hxxp://wwm-roblox[.]com/users/7988675902/profile

Analysis

max time kernel
104s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wwm-roblox.com/users/7988675902/profile

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{72D3E7D4-688A-414D-B945-720F0C9F0DFF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3856	msedge.exe
3856	msedge.exe
1436	msedge.exe
1436	msedge.exe
3060	identity_helper.exe
3060	identity_helper.exe
5996	msedge.exe
5500	msedge.exe
5500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1436 wrote to memory of 4728	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 4728	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2800	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 3856	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 3856	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2764	1436	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wwm-roblox.com/users/7988675902/profile
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6d46f8,0x7ffd7b6d4708,0x7ffd7b6d4718
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
2⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
2⤵
PID:5492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=1264 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2380 /prefetch:8
2⤵
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5820 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
2⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
2⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12942948582248882707,2880114324172066199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
2⤵
PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
20KB

MD5
740d5efbbe21e49b08e78a63a4f47b00

SHA1
b28bf093b8030c9f37c94f7b2c17e4451312a031

SHA256
65c20a747dc3cd63e7f2fc629aeb1258e4b2828e9b85eb85f70ce500c8f137b4

SHA512
005b8fa6cca8720bbbfd67b176f031d7dde7475503eaa9017a72d234724e146257ae16b7f9ba73a43a7bfd51f09b43fcd0e08db9654027686109689502840073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
59KB

MD5
7fd069146ea79b16633bc8b45f90482a

SHA1
98dfafac54f6f5db51e3baea698208833ed1b642

SHA256
a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7

SHA512
c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
85KB

MD5
5ccc10052c892e6f5c945e841186c821

SHA1
c0706a842ebd19b167b28c986bd3932ac50ba68f

SHA256
878102010b99efeabcfeb2ff9bd45980604a433e70f1c4e9cfffe0cb0da1bbb1

SHA512
a3dde5e1809e9fefc88238a8be7e794dd4872ae8adc28898fdde8bb866ebba1a53ec22047fa18e502ce5cd04a29288f1e3b57f47623c7a5258d45361a391c755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
Filesize
66KB

MD5
9cba1afaefc0fab43e9a97a497946854

SHA1
3597833b3ee00167cd90a69b0630059f90b2505a

SHA256
94dac1cfe71ce938fc55545be9cdb3a6e3b1fe10a3ae48220c584b9366e8218f

SHA512
71d6d10a23973ee38089e32cc87a7fbb1de80d85623807f95fcd84889407a9a5b8eb4867adb7ee4e95c29b1a64af59b9f0c46a538dc64846ba928c8bb9396ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
Filesize
20KB

MD5
9f472632ba6358ef382ec68b4dad9708

SHA1
57cf4a83dbed1c2b414c21aa8017f15e28564c11

SHA256
3a4f5369115d467974c6af8a90fb5e597df7b6adfc3ddc336094d2e2634a537e

SHA512
b910497e5115ea65644049afb1486b412b1f9186ec8f7e5d67e68df426d3364a17b5f8143e362ad02379383ed3a8da48f3cb3cc98107814c7dbf7ddcd80d3982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
Filesize
147KB

MD5
759ab24cf5846f06c5cdb324ee4887ea

SHA1
41969c5b737bc40bbb54817da755e3aa7d02f3c6

SHA256
7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471

SHA512
3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
8a4fd5af59e51fe4e28df4af7716f88d

SHA1
14be9c9ace1d1d75435e8544f4f243391d18d734

SHA256
12f70026ee5ecfb5adbf9097808079ea1c72789337dfd6563ffae9e6999cf16b

SHA512
11ce69aca4f9f799955e2c6eb135fe7fd5271c325ede7fb091c4b5079b7a6507e09e15324c452206ba4a9d9fecbb495db8167a9354b38e608b425de039b090ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
28e5832da766e551c66c856aed4381e3

SHA1
873501879c650d7f2003cdf0367d620f77f2324c

SHA256
49e4969f1fac6c5c4464f29c6ea9f43955db3008ab4ae23013f8a7e6af998008

SHA512
66136f6ff20e95c847ddbf8919329161018cd3465540b9057f0f829d3dadc50b7e5188666d2a6743ae08f0b1e87480cfee64971a002000022af1fb7549d21d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
3458fe401f930423863efc0a18c41ba1

SHA1
3b81ad164e1ebd31ea3f684ad3ca4ce4ea5ace2b

SHA256
b598164709a0176d7fd14c0d7d8ae4d51f6e33aec4ba17a01d6a8733fd4ab570

SHA512
f1e3d6c10e7b7c28a5c43e2051117a60786f5fb6a3ab06f3ab7bee8faf3e4218bafd45748f9df87efb9c30dda42bdd4114cf1d84a8f5a90abd9bf829ba4322a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0db56ab1654ebf9b73fd5fed99c6b393

SHA1
70b6f6d8825428523ac14986356a360d6a07f71d

SHA256
d46513d896d812554aab0795de1cdce4a96768a7fca59da27e532c346f613356

SHA512
921ef38563ac9a10e845206ca35d5460232b1105a7ffb2418139bfe64a4b7e047e24e90e42631ef74bea215d60ad70477b1de8074ecb10a8e1d165dd59dc2132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
99518ebd1fec736d15cc960090156b99

SHA1
c2a24cfc9a63fea7b7849b1aa10a5a4dfc6234ec

SHA256
b4f7e17dcbe65f9c0097f6c58e81d6510b531cc310318e27c2190f9e99d98e82

SHA512
d77733f91c3caf8762b39b132544e8d8cffc065784c794c9fa6400b5d4dc9faa8f70daaf0f23f1595c2f96cb2d96513f8afa340f7d64200658f9131403b4e491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a6c5604234cff565290cb34e4ef8f094

SHA1
c2cd68233edf69a42212bb43e61099d3a2c65f96

SHA256
1b7efb27dcf6c95613bf0f76f0eeec36de2f203b6cf11a5671767c994063f24d

SHA512
4a89752de49dd6a000aa6514c4a96187b6e205a45a6a79d1874ff18b87dc6cc19d18bd05912e6700d500159dccaa64dc78ee8bc6c505ed5a9c156a5b2b0aacc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
61b15693e11155c2b1b32c9b40550167

SHA1
39b06ed99347aa01137495b1dea288ffd4df9b2a

SHA256
9eec36ddbe8a25f8ba0635d140040f3afa5dce182a2623cb0d193e7a6f94b3b2

SHA512
c86968f5ef50539cd1fcfa8228de37f6c5a2d8fe9bb660ce8f68c038dead1fde85717d11ce40e810f335006048e1d5d78c710e03ec160565177b20ea91b32fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6e5fb6f5c03a315db8b2d9188e97b20a

SHA1
087ac02568b14b744650f83d1b05e1d5793c476a

SHA256
c82fdd937847c97cc66cb2607532bc54d6e47fe34bbe6b7f450a153d1ed6a8ba

SHA512
9f7662306b361b47a43225682ab57c4fdc6010dd490a1f525b701d33a824e4d60b1370700d07ad8474caef6e8eb89c17c02a56806810eafd3362c11d913aadfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d196787266d47cad8a958d6b2487e0a8

SHA1
170bf3e0bbb65023155cf5efacfa9a225abca0f7

SHA256
fb4b033f7c3ad7f0f293ff853a8c4e2a32969b2ea7a38ddb4474121592189243

SHA512
c6949056deff73e05cffe36ef339f20466df520bf8ecbbe9af6b86024decdee3285e34ac5e2b7c6211fde54134c4b2e0fc7cba701900dd326f910760e30fac85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7231770ca48e674144d5ba452216b8b6

SHA1
82e1e029c1e78d0cc22a4560495f0d4f8d3ccbb8

SHA256
d6d9c9fec8323819008398947d0189f550ed0012e12bd938bd430babf37930ad

SHA512
aacd9710e91a0122566fe744f5dffbbd299a08de0bebe4d4583d723b03e71235d9e837898d5717a75198572577de51fe1a786c7a756b6e783400479a1f6c089a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8bdfbb39d71ceb1bedf18d39e2580b55

SHA1
9dc2e463db66f15ed907cd1a4be128ce9924cc05

SHA256
8bf49ed3b2be37a8b1bcd2cc8b527c5399854ab67a6a15ea304b00b71fc8c658

SHA512
c1ef835dfd5ae0968020787bd44addb2cc053cee75715326aa7fcc9ac572c97ad8a8e77ad239b4f1ab45d15550cfbd4b09b7dea7b260d3e19919832a724806af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c3805a135e6dd433135f236ba70b8cbe

SHA1
1d2d3cdec78667956380ae0048da23e9ea434945

SHA256
e0aeaea40b90381a12214d6fe3b0b2a0b3b65db3587c6eba1e6435b49357a4f5

SHA512
24245ddcb83b1c9557d35f875ad214732640228688798d3fe44a80cec89dc15f58054980309eb69ba767511f81b931bad588476a543845ec9d59f92c4aa2e223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ca6c4435cd4c138de333d9d4cd1569ae

SHA1
8e94267f7736ed572886ba5cdf85f7c23d1ccbe3

SHA256
5a4352a84c66741b88b08f9159106af05cae43dd41fb449cb05676fc0f0eb051

SHA512
a98355e2fb73f69ed7f2de432a1db3429a59f8f805e7c86764d8a22a0d22ce028d5c9083216e5e9824ea75fa4d2bdb3f483b01bc5eb00dfc772178ab6f09edc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
d847edb57f9f68d2a6e288a3d344ad18

SHA1
2cb4715ec352ff8f5978acdfe907d3781b4f5260

SHA256
e3117ec1a53949468492105f5d173b3a52b2addd5c078d26e29c556f18b32e64

SHA512
5ac53e2d5f944dad63ea14d4f7f5dff70695a1a37d375c3a4b3cc19e278439e3afab4f5e49aa07a9c740cd1760e561e35e9de0252b3a847030ae8319150db096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578e84.TMP
Filesize
1KB

MD5
676088f9d5cde6e8e6e9f5cb8a0fc423

SHA1
ae030f1202af9f97b96e49562e8a016eda19047a

SHA256
5f407c071d5eea344b0a51ac2c1d87f607d466aa785d814fc2148d7f844961c9

SHA512
769faa6b3f511351262e168653177ef638fed44f71ef1db4a26315ea41068f34d414f8cd3b0f93c3fd52e10f80e818725155c174e9db122d641261e9ede66ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4b983c711ac6052ab8fffb293842822c

SHA1
8f74fd0c9d2415011a844683cbcabaf4d00d4d2a

SHA256
9645fe8ad9e15bb998b7c9bdf959c78b35e6ff3fddbae7819b284df66ca01107

SHA512
a53014fb08eb2e04cb8b6debf44022f0799efabd5e07245b8e7795387f0a9ba20017998d3a3f62bcdff4304230bdc47d7c9819f11c51c0fec503302ff6a76fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3be68c399b50fed03a32af2b95ce7a52

SHA1
b6fa6f21d04b0cb61d081d27eea0daea5eaacdf6

SHA256
f2b4d18ec56c574568f0417197ccaf4980e744b6c631cc33e48c46af03d7e60b

SHA512
cd9c7bd34ef2acf25b1165d42b2d2dfc9fdde6e4c2828ac89ed1a61930d954c9fa07c9bd7cb848ca31a2cddb1c879cc5f1b4813d40c7f05544f2db9e57609b67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1436_RYWWJXJZBCZBHICI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit