hxxps://rule34video[.]com/categories/roblox/

max time kernel
168s
max time network
170s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rule34video.com/categories/roblox/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
4196	msedge.exe
4196	msedge.exe
2956	msedge.exe
2956	msedge.exe
3148	identity_helper.exe
3148	identity_helper.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4156	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4156	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 4820	4196	msedge.exe	81
PID 4196 wrote to memory of 4820	4196	msedge.exe	81
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 3704	4196	msedge.exe	82
PID 4196 wrote to memory of 2076	4196	msedge.exe	83
PID 4196 wrote to memory of 2076	4196	msedge.exe	83
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84
PID 4196 wrote to memory of 3352	4196	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34video.com/categories/roblox/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff09403cb8,0x7fff09403cc8,0x7fff09403cd8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,4786229912153455245,1625450116804034806,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
34KB

MD5
e980321f77bff4598e3b0aa32b63d652

SHA1
7865d48e20c5c77f6df87db347344ddc0677b64f

SHA256
9a6edade9cdfcafa5b5065b262f7ad1bdd8d2820965194498a7b4f3ecf10a0e9

SHA512
f475f7a150310684f2ae9eb80c0d74074713b6dfef8e6288d44798a8e6d3aad0c32d3e8d7dab040197d3b624ca81326d06546b34c4c5840f3c5b77ce6f4d7af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
50KB

MD5
7c82901782e5295c32cd0dfbb4544891

SHA1
5905cce6380387285e126bdf22353536e64dfd13

SHA256
810735fee3581327488fed7689e0e70c9ff82eea73a2e5fd6b7f31fe18838626

SHA512
76ffeb92c5778d33dea91e71b559263aa79574d7ee159fd37090cb458290c042db251fac1cf1ea0b743ff5002d7049af393e4344ed02716378edd026fba604e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
50KB

MD5
85fb0cf2d7e5fa4eab2005a02b9f7da4

SHA1
93d6e62c01cd8764f5f585441f6c9391f9c5b3fc

SHA256
010f8d9688e78f640d3254dc7c0541f66a7b8426a53d8fcc3a1b0fb77efa1d0e

SHA512
3a34f669bef4c4181a26cb0a5ddbc89861fab02711b55444afa6b434562aa83ffdfbb1b6f96dfdf6914261b53c06d46b146a257c93706ee8ae025a986b7235ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
50KB

MD5
c99233a9d0ef2b14f2b06fbeaa12d296

SHA1
ea11576860c21e008925b554967c6073e0362507

SHA256
6067e4b8695e385cb462842ae75de941c9d160ba441724e925a60592515dec14

SHA512
a9dc8d3a44b7179fa1ddd1f71d199d51fc2d3adf70261290c175554d0d6b0ff137fec34630b932599a59dd4bcf22e397247c267ba0d62c658840a386fa1ecff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
50KB

MD5
30281e159b6a239397cda6f31c3213c6

SHA1
fd4fd1f9cb6530d17cc441a48fc8867cdef48e80

SHA256
45210311500589afba64c6d1749ece76d899271f6c3b05c898bc19915699946e

SHA512
461273489e6d7b6861b5a31cb41ee093919cf57bf85857189b4a3e08b76bf06478b937a26ea5900d84dd6032df15583e251c8ba8401939214947326f5b666737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
103KB

MD5
5583c8e0a881d64ceb5c09e2e92816cf

SHA1
5020f789fbd174a92233773d5f5ab2e909c21ed2

SHA256
f39ec11df0aec97610739055fb6ba890586c9c19cb1b1ae391ed0e8141ab02a0

SHA512
69144343b5c87eea635c7f8c6de95426476f3e2ddd8658ca2f0a70c92ec603cf42ab34d20cc41cb310df80ac7c71dc2f5610fb03c7966dbabddd962f982589d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
55KB

MD5
3d2f4cee7c076cbbdbd43952cd76e125

SHA1
f1c852d9609388c4bb093aa722daf2568585e965

SHA256
77aec979e7129b63ddb1d578199e2dc453b98da9391cbd50d5cbaf46a55d4539

SHA512
a000e78c6c9374abc2844c65024b1383ae849fb28f2321217151ecfd15825e7631261ebe333ab761020228a00681febbc22ee3f5b33212736b0f330931a43ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
47KB

MD5
152bcbd0a3f7f2d20b80159e48eb785e

SHA1
7c377b770eb147d2397058512747065c5bb80bb9

SHA256
02bd211cad58c1783aff9d8e85ce54e62def9c7806c5189b255b0578830f32a6

SHA512
4acba9f77bea46b464007e2d59f6dbce6a95d08c33bfd7684b5e0d8efe18cec7ab71224e98fbf531d74a2b3e9fe1ce9ddabec04175d3fdf5aac94167414f1426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
47KB

MD5
c15e1a562f188704cb6ab2a21a725a23

SHA1
63c6cdd3c4842014973b2e5c0f0d54d0238d3486

SHA256
0b2570eaa917e029f388347eea61cff74576760ecaf91c6de2f55cc7cdc731c7

SHA512
63db3c8dd724ed7111a08ebc5279103bcc7c087c7b5db8dfa26a2aa94951712115343360dbe0b004c962c09309fb68834873462586e6b57884b5fe4509048f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
47KB

MD5
3609bced0e7672e52823dc7da53d90ca

SHA1
a5583207a69b13cc5f466fbbf9a4c5f3e34b9a80

SHA256
8a898a74d5f860ce0030d9a0d1a8f644fae178fcba53a886295b14be12f0f378

SHA512
8ae4efe2bfcb8aac1982d5f3f639dd5b095a29581bd107bc6df95662253564bc9de55594eefe8d24178ba08dfd12c642c3d8520cc67244b3ac440ebe97d60aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
50KB

MD5
9e2e47300eb3909f8a9cc0e4b9e8b5c7

SHA1
2b668d893343cb2307f2e826ef1dd1c3bcad4724

SHA256
0dce9e178a7d8cf90075cef30967185236ec012bc9bdfeee0dda4dddd3df9f4c

SHA512
d0952a10e55ba73a732f2eb92706e1ffc000649b51fccb8f176d5c740ed0dc5c3d3457672a0030d03a472229b4ef220ba534864bbb6270c8a703398ee67c4228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
204KB

MD5
f5d6ac8d6255db39dddcc2135f64e428

SHA1
5d4b81e7bffb3a1f55754df7e0f914808e04ea86

SHA256
b022237c0ab50f038c8a8457dbdd3e029d4f644a08b097e514de2ec264fe82aa

SHA512
e952d7ea13f07e7fb822c553cf84445fc01054679036ee6824cc3b4753aba8819206cce7148e53994c9e6e47df3395c2671331354a1710745abba91f2ec44eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
308KB

MD5
1e524e2bf8bfa8b675fa31638d53a7d4

SHA1
e8b53f4213ffa7da544de5564f1af13fc01e12b3

SHA256
a72c9a29e71e0e29aa9ffe8f731ab86fc5ff3f785ce1f38af2ed6aa7848dd6d3

SHA512
87dab44586938c5bd2058d6e067a14cea07fb8d29936958ec9251928a09729cf12aa614f2b97d1f83b9dd120d75a99ceb2b9733c647ce4f9c69e92f4fd9c3c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
460KB

MD5
74255457c182d631d8049c19ff9ab40d

SHA1
ab7acb1252de8a91d03a0ff5d7a2a71ef4d19442

SHA256
f6c1041591eaa6ac101fe0c52bfca8b7fcbc5dfd08a6dd186d99fe18e3e483ea

SHA512
46c383c4ffdfeecc9294f728bd630af049fa3eda0b43e6588efc4468f50576fe5d6726303affef1e16502ae02da9ae72501fdbf67ed3c60a1e0b7c2bd624caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
6c1daea4b2accb3c5fb212ca1f064f42

SHA1
86a302ac5cd7a3e9fd78aeb634d297c084089be5

SHA256
14d05275451b56edfde9f4bdd3e96de71e3ec0eb84b1ce43af4081552be4dab5

SHA512
ef906e10cb0eea5b39f3d2efb0d071198ad082a2a38a1b5111253017006c83c61ebf5782354c69c2d86e6461c2020b3fae2adf47add748c3cc03dad8822886a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c9b5a20aa1d0604a8b2f893077c1d3c4

SHA1
ebbd7ccc5dffe31dd0c7473a66955d27ecea76c4

SHA256
057c3707c559518a4db36d21b7d8fda4f94c3898c5406be5b711c9801a4a510e

SHA512
f3e2059adbac723b5809d12e5eac395ba191e62631522cea3c7413ca251ffe4b5ad83c2d277ee60b83c07a189d2b2659d5aa9af96684264d60326a1a027af5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
756ac8856e06f942b4a3c41d07fabd3a

SHA1
fa9ebea9b6f49de1fa9b98596f42afda75439401

SHA256
cb1595e01ef16c9088748efa4fb5a2ed33bfe29511923ef6addde69e12f119f2

SHA512
e5bceb0cb35ea34b4fb03c4e696a0fcbcad64fec6989e0d96c4ef2edd87fd915cdeafac2c1cc8c6608e623fa64bbee919bfca5c265aea87eb6ebb0a855f3c07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
097d29440eb80732a14ad329ad27f26c

SHA1
7a14308e3683bfd5b95dc6dcc4d6d3ed6844d026

SHA256
d6c54bdee0a14c314f27cc4ec5adee0192c279caed4a09bd4d96d0bb2e60bbb1

SHA512
98515be1fb167ac2490e09985fc670bcb49eaead9ee38d490eeeeec957a046a0602b782af53a28ebb322d2f5ef4d950cabd03cefdb6828a5e232234f8cbb93b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3af7a5a2fb4ee0107834eecdbfbdd622

SHA1
96dacae629c4d6543e40c0782fd5e562ef8e9364

SHA256
3bbf1d49adc2b926de754f28fd7a86a23c47ee0c75793cfeed7b0a7eda81e138

SHA512
9191c94698a038b3296327bb49f3f2c1f8b3024fb9afadab849b9bf7ddbff761df841434c3a597f4401baa06261c725f9fd4bd5d6461abc8b606c44b6ace0fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d0db51ff80bd4a777803c4539905f6a

SHA1
c18a46073ec01f4f415548842fa6000e54a5809b

SHA256
3038c0d739b835521ccf3486f613dc63dc2f910c58919d67ac49cfd3d235431f

SHA512
032a9240933cfecf23a04c25853e1bb51d0fdb5bf7927ee518c3a24e97d4768802874bb005eb94ef0a424a3a0fb741d911703034371f44b05028f7c08794a963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f30fa435fa9b6030c0f5a9158be896fe

SHA1
ed545c13f9dbf7e5f17ef5f2a78d17ab9a8881bb

SHA256
9a414ec5dd43dd5e2a7134a85f3a6dd2df5a852495412a9bf089b903b1ac01b7

SHA512
9c4650919310c19f27e5add9a92fa85f66a72efe082a085600ca0ce5dd3b50151a9bb5309faf22b2109ffd2119a75e9a06db9f44ed3e8120a3af25ccf08e39f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3dc6f6e3150c63fba68bb0b6d73f7be

SHA1
dfe57097504f10416502498b6fb7bafef32753bb

SHA256
b9f1157bc06435ee84210e7c5f672a9e85c9cd4a2056e8c305321cea4fa1e89e

SHA512
c20817182d9c03ac9f89d906ad3567c530368192bfe467a7a67e16414658b00262d6dce5aa08d0d7673c665fd7e2b55e8956d72f89b63d4ee3d24eb45b2cafec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dacc098651dc58d8a37eb95a3cc95bff

SHA1
488bb4ca621a9bb0014f279c30fb6cbe95c97880

SHA256
36d05a86ae42ff2936fbc4b94afd6372fc214814757dea0a38edf1474e19ce5c

SHA512
3ef689f5caf54ae34b11c1fe0220b6a9b5454291d5932b75ea9690b6aa48410e3ced7540b0d34d10c568c8b0991f2c77ade7132e965fac2460354a3047b1ebfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c777cf5585162c0c88d161af471bc8c

SHA1
989fb78b7aa9dbe973ecc79ed2ab31aaabff14f4

SHA256
dd36096f86357436886cf31677ec2c51cf8bf9d0ec3cf9b295bb784d4274b324

SHA512
135ab80262aaa0670dfb8d7f743a8964e0d525df036a95b239e2b6daf3e06fd8d0d95be8b441457187cb00ff0f153194b0402da00885c7c36c149cdbd95e4666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
53007ef6639c8ce3c7c4ff3c8558c7a0

SHA1
e9c3a07d0eae424d6b5bdeabc10ea43defff3d1b

SHA256
9446a83290f2e3f5de6d9265072b05491af6232d38ca88c83684aee4979a4252

SHA512
8c5db7101d3fae1a7ee95af0befb886398ddee15b9df9fdcb0ff912cce0b0d4c0383ed5e175afb6b6273d357850d6a74d2a5dc535d54c707dba99e2b83ca4a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bde42ada338afa0aaf245108a5d1a1b

SHA1
b0bfdaed4e948b8e1ccf0a76f22d51a357f80800

SHA256
ed9abcdee6ad53849ee774b9e039d2de9ec4b3228f321bb47fd7abf34f01fc7d

SHA512
184c54e7596071988d2825ef25f093018e66b52cccc686af61de876f6ba7dcc48c252811ef4c38a601bdb2042a5104565f7a3ac113c36ea86fee8aa61db99c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
640c1b38ef04abf0956104b91bd9c418

SHA1
ea37fa513547ba25cad138c2e68ac34fb11f3e59

SHA256
63510b50bcc89521e03fbb7a92e4cf20c664ec5f31da39f1b9ea674ae55b356b

SHA512
0273d7c1deef34a0dfc77e97b8ef3c52fd51accd63943c718b78a2eb4d622aecb592b0e20f6340c127ea8a96906376cfa7acdbc1b2e251ffc7726454396fe303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2de8953d914393bf095fa1742c217aa4

SHA1
cdd21de0ad38dd0efb6c222d707ab2c751898ffd

SHA256
fd88bc65c2aedf13cb1d57b4589dd075a41b633033488305476913b2cab0988d

SHA512
cb053000cffdff798620518f1a69a63b36de0a8be7a15d02ca4d7779943d0c1defb97d4f2b4d34d2675459091c31ee079fcb512c8189c41dcef607f34516d0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589805.TMP

Filesize
369B

MD5
5afb1b228830cc480a32e2a21729dc9e

SHA1
d267e8eb4d900ffa1c2bee7335bd7cc4e2ce87f9

SHA256
a5e32f9886fab9fae15754c9d0d845e546f061ea0486d5a2fe9fbea8c1796ac5

SHA512
43d3202ef02c4ecc3432fe391c3f9f2db105eda0bd81ee53a45b381d4eee074f37e90479ed303e1282dc1b6de1a177526976b6c52cc18e62c804f3747a2fdcca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd91ab4b29ceb5dd85c1345cf8fccac9

SHA1
bab6b7de7c5ebcddc1b6ec9e0e1e4a00bdcd18e1

SHA256
ff7618c61d3c97f350440fd1dbeb43d10c3d2f256b9c39ffc412ca0c4febb379

SHA512
bba280f354af1bbe88f184729a3d1fe8dc4f5c5eefddd16d92760c4d7132044cc27b05456ba1cb0e520a6691352e65dfc8420d0da3511b7c1b27a47c5c0b603b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab29c452eba038de64ca9d4a4313e530

SHA1
fe664e6fec4ed4acd8ff90c64573131095810d87

SHA256
698671cb2f3a22fcc849a8d828cb3b10b7aaf9fa124c74a1799fd57c42595a7c

SHA512
5efd668476f0afc9ddf4405339c5f0cf26d9af3ee106edcae3c86b5ff3bfa3ed575ccd8ef59cc7879b2a48fec691a1162b5b46e8956f24d84489eb2cc7f0b3be

Download Submit