hxxps://www[.]bing[.]com/ck/a?!&&p=5ccf9cd8efbb4c0eJmltdHM9MTcyNDU0NDAwMCZpZ3VpZD0wNTQyMzhhZC03M2NkLTZkNTktMGZlYy0yYzc0NzJlMDZjNWYmaW5zaWQ9NTQzOA&ptn=3&ver=2&hsh=3&fclid=054238ad-73cd-6d59-0fec-2c7472e06c5f&psq=free+mod+menu+robux+roblox+pc+no+virus&u=a1aHR0cHM6Ly9nYW1lYmFuYW5hLmNvbS9nYW1lcy8yODc5&ntb=1

Resubmissions

25/08/2024, 12:03

240825-n76lmstbla 1

25/08/2024, 10:10

240825-l7d6aaydnc 8

Analysis

max time kernel
671s
max time network
666s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/ck/a?!&&p=5ccf9cd8efbb4c0eJmltdHM9MTcyNDU0NDAwMCZpZ3VpZD0wNTQyMzhhZC03M2NkLTZkNTktMGZlYy0yYzc0NzJlMDZjNWYmaW5zaWQ9NTQzOA&ptn=3&ver=2&hsh=3&fclid=054238ad-73cd-6d59-0fec-2c7472e06c5f&psq=free+mod+menu+robux+roblox+pc+no+virus&u=a1aHR0cHM6Ly9nYW1lYmFuYW5hLmNvbS9nYW1lcy8yODc5&ntb=1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
3612	msedge.exe
3612	msedge.exe
4828	identity_helper.exe
4828	identity_helper.exe
660	msedge.exe
660	msedge.exe
660	msedge.exe
660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 4740	3612	msedge.exe	84
PID 3612 wrote to memory of 4740	3612	msedge.exe	84
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1652	3612	msedge.exe	86
PID 3612 wrote to memory of 1436	3612	msedge.exe	87
PID 3612 wrote to memory of 1436	3612	msedge.exe	87
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88
PID 3612 wrote to memory of 4936	3612	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=5ccf9cd8efbb4c0eJmltdHM9MTcyNDU0NDAwMCZpZ3VpZD0wNTQyMzhhZC03M2NkLTZkNTktMGZlYy0yYzc0NzJlMDZjNWYmaW5zaWQ9NTQzOA&ptn=3&ver=2&hsh=3&fclid=054238ad-73cd-6d59-0fec-2c7472e06c5f&psq=free+mod+menu+robux+roblox+pc+no+virus&u=a1aHR0cHM6Ly9nYW1lYmFuYW5hLmNvbS9nYW1lcy8yODc5&ntb=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe899d46f8,0x7ffe899d4708,0x7ffe899d4718
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13511131904033539119,17036934243287820407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
9e58a1069c7e5083c82ae7fce1241920

SHA1
2f95c04b14451731b9f6494dbec0ee95968fce27

SHA256
705a1350fefddd2d49a8861c4c3fc8a521701c2a15c411ced86345efe9e6b154

SHA512
ca869dabe9b22124cb04041038349c4e1acfdae5d92b39073d3ce7a5c8e846fd2b48e5a5350c2a7dc3794771ee1bbc728c7012926378478eb669c948123756a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
debbfd13169859d37da1c5a68aba2468

SHA1
8665f48648db40fcf3630952120ef0c98ee777a5

SHA256
8b56322294b76618be65ce478f86c03ea2e6af6e0effd861435863529e4beb11

SHA512
d1350e6a0ab8f79b0c6e91c8bf59cf326e111d164bc00a623e1ff587a7eab30ce10a0afa8415181ba59fa805b81a4de6b8b75490ab2c005c38aa32bf02831dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
29KB

MD5
bb7bbdc5acb65d0352a68018c2755619

SHA1
58e607961d0fdcbb62c9ee6ce6b8284364f0e5c1

SHA256
7df1d1fde31efe870f041f1123fd2f0d0030ff7f5d8cac528d45fe4b1f4cd98e

SHA512
0d9730381947a91606979355848c683364b0205367d8dec4f4b5276968fa663ea5f61c1152ba9bb0a60c8154c5d119ee84e1c28fbadcbbf15d7f0ed332cdda7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
77KB

MD5
25c4e6e586254b89fa27be152b55809e

SHA1
3ee67896be9898b569f331235d1c98ff8995c0e9

SHA256
4c6d455c957d68346baa195e6a0f8333ef9b3027ee2954df0c44516d22744718

SHA512
da8edb1d10dd0654d62526ac5ca20940259a488dd63966628c257eeb2df815e79706a18f62ed99590bd5fbac2a35b14c318935d33d47dfbb821e10ed1950ccc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
99KB

MD5
c4275008112844af0117e90bacc61af9

SHA1
ac418396bf1cc205bcfd993cc3a7e08f54dece81

SHA256
c949627c0b18cd6572bfdb1ba6616e26dd616deb155fa47608965d11a4561a00

SHA512
e352023ab778796407cd846fee840c9c50c5dd304049c32eaef1612c2d765fe8131a7a2ccf3671809ae393acd67b9397149333083d76f5954b18746ab7aecfd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
88KB

