hxxps://rbxidle[.]com

Analysis

max time kernel
821s
max time network
823s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-11-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rbxidle.com

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: sweetalert2@11
phishing
A potential corporate email address has been identified in the URL: theme-dark@5
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
2168	msedge.exe
2168	msedge.exe
4792	identity_helper.exe
4792	identity_helper.exe
4968	msedge.exe
4968	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1724	2168	msedge.exe	77
PID 2168 wrote to memory of 1724	2168	msedge.exe	77
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1588	2168	msedge.exe	78
PID 2168 wrote to memory of 1900	2168	msedge.exe	79
PID 2168 wrote to memory of 1900	2168	msedge.exe	79
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80
PID 2168 wrote to memory of 4460	2168	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://rbxidle.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff947c23cb8,0x7ff947c23cc8,0x7ff947c23cd8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7234397441014751669,3836732700286549559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3788

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\736e30b5-d31a-4625-9675-a0f45f92b954.tmp

Filesize
11KB

MD5
f6e60f495c6a4f3000fc76a13b9a1abd

SHA1
4c0e9749a2bb3ea3d7f113997c71c7360fef1e4e

SHA256
1222faf2053d699294354ba5b4573892c19082598e9870b8a384ff29cb442527

SHA512
193a4800cb72ba4e7688bc9aa99a6ce9e5a94d7050b25e7e1351cbebf8d9a8c3f4caa45394845082a52c170c5559c025829921d8ace6c047e998a1e26248c7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
d3286aa87e4a08d112f4df6517794e5a

SHA1
dd3a129890516c726702ebe495dfb9e3c5f55ad0

SHA256
7882a773cd5fd2a09f4ada2a376542fdb16dabd82ea5417b85159a11308c60c6

SHA512
a6f838ce317d3b690446e968d12d3f8278f071d356127a867a472ea7d61f967071a833f24bb6f8180ec44ea165ff39c7fada462377cdf2dfe83c1c31bb87d577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3582e5ab8e16331b0e0452e2350a249a

SHA1
424c17b9d432dc3b473f59d8c7a65b2fb1c75b92

SHA256
97557ad09d84e46b547997e4f1062e5c33f1e1110e27d1558cf562054f196a34

SHA512
a581b7a6752e210c28f85958a6f1fb1b06bfe3cfdfb27df06e6c25b9f953695703cd328728e173e37ee3fc3c0d7462e5d354d70690be9aa28280a3e0ba0b9840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a5e85af93c3afa3fd48adab332f79ec6

SHA1
df9abd1c200a74e1792ffc7ccc203558d4f0cb72

SHA256
6b18ff2c2bd29517a632126172b303f5fa899c8f304218f14e40630f5c151793

SHA512
f808cf73214d5d99acbe5eccafb1c07a605ccdb3ccfb05be3265f326c3be1c30ec28aed3a7ff3c7e8f341cd937a7a15d5dec5761601c10f19a8d5ac3e005338f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45b41fd2b85ac7ed6008b40ee81f2e3c

SHA1
d7fda9e9e1fac27f52a182dedba33dafaa0476c4

SHA256
7b21fb5ca7cb45caa4d06d0c6ebfbf8686dd67df85101aaaae06d0824baee2d0

SHA512
83e656c4941e6d8a706d912f675aa155371ef3e0ee15faba7d687e0146ac6480effcd5c34f1e77fc039d004d335be33ab410fd659faabbefa074c55326cbef3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f92115f72d7da2f6bd9b77d352538de

SHA1
0e1a73398dc4e7913b478e2218c614793c1584b9

SHA256
840876a9b1201150123c3995626908d72a01540f1dce276fcee8b4ca3922690a

SHA512
fd2c6c015ebab689798cd3b6a6db99890656861876a595cac27aca021e7465e2d7ad4b9a8e7bf59eb647db079e3d343aaf85fa619115dbed2ea7890c3c6c9f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5a6e47260621491a6d09c1b13051a30

SHA1
7d0b4b5288995c5b2e94f3f4ad450e9a0cc5cf24

SHA256
675d4d91f0b770997108d3fa2fe1d04db0bbffaa3e2ed7939b5dc2bb3c4e921e

SHA512
1a3b9e3c6e6caf9199cdfd894496b7be9738a48c9730ee68731a14189444772c743d1d9e62adcbccc25116a917498c1614da7d828c1e3376f3f30e9ede08557f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e2a518ed9747673e52a1d6038f52cb8

SHA1
f318ff86213703912c040109bb8325df415714a3

SHA256
79dad8884c75c644d1c68084234631085e75964c120198562b24ea0df5c19436

SHA512
eeaa6f5fca3e6b373d68c78f9457d8326fc88f55da8bcc79db25d57cb2d7f08360705ddf0ae450420a27e43bcee210960d8b8d366ec67ea89bede9bf2c5f0110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a2bf8df5d365da9e761374dde18d05b

SHA1
26ca6cd74acce7032653648c9496d5f99c341b1f

SHA256
1bbbf2211b09283a9a079761a55e37d9e375812b5cb73715a7cfa5520923b5b4

SHA512
c0c953157341a7f27b2c84177409f8a14717d8ffe9f19a5dbe3b59c18e2fb402e1d3dfc29feaae7f9ffdf3cd5c6751ddf4e45acb671d6f23127c522ac623e9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8ff9402f143600e168c8bc29f827e60

SHA1
e406f6675c95a1d7426cb8107b8c2d08d52eeece

SHA256
a9a94966ea03cb0d92a7d66ac6e714f98f11fbfa832d6d41220424b9c2b4c08c

SHA512
fbab6d7b9e7ce3842cd4621d142fc81d871437c31249f86c4e8fdecaa878b2c1df5ddccdde111a6ebdb3b904d4258f745dcaea75afa04d960548c146d7e53fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f73f19cd231f92327de4c8a4e5ba94f6

SHA1
3fde79cb7af4fa158c67fcd6cbf40f9a82a074c1

SHA256
0bcacb2c9e4e783563d090792ffd85f0ce5922426fea5f8171e2d755693f8eb7

SHA512
d2f18e5bcaec160abdc43c3fb3f771a0dcefb041c58db9b91e25184255a11e79b625c0a77c01f5a9a8de34c61e0a33633c2509a8e559e70648812852db66435a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fb06aca88ed653874889af03021c3da

SHA1
3dad1c6c8f63001c529f9a963e039ac2048ff0cb

SHA256
382f362b7aa8bf4c16c68f4d72d8aefdb9d2d5ec257aaacbb524a1cb572fa876

SHA512
367b37bf6b2870765fd4e9c4bfbba3fc4c25d2bf16db52a3be18fcc01af2c892756d9773a9be74d3cb7b8d6a52b356b67cf9f67b9e18a7cf0d7ca760ae2806e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe63bc50.TMP

Filesize
706B

MD5
27de69a27d7f02f3178c58ed04d8a538

SHA1
81e2bc1606536592b5c83ecb28ebc8d78f3ff799

SHA256
ff376dd4aa984d2566b706db501bc9dda29617cb33f9cbbe564894de5302e23a

SHA512
5d3c46a57c76078dfc037ae6a6507b9a4d16926ab8ade0c4480d003bc9a14204e23d048683647bfea87fface77d2bd196bc4af7c98f6c6e08db6515215611847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eea99d12d7529d1ba0045ee80a63dacc

SHA1
9558201faf5d2eeef9978e692d952e934e788b4e

SHA256
9f8df9a3aec13ca7540a84ee7bc9735e3a2f6d9f4fe2d07e7838d46f6b7b995f

SHA512
dd23f918e8f463ad776aa12a746943158db92796cf5b1d9ea7c14479f52d0bc85789b94f6af43bace81a5d9243c9e1966612fe76a21e3742a9a79f95aabba8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01b0b148a2b3fe994e2cbee9414ee3dd

SHA1
f84d880af46ca4c468ee2074f991404a87a95805

SHA256
e48b270bd1f96f47773760295505704da53cdc4bf28933906faa45159d920e0a

SHA512
0a440c163ceb355362d20b182103de04476131a93caf25290a5e7a99ccfb55f2637ff8228b527f26372a4a2203a3ca0883425890d36bdb0a28b4f92676fc9823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f7639b7941422fcac278d9e0fc5f503

SHA1
bdafa1ee39bdafc283ed86c27da8033ef8d7a64d

SHA256
0b426e33bc86d5dafb7bc93f3b94e7b170c11e98b01b660ce10e8be3f0fcd299

SHA512
890acbaa6955e12e49233096a59d0e78088454c06f8d710e22c7cbc3b0aacb922bddaf0dfc2f650e4e1eb63c1637907bfd1288eef7f567f9e28fe848a6ede597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1e77facd1371d20c53bb946291f4fcf

SHA1
1327f2f841fa556e2d5c0bf41bcb944aa089b66b

SHA256
2ef441607a0e3fed2411d768ccf807f7a90e319edec752a64d6e505e44884af4

SHA512
491aec70fea8bb75692ab339eea2301fbf3f302e02d6528831622d6fea301467f334bec08ab943cf94e3579a08c8bf5115b9a002827c85ee80f6fbb99ad56d2d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b006cf9f-6be1-4828-b1b6-818c14fc8e73.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit