hxxps://www[.]reddit[.]com/r/oldroblox/comments/1674dxm/2013_gui_in_roblox_studio/

Analysis

max time kernel
999s
max time network
1044s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.reddit.com/r/oldroblox/comments/1674dxm/2013_gui_in_roblox_studio/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
4828	msedge.exe
4828	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4852	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 2876	4828	msedge.exe	83
PID 4828 wrote to memory of 2876	4828	msedge.exe	83
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 3640	4828	msedge.exe	84
PID 4828 wrote to memory of 324	4828	msedge.exe	85
PID 4828 wrote to memory of 324	4828	msedge.exe	85
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86
PID 4828 wrote to memory of 3652	4828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.reddit.com/r/oldroblox/comments/1674dxm/2013_gui_in_roblox_studio/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa68646f8,0x7ffaa6864708,0x7ffaa6864718
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1308 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9500848741956225066,18039939600669210237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
b4e3dbe6148a9ad8051bd3518d9fd5d1

SHA1
84a1cdf2b6b4dd95e37cbf8630019d2509d72949

SHA256
9b88625fe3e955a01051303d5ecb8fe0e8359d7cee193255da892731fc36a798

SHA512
dd3cb685b85736dbbbdb1656fa8f11b077e05f19928eacda672f364789904c641951ca0d9d328a4198e9eae38ef24fff2279328495a55c5c4a52762c8b99722a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

Filesize
303KB

MD5
6842d4d28852e1aa368d57a40d17e8d7

SHA1
bb15e23d5d7e88aef70c342f41ca80def0ca640d

SHA256
8ebaa14ab8c87509f48ecd708f05778befe0cb5e4e739e91753f4cc4eab8be42

SHA512
2fd1529a9c3b310a0ae86cab9da6d16abe4181258889f2c04d95ab03b266d509b4a9746070d98d2fdd1cb0f7ce5911a14df98af0941f7a232c6b0d5cad979a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2f4705d3bf717cb9ba4c11055bde06d1

SHA1
a88dc80849e9bc01d4d80f274b94fbbf2118a3ce

SHA256
ec5845f198d28ec55900178857508908383a4dddc52b4214f5ccc1d724ee1094

SHA512
5ac0143b08eea87884bc4202b83b0cf768e7290579b7df7e7638e458c718778a66779b031a73132551311ca23aa76f81000331a629064b8d837f6ea561f86371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
8d5a49eeb0887e5c273a4800e5cef535

SHA1
4c64d783baf63cf06a7c94cbea8ae275c66954d9

SHA256
c23516a134bdba7c9f6b11681d53f0df9b8feebb7d31ed61c636956973ac5cff

SHA512
350ea9cb711f108fd3ab4b8d5ba4ac0da793a25fff596e888d2d05ebedfbad5f6f20c05fed66880e62a21d9cb18ca6c1fa3c87b88c28f150fb12f2fdf127842e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
4541b33cf43d8c6681027e09277d2fc7

SHA1
ddd93c9525ff50568b5d357c1b81371a06c5f82f

SHA256
fa284a609f027dc2e04b8b8832338967742fc6fbdf8c5c821adf26013ed034c0

SHA512
78744d2fd7590f6e44286123f7252dbec755416a5474e65bf0d74e0235169908c3aa2af39ac8b4c48315cba7d0eaf898bc4da6d92101629e7e3d3765873d9f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2b50a2bec7675aa071cfbdf2a97fe78c

SHA1
2b8812a50234030e1780fb6e99cbfd1b658c4ece

SHA256
30f5e18e2d4fe3e2a276a2a9ccce1bbb92ee503183b528112ceffbd7a081bd7f

SHA512
fe4569fbcaaa94c4a40eb3bf6e38f252e51e2bf1238b14e2ee7c2f70133f81f83bb1acf6e738de272a35110e014bd797c32a7c455ee2d33de0aa819e0617dc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
b21055b52317d92f4f5d0c9c44102028

SHA1
7a428f4ba8368f999808430a7a331a8f2af0a1f8

SHA256
e8157f78a40e8a41799f44c37a34f670a399f46bc1ebe150a1bd9497747c67e0

SHA512
74fb2f4439c1bd3971870a7ab722393e5fd6905087062c27043cdb173ad448aee17b1aa1b215abc315ec47c9a46612079786c4007dc0f309c39943828dc1be81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
669c66b584afb1f0636f62e9d34a580e

SHA1
897722b203401675f5fd97b71295b5d07399ec85

SHA256
d0505cc629afef1f23adf455ad048febef856fad1cb7516ea3ac37807e0d6d03

SHA512
d46a815fa0ebadb33aea1924b28fd207eb06e568299ac60854b9b63f91c97ffb4248a80b84112d6a11e8c194f14adeaf319a1217d4eccdafeada37e67adc425b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
995c5780a16753640ce36ef6ca515eda

SHA1
7dca742c93f5abc7d80a2dc1db8b1a429365fd3a

SHA256
f7ca5d5ce5eb8ad707801cd991d7dcfe89536bfb94d1006f3701a3f342d969ba

SHA512
05de16e92235dd821257c18b6fe7fb3f3d88322a4d35138e45984a057e4718558613773ac297bd54a66602e2973aee8a5b85d2268ffc4ff246049a242636ff8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
bbfa0ec1dbb16f93a1aa1e9852130684

SHA1
26ecc0fd118514ed08027e289707dd75b984bb30

SHA256
4ff7e9b842260666de337b3a4286fecd6b025a65e88ab220b1f0321f0fa09afd

SHA512
b0bc2462f09d48fcb817ecc23d3402e5ce012de0cb5dced906a0824b41be521b4cae17c0b151d97b12897c3fbbb9ace08b0d2128e9c67c65197a2ae36f717756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72a5b8e819aaeca92f5b0ccc47d55324

SHA1
78d104f35604cc47be0d08e6f13ee621fa8d6479

SHA256
dfa2824dc459947a2fd01831a385db8dcfd5a34afba3904e805541cb53c63e81

SHA512
e2961372ad36a11403ab177e4d14d5d0eab8699fff9e6c2ca715ac60e5e221dbcb4afc9d58344ed8e636b45de5e2223a0db64e44149c0011bd45e3526c319451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d09d5b581be722b580fb6d08dd6a9fa4

SHA1
3a4edf6c103fcd5c3384ec9d23bdea373bf9c08b

SHA256
9967bf22b5228d49aec4978eb411bcacab93ead1842f49bac716b7f561114caa

SHA512
86deec75db0c8c8d80663d4a11fac110b600f5c133da695c3b534216c5c6a90ca3b16272cd1e706b40e992ff147e7b851b43c18621a13bba26166d3af13314a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
694d28a4efacf60e3b038740a50fb42b

SHA1
dac1746bbd316f8398c5a3385ada9b78eb6e3676

SHA256
53760f9c452bbfedb78ce4546d7191335a64e797f7a1b08664a7e0d8e1bf3742

SHA512
56728f0e8a555ea1763fa7762daf1371f50ba5994ff6a301c4e43553788b010759f525fc43971bda775b959145c5f3b6f247f1cf7d44c8d38ceffd4360a5b648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
13b1bfcd0bfadea4108b0f270733f574

SHA1
ae427c2dfd7418adea267d1018a6c77dd2f6a8e7

SHA256
1eb38a05dd37f323f51856692eb90ee05853ddcb975c6b2dc2a93e61fee4b1fb

SHA512
38301abef0dccc1c57fe6837a0ce0d02fe6ef7554e5f028cc3f59421b55fc1381e0454841b04c4e8dbd36dee1f94d03f2d60cc046603a9c2a62b306e7617890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ff63612ea22bb89030d735263f707c9

SHA1
795d0b73f021dfb38942bb1829a4d306b8ee05dd

SHA256
238e3940404252ab676e3165fca062d553cd1b351e1244abae057c3ca920c755

SHA512
5464279513bed16cb7e8f464bc59f5678bc43698443d1c0bef8869f18a48ec59da64cee89fde2754e8f8212755655bb7160727c1fad6b0b69bc9a48708f10b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
41b516c0bc80cef152ed834ccfb16afe

SHA1
b2805406bf4e582b5555c44f4cfd4178d7d3e70e

SHA256
525e9a2a30032756a2bde02a6af3aca9c243386f9ec8b239f3ad21fd6605456b

SHA512
f6f8556b54d2061d0365d8b8829ad13bef4123c0396ea53a17f7a1d62b4289dd4d121b8a4a443d9c0d66a00e447bbe8a3a284373a64ee2db2a6ef2e624871d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f2f4b402a6464267307f3fee1c543d63

SHA1
4047dc3ce62350994a0ce2ce92d616e9ee3a4b03

SHA256
24c6bd774be1ee691c8b09ad54a7af67e840835d2cbf8ffbc9691cd234a59db5

SHA512
474c58c70028f806079923bb964566ffa7b9f124dfb49501c505849d06a44b5b5cadc0d8504bb454f1562618d6fc38dfc3ef43043e52c327b233097f967dae25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
077783d896cae8af101917dad60a9ad5

SHA1
44bb704648c3c5648fe27432bd352412c6d440df

SHA256
e271b0b1c9e4556f9c7cab4ec0183738b218100987d7d76323fa1c884123aacf

SHA512
0646ea290bb4650d6fe18101a066072bd78758057d5ed9f24ac87642901cd4533dc9c645ad90ba44b3364a2d7451f234cf113319c990ad7df93c9586f802c816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3fe98886-3e9c-4cde-a40e-5a645b8976c1\index-dir\the-real-index

Filesize
2KB

MD5
2c32f1495ce6ea9b057387e1a7c613ca

SHA1
158b037386f4594af31fa90db182c207b7ffb6e6

SHA256
b0eb427dbf1039c0dd3468d124fd5fca3200bf94e83bb4dfbf9193fb3af815a7

SHA512
039a43861683d3e48aa4202343ac2b488839ae1fdde058813614e106bbca5ce424bd80ccb81816e4c28000ad904a5c2bd422348b53e700b442cba20c59471809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3fe98886-3e9c-4cde-a40e-5a645b8976c1\index-dir\the-real-index

Filesize
2KB

MD5
ecc8c06c05d83f3fed1ee69aaa21e132

SHA1
7bebc1f85ba3c7c0ec93ba5b65c3cea42c47818d

SHA256
1b33524656da22e113dc8ece0ba02574500c9af70a2a839febf140ca2b52c2ab

SHA512
52905dbe2b96006fa0e921706b7ef245aa336751b7f5eeababca5cfa8ec83d7c758f7c1f4480ad9838649368f5215249b4001b48022185a552c59c13111a83cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3fe98886-3e9c-4cde-a40e-5a645b8976c1\index-dir\the-real-index

Filesize
2KB

MD5
b753aea768fc662fc46fced89fe393a4

SHA1
0d2780fe96c0d02cd014971beff9062affdbfe53

SHA256
1d0a784e1b6b98af7c2e4c070ebb7b00499167bb8189d28de38ba273cbbb4841

SHA512
f3d69992b0404bce2800bbcc3d6d09f0a7b4ee85deff214281df28745a1d7540f343bf061e73d3252181336468b9bcebf7fefbb9202634896371879e2c590e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3fe98886-3e9c-4cde-a40e-5a645b8976c1\index-dir\the-real-index~RFe589f48.TMP

Filesize
48B

MD5
2884866687453cb1041706e5252fb721

SHA1
c5d5ce1fcb7a0747bfb667b3f0f276931c9ce905

SHA256
9443ab72a5bb0f649233b1280b4d1220ce152e21b29b14b8424377b516a442d2

SHA512
72f2e9552abac18b68934ed794e6759b5e05de7f83a63b74ce62369b6ee2bedd4128892040652749f1fbf7bb1609234e5808307c93a43cb8a2e6755bf1777c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78028703-1512-4435-9407-60f1b1068e8d\index-dir\the-real-index

Filesize
624B

MD5
97481813a6c5a72ca53ed5842eeba1d4

SHA1
f79f719d19d9d94e25c551a2b7c12c13d989109f

SHA256
6ca77f0d6c54ddc555863584e7e65c9885e0191bb4a139198e7724f5bc0d65d1

SHA512
bb3b7103670ba50696a44e4f0e4e6b921c01c241ec27631308aa6a6aa7852438d480e1ae65c2856fcaad2a8bc4288ca6f0cb3ff50cda5957fe02b641a1790c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78028703-1512-4435-9407-60f1b1068e8d\index-dir\the-real-index~RFe58875b.TMP

Filesize
48B

MD5
b2c075f34bb73769897fa1c737149e37

SHA1
afdd48cd648c709085c9f3f4aa9739cb6ad8865a

SHA256
f933bb745ec08f86511fb883ab5b568cc70383c92bc80d504d02f832b4f29a24

SHA512
624e5f342fa404f286e6a596d19356ff2669eac954e36e5276654fda741e6d71b3111b0b7cc4aa80be5e305aa45460fad349f5772ca9b92985231b12d857e6b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
91a91e9d92586a7acccc0c73af6893ca

SHA1
e12344e075bee79848e946374974aeaad4e6f66e

SHA256
4bf75f9319b98eb52c31181c18b2ff3999fa18c46ccceaaf04365c179a000ea9

SHA512
bf4117858d024cdf73314066a703c769d2f6ef6628cbd1c928ad1435a432fc9cd5c112e66e713618bc873e21ec19a908aa0f2063cc790ffd81cc28cffe81d6ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
edeffbc27fefb4206026f99c05c8a308

SHA1
613b089301b5f52e39404bbb0483f83d602c7369

SHA256
474d4d73a2124919fd610170ff116eb268817fea5af754cc488e09d2d9c00786

SHA512
8a1ff9a33f35eb4b33455c32b925af10339b7225306b782cc154d1b2d096372c5398863b666162376fa4a25deb102c2551ce36775f70f1d9c9c76fae85227c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
8a7b2c6ba34e0b40bf6da4d97567938b

SHA1
83bedbcf1644cedfa1f65db91452b459ae40d811

SHA256
d0df9220ff78ed46688be459e1d2cc796c3cc4275225bd453c93af4cb5665e2f

SHA512
b2b36c687c944693a8f8ad0b4b9cd02ae0f34bd2e17e922deda2c3613dcf1d305c92edef4f3309e707dd636a4687b09cd15eb210a0c44e6c4ca4620a0a860c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
21f1c9ff82c3def789794618fb871295

SHA1
6f714fe70871e37a2194d9ef8dc156de3b5cde5c

SHA256
b94563ca265d7da7a8f19ac68a13908777227c8e138402b30def9d90dcc21ba8

SHA512
fcad2474e595382d4809561cbf22fc3d027359a7c328bb2828ec256db6d9b04914d98fca8776704bccfbae135a72fc9bb3b7076e99e06213b7b169e184105ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
90d9d7d617179f728eacf1b156145103

SHA1
e2cafdd5232b9770294ea0e1d53f0b0fab873da2

SHA256
037c91cbc9713d313f28dc560f1673a63eb593bba84bf723f75e2f5ad2dfc4ce

SHA512
c352587ab53534f853b333b5ff3be98febedd45792d0b535f2b6d60a57cd5237c9966803774d1ef8a2a4df0aa3533a194819087185ea1da1b2013d1e0e73e49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
3e6e82a2566563c8c6064c5abaa6cb97

SHA1
8ccbce7d629338882a8decab9d5eca5963f0977b

SHA256
60a6ff6562514b4d179cec70a52ec039bfde236f32b80c71399885c444ec2bcd

SHA512
a96209ffa285f26114e348235392434fa5950a06b22850d31128e2566e29cb02f751dbdac0b48ba1443ae3753274915840319c7501e5397ff9c744b2d9053972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe582c2c.TMP

Filesize
89B

MD5
20026eca90ac20cf7a39a11104af1332

SHA1
f1ccca60fef9c0e2bd8e8cf7529d58f069b00af2

SHA256
ba49755010b622bcac250c5de42c4e7f76cc057fd00793801bc9db77ed82a1d6

SHA512
fcdd399b6a8ee79714c9f9e080245cd437d35ea2283f9bd5c3c5fb4ec8800c1d75193a35712f1df6f12055dbb328894e096c9a2a94f24aa38d84e312abf5a345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
17KB

MD5
ddcce8c47d19ae9e6b234f43b64e3239

SHA1
90fc5245f4cb522b5064a72c72460c1759b10205

SHA256
8a74d339702148d0d1c6b6289a6d15b0ba07293b3886cf3d180290d2d333acad

SHA512
31be52b89e055b510f7e2c2ec25c27d36d532fd7c9b72636c1ea2a75fa2530b44fb9db455ffd3d7dec9fff4b7767fa31874afbbbfb6b3da3aa070c1745e3b209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
11KB

MD5
0099c1c2fc0c88fdb4e1647b39daac8c

SHA1
ed99fa61298e7ded733377c7e43a9a41c557efb3

SHA256
f2e8d771dc64de94abdc17ca984879828ecab6a972cf7a0bbba55b3e41043e8c

SHA512
b624287875b85609ae1477dbd99aba4682afa2f3a07b0007b327f26fec48914d9c8350981af20d7ab54e11cdf0329692ec98b34b7df8e50cf3fe86204d95f1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
163KB

MD5
21d53b7be4ce4c768e6a877390f01c79

SHA1
835712520534aea0bd1dcdb96656d62aef7f4bd2

SHA256
3dd7f899c7fbeaa3d4c2db8db7aa269aed8e42af041957ab05341054536acab1

SHA512
1af4598382e5ab3c23f1d6aa8ae127a6f330228ca7e7d26f9411a310e0609806c9363a4c346b2f85f7f1e6973d6248d8408ccd9909e637297231a2c15a71106f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
383KB

MD5
73beba38df277eed1cf39fb72430c4dd

SHA1
8c295e9db22a21b4e5549e8628d3a7af9e8d066f

SHA256
89e64eb58a99c9813d269e565b59e08b8b900d24b1aa6e36dd780e583908e988

SHA512
cd9fc5d71c9ebc5f07c4fe99aa9004b7bcee92e6ebd159ff97be5a7a383307943e4979d5447dd20704cc4fdfc0d3ad0f649c7f4a6fe76644cbec813b413d4d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
16dab3dba8dcc4a2016513e2eada2db4

SHA1
e172cbfcf761fc7cf2d9fee27e1c6ff3c070d787

SHA256
9b78a4c8c57532ee60d13ceb184190f4ff6f489a79ef43207aeaf401c60b8a25

SHA512
d1604e27025d1bf6a60d6995451f0da71de51e23806063b7f022deb587bc2d0274ff2cc215fb0217361f97dc585d166ea5e648111f9c22677647de2c63efb6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2f8d7dec5ffb5760b926fe418e9ee599

SHA1
352461f5a2c2e1ca93d159ff3fb84d10dd57d729

SHA256
1965329ea3323c5d5e7b18661d0072af90659e06bb02aec244ffe678e68bbbbe

SHA512
c3c07343d47a60e4f83cd5ce098e6a0359df465deb23045e48dedd74684fa772c1a5ebcd58d8a7eac338d47c92831c189a32c6df640f7875f19e90f7fe61390a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fd6b.TMP

Filesize
48B

MD5
836f1cf599d9810e77855a62a42001d6

SHA1
8ae643eae9937eb4c768ef84a8d9962a961e28df

SHA256
18b61987a2fdf91210b71119847107d3a6f7801fda609150dfd6e459d70727ed

SHA512
b4767d071bcb8d375d6b985e9ae7242a39ad010db788a30442e1ed8deaed65c0fa9af34b281a9b38baaa4ee76728f7ed508cf502af6a4c6693a5d3b6baeaeaee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
faee5829e3c0f1cc60bc49e6dfc7d20e

SHA1
ce191cf4405f68de544952270fb9d2498a98b161

SHA256
df16db4e4d9282154b0d7fb6cb4669c7321e8a0fe82b4268321ac137aa1c5867

SHA512
7d14d64f4156354d5edb1f3658615e9ad50e9bc75b89788c92417b5d2cd65cb2c51c05f24ddbc45a25d9acd9e56a6ce67435ba70eab483673f70ce645ad2fa8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e10bc562bf6095b7725102c101b1cb0f

SHA1
79d7a5f94c362aa594b3574f1cb0fd729868f828

SHA256
29b868ca0ed624805a7b8a23058c90dd0706bd154fdb7fa6af1e9425e7d5e495

SHA512
b90959fcc6e914f8b3d58638e3eef47a8ac9841c46233bfd01a2115638e4736739a3e0d897a505c3633ec7b368e1026728cec3e392889a56297686c2c9f024cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
90ebde6f2cff0cbfd316aa6b87ea8677

SHA1
c23a061c6b87ecb206000b36f3c313db9e06d6f8

SHA256
94ca14611a0cfaa43acb039e44e5e8b6d24556e892c627dc726b679d2c874eff

SHA512
27ceb38d6cd814de7f8b51c6023c6c19ad942f63f366278a244152071a304071cb6b27c0bef31d6ba0e2438d307ad499afd17a04dad447e9e0d650d19def7bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c706a4e7a92897d089b30cb5f6c9584a

SHA1
f90228ff4c056d21f5f2dfb93dc4080587d4840a

SHA256
3db32c3d9b5ececc1610a60b5496fccc24130bf76b6fdc45356abbc17433092a

SHA512
c62021915764e61076e01bc6b84b8ba55a149ce1374c06fa4d631a0e4b79957949f5e3b8bd129ce844182262ba3fcea126bcd81922cb66fa3946921d85de3545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ed7a3fbba13746ab512260dd4079b66e

SHA1
8f7f25aa91ce74826d022604368037e682612c67

SHA256
5b0ea3318b541eb82037a1cb911a550ca7a0439cdc5b27078f3d7b06a7954a69

SHA512
2bcb6461bfb6997e677b055d8ddabce44b55e6f5892991d70f653c8441c196c21ae6c08de6924672b760c802cef144bcd33dbeeeea99eed942788a593fbeff76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c6ef0de07fc6f2aeb86fb43807e4a694

SHA1
b253f65f06a70198ddcf9f103aec2dda3baee178

SHA256
f53e404e74e2285ea32a1e21fd47bef138f9e3b98682007e69d17418823d75cf

SHA512
457aa52a83a6a2ae4a82e64984d2fa763e5f26561304bde02bf41c0bdd24b0890ba79be3479dd93be0d6535dddb75fca715389b2f933714b5e565b850f43b1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bf12e63ad22f6b1a51f7aafac5857c32

SHA1
bcb595b0de4ea15abea3d6d919e955e5ebb4567f

SHA256
968de8c8443bddf56bf018fac11701aa06cdf8c0a99099eb3399df614fe1434c

SHA512
84bbf9c3211aef929385dbdba7c4cdce9108accdec1161106508d064a2f54da4b9344c707acd2fd5932bae33a5aae7ac6afca4c2dd4401d7f57e6eb108ac835e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
89df113c70e382e366f664f86180244a

SHA1
753792dcd564729ea77b683d38b9770870df33e8

SHA256
b4579e6a4b320cc738008ee4c3e3cb2abad81940edb76a6a523af9aa3e0774a9

SHA512
84d6a63474358ba1d8f73934d2046c1d9925adf294c7f4ccfb7a334d89d29af57edb81e49220d2c1e53d045fc13450576d533d717d49990a53e564a84db626d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa3e.TMP

Filesize
537B

MD5
4816ff6a85801bd38dd0fc6649b7316b

SHA1
a63c0478d922013d8b529f030cb30e0e1422f35a

SHA256
a4d3f9c547ccd87566f7bdc301dcae6646bf3aa420d1822625dd787b2ff188af

SHA512
5ec0726bc902ca4791ebe69fa2ad1bdd5563dd73bb8134c5e3d2886aad759d9a5210209aee3131e06c42ee9a7ff8dca87390cf773557792484321ba1912d90b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c9cbac1a6e73817ca49f87a85130e04

SHA1
451b05161d2e501eba461a7112ed9519f84d10ba

SHA256
50219cddc5829ca7ebd5a3b0cb4f9b2d39fe63715a4234eb7c4c0390836e3537

SHA512
ec150130c1e03a8a052943362efb2f69eb252be75fc272d0b7f650de22b6b12f9cff8a141e619b0249c0c11018fcd5020a9403c810071aa6b4a9274c22dbc437

Download Submit