MD5
f95613de1f3be100274cd35d19d74722

SHA1
6af09a3194e1692608612b84e1ec3eea672f62b8

SHA256
a397905951a3745148bb6d771905f7576bc03e85491df80c0d0deb86792f2825

SHA512
0b9cbc22f91438f2df6487375ce373cda20144d9b4b6f10858869e0b38b7899fe6cef171ff96f21013ecfb85d28d17bc9d63c5db8ff2bf61e3e1820c7ac5637c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
37KB

MD5
47360ef7e5a6db70354fda1446e446a1

SHA1
9701e371aa16cf47569345fb4190d64e6974edd4

SHA256
0804779b21c384c52e675d347e802490d93b60f4ed6e398d7e89f8ea55ed7e51

SHA512
c8a2410b90bca273e5b37625933f468961a980e6806d60ac161a952dd6d9a2f8cf01632bd7e428e05acceffa9dcca78b5b4e77fa5fbc4892350b5190b738b045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
32KB

MD5
806dae652bc5f898ac48c6f55b9b9204

SHA1
c3b2beaaa2db20ce1657b2bee3a6769f8ed656fa

SHA256
45205fe83376eab493f7471e0a57b904b997f437de857b8d3e0fe289516adf5b

SHA512
446ed018fcccd9fcc66cca1099beb72cdddae5e9ce43393f4617eb9454f92de953d682a074e67a91ffbe280ce0bc43fa67a5d9ad93ff02332d1a67e53589ce00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
133KB

MD5
0274ed67d262120c2ba54ba6994f18d6

SHA1
4f192960a98a4255dc8440de8ad4deca7c32d33e

SHA256
563a47f91d6f6fcb6d91eabcd55f4bef25d2bd3bb398ee1af4780609c2e8436e

SHA512
ccb3f05afeb8ec12ff4a2c190a4c4f9e3273bc844afef49afd12304f88816a5c5b29ba9422103e60e56d9333b6eb802e1137a4d0d0aa1ce92f1869c480a4718a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
23KB

MD5
426c5f75f4ab6f30ea9a15ffcf42545e

SHA1
c70ffe9805ca16e0f1074d6b1a565ca1e714e669

SHA256
d5cdad19743cf799a8e5c081e4624102f6afda34ae3fe56c3cecf39f4f8fa58f

SHA512
552654c05d96298376f08f737421c486ccfd065e92a8be8b0726b8541fb472f62144478c9c77d205c2e556ba25191be0f70d409bdc12ea235edd0a5298669079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
148KB

MD5
d92d00f1c7b41441862fbca0b14bd475

SHA1
179157c5e152a8d3493f825ee92b2a476ccb79fa

SHA256
c695767ac4317044b37bd3b983fd362571589986ed88bb5bf813b143c43708e1

SHA512
c8522f3607feaaed621fe5157fd3f060a98594fdf1739ed367745397c1d0173a72a2ec21b8907eaa24c9c11e1104de6f3cdc50e30586212ff6ba8bbef3c64ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
58KB

MD5
3145ee5806ed0dcc5769238acee6140f

SHA1
0075a62037230c959ede59ada821a39d46cb9ea1

SHA256
b86d6e29d0dcb0b4a476c1e0b2104e43a2e0dd37e030d2a16583ca2ba49b1b73

SHA512
81f953e66c1176ad0830550eede82d7b04a441667e0dfc91f6b9dfe1bf26c075c40fd5007710bab9744b0cece2ac42ec882e5c20c12755d08f52517474b08fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
42KB

MD5
7235481bb01195f5df37955f03dca404

SHA1
a1b4fd6d9f9032d478cfaeb4bc18a8cf6d40e5e3

SHA256
cba1b7c8426e0dc383ba82e4216d6aa1ad1df45256caa6c409eeba3c75a4713e

SHA512
45264fb8f53711d1198e61cbb5b2d98b4eaa15eb56ea988a47fc72fc59967869d0cd2dff926fd852a9bef33e8f7f5e80bdb0ccf0c7269a70d39f5a70e87d5148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
f362b3a994ed6ea6b38fec2dcfa3e99a

SHA1
dea4dbc73db3354d305a6a85268135aaff86ec3d

SHA256
c71123f04b88528111dceacfa2d3bf3bb80066238ea3d7b6b4c60ccd75f79f3c

SHA512
b49591d6d8208fae16bef5cf8a89c49689cab572a2cf024f4e561d6de71b54f6b666aa692827155520391b0cf139d187d058f28c51af955ef0c090c42c926415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
982649f06cfcfa039b245395ac123786

SHA1
22601fb26aecc2ccc273f0d8824697401a44f838

SHA256
a0b92172785ad6554a6dc22e08aa2604c23501181ca9c4d8bf415ffd0baa6e5d

SHA512
252950dd948cb6752d3f30c06a25518c550008ec0691546ade0c642f5fdab4ed37ad001f3b0bdf7fb1b90c928431d86dfa9522221561a8bd823c2cd020a43089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
971003f83c8717ad2b8f01a0eb4da7b0

