about

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4312	msedge.exe
4312	msedge.exe
4848	msedge.exe
4848	msedge.exe
3944	identity_helper.exe
3944	identity_helper.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4848 wrote to memory of 4436	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 4436	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3452	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 4312	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 4312	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe
PID 4848 wrote to memory of 3144	4848	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com.kg/groups/9649207841/#!/about
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd944946f8,0x7ffd94494708,0x7ffd94494718
2⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
2⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4152 /prefetch:8
2⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
2⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
2⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
2⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
2⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
2⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6880 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\62f6df21-3aab-4144-8eaa-0368ad0a1309.tmp
Filesize
3KB

MD5
2bf065d1b88d0908eb659511acd92e7d

SHA1
83988902f347d8d00e7e74ae2737f7ff95c47e7a

SHA256
3247ccf28f89f98ace4c29737693be66fc4957a0a1a9c8440b94e7e3349d77b6

SHA512
a0793d1085924b738dfb278b54ea7810b6d49db735d6d6a6fd7c32998a8eb5deb354a6ec976a895074ea8cf0994cee0fdb26b9e82c13743f5458d02e10cb8a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
23KB

MD5
53de0b95fcc43b9b700d7b92255816a1

SHA1
4d3c8fa34b8f535eb48361f434b3d501d48ecd33

SHA256
9feb0a11a6ef66aab0cae9db9003caf6956e40584669360e1b1cca3e3d0b273b

SHA512
7d2ce8836584f9352a34ce398e7c731e766bb0ebbc743b04dd51e4b0eebab5dc6b323e038508a1ee3b108fd63e76980fa8dd3a3abfcf04af8bf3a019d502a6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
67KB

MD5
383f4498e1775da4384bb29e6b3a4d07

SHA1
d7afe5cd32e4fe92080cae20890c0c85d73897ab

SHA256
ee48f8f273317f1dbe941d58584f9a2de8d4751e1f0a5ae4d37be578fc62266c

SHA512
e423e39421acfccb60504b29e13b1783305bff8f845df191f5a978b6f4ab35f955c6cb847ded12cff91ba82fe2b1b77f8255eacb70c7f8f719337b069e10be85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
48KB

MD5
793b639f0483074bf878fcf19c131678

SHA1
b1a2ef0fd4d7944a9519e54e3201a05c62c90415

SHA256
b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869

SHA512
1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
1f109196bf492b54f630ce2336045da5

SHA1
e8eaa353367454eabdd069ec3d6c4e07d2bec160

SHA256
46f35bc6d8f680563e972d38c6b5312c08ac8b37db3a6ec286395e9dfc60e8db

SHA512
2a098bfd857f76f5de25168b21d08dd713843088608be5552099d43c08e6676b1f1a5b6f2a365764caaaf1d816b975cda3c56d2464b217b534b0c250303e38de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
b99183f3827b3d271c65d8f0b419b3de

SHA1
fbf89820c7c5cb76972fc1fcee7ca0c195aca277

SHA256
c4aae5c43cb4e0a6fe712ba3db70ad3c6f6165c910617ea15fd26169a4cff90a

SHA512
11a8e0b9171cfcf37699d30b4a9c353bfcdf8ac4b8301b1cf344c3957ba86e1cac385db0ff4feb80f88ca6794bee57b1c9baf15e175228132d63975466415aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
5308a058ae00c904e92efadf6497575b

SHA1
3207247883bf9e816d5362421e3a59239518ad84

SHA256
93753cd74c7a439cc7f9f3ead073de8e21de4bb9c8f3d5065d39a1f2b927e6d2

SHA512
77f4a2295f779256698d755cc98232ea5936e1e564d2726fca8a8266c42ae3f0a447ee269013174b378dc894c8705b6dd6430b873e2947f34f783e74a3321d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
7e88bb4c1041603280df0a024e2f4f55

SHA1
b796d528a2a9f6f8d99957ca4c1f69820e408652

SHA256
ceb38bb2a715f315b2151e2bb2bc5a3bd9a1b693426549e652b483591cb768ad

SHA512
6c7347cf39fd668b1ae94db59ee78aab6e484e9560b235ef89fe488fe405a46bb76271d092b595b370e63db08884476e7b0f5941c483a746dd66c366eb6c6283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
88d6dd88a52879a7c73b056491f3921e

SHA1
f6ae4e3857fd484909aaa79e57832234ea800038

SHA256
b11134773f5ee82f53b12496e3b786a63494d471e9fe0a6fe3bdec875cfb0daa

SHA512
7fcfb839253efbf69372fd487e0d4551757ffe33ad4ecf695185efeb294b2bc5b9444c87c274582c8a1ebb1852dfc9a17eee6163369cff654bad75686c4efdc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e94fc29c20a823c1d4a4167d0bd071e3

SHA1
948e4547a586ff65cbd6570dc27464735ecc5037

SHA256
a4ec74b82c515f191de83ffa4987d7221ae0125c24989e1cc1ef5417b61eb6b7

SHA512
721b33f4c639acbfe62232e8beace1f74b34943fd8d11003eb9121f9b47ad315b50425ac0aa38dc6645eb6c878e16519262a7fa28794ec92adbedf6a8a9a6aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
06b596da51e47800a0800ecdd616abf0

SHA1
ec3f719f9c0f3228f9ce7a6161e449defd635e1a

SHA256
ef61c982274eb1e4cecacb99951b5dadf405d1ef7679f7e87bde6309f8033145

SHA512
a1649162e4e90364c02bee86599a7ee9512fa0c61d58a21b0bc8962337343e6b16c2f7d97923d02d402623bb6599ae141a5938d1ed4ada060665d3c576779a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
47974c348468af8ce54b81e2ef4a5f35

SHA1
8fb24baa9920af1ce29e17ee5b1e0545255f77a7

SHA256
32d87c1dc5620ef3c8977aad6c395133bb68ce5bba08bc6bfb32d5f3db2438cd

SHA512
0c56d2a10e76814dd12e365a8128d3d3b4f344901345c1d5cc71606a341c7701bd869f58d2f4f6f703c7aa572b6e30e624e2a2984686fe876a9f3156520d9c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a8b17c94147f575c2a6f8f8317871a8b

SHA1
a06ed51fe67094e81f02f37b893850fae044e434

SHA256
cc13b1e7c9932620ef43770bf5feedcc7e5d736c588a53f0260a33d7e83ffd47

SHA512
31b55aa6ab51b4d74faf7ea5e7a5dc01f9f13408005858ad55adfd57dc262103133631edeb260978a50938b721288b4cc6f6803976f0b586587259662df2b9ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
89b3be176d888aae26e5f167983d9efb

SHA1
0c90f4d99adc2a62a6cc00c4a37cf9f995386a4f

SHA256
86080e6c31d3dc3acd7a3ba9c3dcceacfa9c419313f8cb60fc94c1a374816648

SHA512
a211bad4a96176f7a22bef0fcccd104f3ee965e472c66b44e7c0b2263d41f110073ecfbded3b16e383f7d7cffd7ac781f4a801e144807bf053e7bee0d6c8336e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
25fe8409d9ca2429cdd21a0f660fab03

SHA1
0bd5ae2b7bbe224c6ea067ea171be8cceb1b6395

SHA256
3be0a512bafe1ad919f79360f9b2b3524053a84946ad03e3799a0f6e6c74b05e

SHA512
c5475658f2a7beea7b56c4d0c94e70aed84f117bfb2ef01826ade85007caf9e8548777e5d58ea73e34d7cedf11ceb5a1d2c6842c0b4bccb06056b0b71bd215be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
3b99bf94527c2b812a8245d1664d4b59

SHA1
3c00ae318c1c5d5589663ed7f9377a200d5ee670

SHA256
0a018c63d07665f9ebcc4339893798a21f5804810e6e4758df52278e9e1bf2a0

SHA512
c161ec8773b4e3f6f0ee38b2ae38a41513bcae7b206caaa06991584fb4d23489a0547061af7ccd9ffefc71de5ee74b32d0a6cfc5cc8e355f0460ab1bac56cfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
c82aa8f617bdc199f08753f30d01f6d6

SHA1
015bdafbca976b1bc67b0dda18b86405cf90f573

SHA256
e1183994a6711a6b6bba91de4216750ed145f96efe130deeabe4890328fb6cb6

SHA512
54cddb6500c548be173549060e399b9302155f40d239749c0ae642088b623ee3949a1dd891cbc2371edfb953500b19393c5b6c22b767b036bc76f21a7814b475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
62e356a11a541c1fa0130cf7207fe7ba

SHA1
bc3846fb95405682497f107d5295e57b30bbd286

SHA256
15f6e8501d24bb6f535fbedc29e54e4bc662cdd111ac199309880f7b49b9ce66

SHA512
dfd47e9b63e6804326155eec4a7eb3aa3bac7c7085ed0c1ac5bdae2330486ad4e571340cfdf4383564469e4d6e7e916a9461cc093691dad1efd055f619f630b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578a10.TMP
Filesize
1KB

MD5
be6294ffd04a99c5aaa6bb4d59cacfdc

SHA1
a48ec26c33725a35a4352b1b4c3e580185eda42d

SHA256
d9d051aa0fea79e96e0bbfa7ec285016ace275377ac52f54de2959b66d81e885

SHA512
f22cdda2399493539f6820c5188204d98816d4a9982b662dd02bea2a6e2ca990b81d8e4ac8befea1579991d0fad805b7bedab2e322f2feb27101a110bc26f7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c061420a-74fb-4eb2-aff7-ebd77095526b.tmp
Filesize
3KB

MD5
3e21dd5769d616aba4e963aa5c32ea73

SHA1
7742e04b7393b5150145858694d74366661cc5ae

SHA256
459a8a627b7c163c0c809aa6dedd9e571944cdbcbcf75266fb050460836daba5

SHA512
cd826db0a22dad29518c5d2c999e6cf1dc496ed5865688423affe559a16329f11c6a24e883e8734e0fd78d567a8cf02006976dc9ed2db5b8bf6b0a021a080a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
fb2b09f09cfae30435a9ab0e5527954f

SHA1
bf3c4b6108ecf73963e9b162c0cb768087ed75ec

SHA256
71d600ef5d28bcae2baa3f64f5184f6b6273c22a37196a9dd595e905132a2678

SHA512
18a0138adde957bd7d374ea2a55cd4565f4b5465d984abeb81c29d4d53b0b7a8708563601d89a9594a8d7110f4b9c1c9326f5e13bd43df662aa7600df525d34d

Download Submit
\??\pipe\LOCAL\crashpad_4848_YRGYOQOCYZHWMBHZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit