hxxps://roblox[.]com[.]zm/groups/1862650811/

Analysis

max time kernel
121s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com.zm/groups/1862650811/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{D761C0F2-6789-497E-86FA-64FA1D6E82D9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
1840	msedge.exe
1840	msedge.exe
4444	identity_helper.exe
4444	identity_helper.exe
4076	msedge.exe
3092	msedge.exe
3092	msedge.exe
5904	msedge.exe
5904	msedge.exe
5904	msedge.exe
5904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 2672	1840	msedge.exe	86
PID 1840 wrote to memory of 2672	1840	msedge.exe	86
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 1768	1840	msedge.exe	87
PID 1840 wrote to memory of 2692	1840	msedge.exe	88
PID 1840 wrote to memory of 2692	1840	msedge.exe	88
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89
PID 1840 wrote to memory of 2332	1840	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://roblox.com.zm/groups/1862650811/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd747d46f8,0x7ffd747d4708,0x7ffd747d4718
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15107059122916873879,7267825659258018136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4c4e0ae6270202bb1705e1376022f847

SHA1
d08687520af0279b3c272910be63d888ca204455

SHA256
9f8b36679c60ff2bef965cedda71e24e07b2ebb8b6ba85d018bc004661b9f46f

SHA512
0d57639b2e1d044e156ec2c757b80ee5b0a4e92e46418a2b978aeebddd4f8367a8fccbcfb546f23acc93372a7f13a4190e97ba3957ef0071604433376db04b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d3306fe5947e17192b387bfb754d7943

SHA1
091e59ba18fb10ca5326595ee2a5759c03ac39ae

SHA256
c300c3c04a74003415e3cce7f232c21c92ae32166fd12ec1e301a4db627b75ed

SHA512
88d374877bf21e4cca8b95da11a2183c72bc12ab584a2b1381f8549b6a938715aaf165f32d6258a7e5de8ddfb7ac8eb6d5058e88ab02184ae5cf38ae8c34b7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e37d7f915892d537129b4fadaa5bd62

SHA1
07f213fda81879673045731675fb8a97da01db66

SHA256
c8ddc6873c9500ff81185a71e66041f417a75eda76a256969a16c9ee5e02f6c9

SHA512
e637363aac9875999d53fb0568d0694d87278a0bf11de044e917b60b3489ba28fb0e36920d715721464006340835fd2507123dd2836aa48338bf9be6980de874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9517b9ef5bdab317400dbecf6190c48

SHA1
9d60d85e56828197e163ac75746e37a262e129b8

SHA256
e50bfd84cf25123c738fdd6694a7f260e260278d39d7719376f25346adac745f

SHA512
6ed4291c450903c2ca72c9f7c40f94f41361c034c46f9c7f4412edf969ef645f3c6f2f21d8668aa18e5256c3b4dc1d3c1d034170e990fca21ad1ae26128d247b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a0e24d5aeb7bc30d37bdaf533f260dc

SHA1
81d76d6ffccc4c766ef2cf3f8a296966afce8f1b

SHA256
abedc87270f7d8df3f5223dd48dde87ddbe6a1f05f23774e941acfe700df4d96

SHA512
b1010739c57ac35252eff88cdaa70a1ad928c23aadd50efff6559bde470cd9091d6ebac9f71be45f71b0d7fb980af3a5b64d3c1c4f4c75f4a67d1a735deb17ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
df77907a6a6147bbb1c1a0edbe97bb09

SHA1
b8c5af24b72fd1e4ef73c1347daa8862c8d9acba

SHA256
2ad104dcbb41970c4f8fa45a14585574511d595e6d9e55899983c6d60432d7f6

SHA512
dda8128c04283412a65f3a17f7491301290af819241ad7f28d58c2dfff70837f19c15d1e9defe3fe8469281d19e778bc99b4b7d4d10a8aead1107217e435df7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f378.TMP

Filesize
48B

MD5
17df16808eb78e0f5a2eacd41fae09eb

SHA1
e9e5564889977cb0b2caf0206afc7cf89f12ddf9

SHA256
f23a6e583faf1027c637297d849e08f473fd4ad24d2619f8cee8a710b2d4c04d

SHA512
e293b87f1658b37c2098f84e8e83dd66480545df4fe9c10cd91525e3931c8896eb3fd5f22c88424a6bd690a3e14ba68b41272d83624e191a1c17d1ab7c916308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90bcc174b2b7df3032936b6cbc2430bc

SHA1
c60b8dc0b359d29a6513efc799a951ed5fcc5ade

SHA256
d366aa0a7f38e8f0b504e674a735e8b363848b51289406f06ba24bf8dc621ed9

SHA512
a50d5399df0c4f9857f8fbdc0bd48d6beef1b2f1e3fb87e3ee3bddac30eed44e8c37fbac4a792dcb1a56f14d40bbd415328f9eafd2e88d792bf35dff720e531a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7fc1b6629b532677b525cb9fd2ebf7a

SHA1
35f14ed4a7c9547529f20143399cc317541cfc13

SHA256
306e5d70e95ba7e3510ad075e738f544ebf41be311f04d9e15cfd981e6c948a5

SHA512
65ea0bec3cf708f1152321677e6ed374f7320a0fc1e22097c347cc297a83b0a756eb1cfd614d74e63f2c707f31a04801e780bf740ead567f947ba1f79f952a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f42c2d0d79dc0905a3eea0401ffff0c5

SHA1
78e29811388b0c7012223fdf03d0bf950849068e

SHA256
89d1aee6d3e0c215a1d16ba637f4767147f38eca44560ec59fbe8c8f0cc4cc1a

SHA512
8c29221548fde40d13e2b0ea4176ee125aa4f1122bf13813362c66858de718dc67f4255205723227de5672720d2642f0ec9a8ebf5ec907d2b9e90e5023210441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ebef18c07fe70556f98291b253fe9e9

SHA1
f4b91ae0ca3993be88ea462840b000a5509f4c8a

SHA256
85e253c0db0fc58b1622858bd6624cf29929f3cee0631e5637380ac4334d4d8b

SHA512
746c2586b7c8986f988a0ecfaa66f035457164ceb8a4b156ee63e9a5d3407b26c22a0fd47cfb48c05e651a32dcb516084464901a3cfceeac0bdb122438acaa2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e81e.TMP

Filesize
1KB

MD5
7c3cf1014db7902f9ca7957257b7a266

SHA1
465654e8a4dbb7c22460f9d28ab2365349c14414

SHA256
0c69d8da5c4bc2988a248d9915051134d525790ef364db06a074c000a9501ccf

SHA512
5bd1c9c9c27a1bd76ab9405f09dc152d4a23fc3d12d6b779852f2f4a082f52249964e6eaebff3ccaaa4f49ce96445bb5b2bcc5561fd1a16e0aa02060b11255e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
34adb8df69377ebf9166e1689207d63e

SHA1
ee8f769b85e4b282687412ca203ce89523ee8d40

SHA256
9914ef0fb2d63638560b921a6f07e12ae8b4b56a6a21ad066af65cb4d6d07e4c

SHA512
dd9957804bebaa966b11cd74b7ff6fd74156c37f214a6a6d661068555d85b042c32f02c2dfdc74a20c3e557f3970714bee9047c39dce89c75c248d2136796fed

Download Submit