SHA1
283e34366c0d739964ea06b86025c1131e7dedbc

SHA256
12b9c58f561204d4bfebe901ca1cd02b38eafa1b9485f6a7f173921734967aba

SHA512
285579e4dd4bdbc475d0a6610d66f91653906d67bfd3218b187087583c4aa2d79f4c57843266363a3b6fdc4e193d63d85d9a8ed4dd91fa616b9900046349fa19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7bf7eb467c44362f9271d70ecae50068

SHA1
9304ee733a4b229982222527493210f1122f1f24

SHA256
0b190ed29adde8b8f5f882efa15b7738aff94451d57066c261e865d0fa357b39

SHA512
2a6969f87309b024dba3327809bcadce4a078effeeca332b46928ca63bc01bbf36eda44dffda95630c2db1a08f3826aeab5ef16a1edc547af6b6179f2f05b07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dcaf764cb7631ba8c7cb2927c20f7e9e

SHA1
d06cebe733d034639646dece2ba379e6c62ea409

SHA256
9558597b7ff47edbe2fa695bfa6f860188093487c678b4009a25f4e4cd6f46f1

SHA512
16679a3abdbe311c71ed1a6b5dc941746591bf99cfdd446a94d5fab291914e995605916dc82cc170468c1928336695a79c17ad79df79b9d8241d0658073daea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4569e2f370864261da873ce78fc8fee7

SHA1
6fca44cfac3af9717cc99a86bebd5121943782a7

SHA256
ab20f524fef8522f639307641630a1105614eae1acfb0e9ab54dfa5606e706e5

SHA512
08fbcc33952cbf0ed7b5466fe081047b4b7029971853fb714ff7754ed8eb4e4a6872ac954a3cf4d5422ebf03a810db12174e115707959ab2990daeb7f920dd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
418136193fc679bb86611a96c0db52ca

SHA1
7b4bb2b1335776c95cda51ce5fab6205ecf7cc92

SHA256
f23b43768da81c127a399fac155888dfa4cd68cc01595e5ada81371751b2b1cf

SHA512
84c3f2e8841e2d981320cb4a7bb74996975dae461c64f9efd2b8b80f755f4ea30b733b62f138b6f3095d767b40a95e33296799cb0d8c0e202b9959de1e791bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
23d406bb8b075a5becc66f5464f11faf

SHA1
5881833f3c9581d5e23eb5f49cfeab9b5e3807ef

SHA256
c036090b1a9ca50a526470e1a8790771bd6993a4c2bcf82632ab967d19627fdf

SHA512
d5730e845c9d5dac010bf6794c9399264ba8ed3ed5dec82540040d0ce258c51ab21f7383d4a7dde706d303f1f345a78c2ab31042b8a29f0556bd85f5f044551d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3dcc88ffe2685faa5faf8e33e6fe021a

SHA1
894d568f61c79e935b6d97a17401ca83a2231f10

SHA256
bf2c31a313a8e25d019cb24051b31268f9d30c8d945585dbdab8b78f924ccba1

SHA512
8888872663bdf4c873392d1b077eb3e347b7026696000977f059a97428f9f35052eac5f30d2566697123e3ee61f3900255b38367f6c65a183b9cd9cd687eb38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b04bf3fb08d20313fe05620737bae468

SHA1
46f59f49d2f3e60318eaf1d6507a8395b3d31e67

SHA256
692b8c8efcea034038a9f0b4a79015fb19122bf7f6828d312b389b6b79bd5278

SHA512
5cc9b5879e629542204157440af76e38469d1ad1e33c97c0edadeb1ed89ef2021feeb984766043a551e8b3c11d742cb5f911081130f1abcf90619431726c001a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8eb5492ff1aeb2b773d00af4ecdc6770

SHA1
a1127420677692d33dc2f353fee82cb20682d900

SHA256
8fc4f2d9d4e6a416ab90a877b48ec827dec86953bda5516eb258977bbd277ce7

SHA512
d0e421d7637985224f326a2faf8693e55741638614dde4dd191a0abc01cccdf84c4f034c946a3fd7c8aacf04f9c90bc3a697fc2ba7b042c73be8bfcd1672a94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c6578.TMP

Filesize
1KB

MD5
ea7bda0f8b0f3f535a798d8193e16043

SHA1
0eef5ec11bc02fdc008d0af955e62b2d12152255

SHA256
7f15b226e13b55258ef8abf99cc32966eb84639babf472c4bd4408ad36e0618c

SHA512
185e445611709f7fb6768d7261ae58c5e285e49136c6b5b167dce441ff518a3c9f9ac1528f9d48bfd2e883f98e4474c2bb531556eff3b18b079cd81f151e98fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1598e0ae78953e2d655dfadc651e2cea

SHA1
4439882a0b2e0b8e19acc8b5affc0d49ba83f734

SHA256
cf82cda53f2d7c65e91647a1a112197fa84fa07e86d81a9e07f45d148b98aa17

SHA512
491d63204c3b1f912327f3ea00ed5ee6e87081a450d3b841b5108887c516314305165e4112e0b79b4d069036e422106d281486c74b56743ebce7da0c099fca30

Download Submit