hxxps://www[.]r[.]oblox[.]com[.]co/users/8437721814/profile

Analysis

max time kernel
124s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2025, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.r.oblox.com.co/users/8437721814/profile

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_1397201919\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_1397201919\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_1397201919\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\sets.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865449587931925"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{DE306CE6-44B9-4D0E-A5FB-D3C659986892}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{8FB59AA0-99DE-447F-8298-CF59E5F5DC60}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5404	msedge.exe
5404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3664	2316	msedge.exe	86
PID 2316 wrote to memory of 3664	2316	msedge.exe	86
PID 2316 wrote to memory of 5904	2316	msedge.exe	87
PID 2316 wrote to memory of 5904	2316	msedge.exe	87
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 3048	2316	msedge.exe	88
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89
PID 2316 wrote to memory of 4312	2316	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.r.oblox.com.co/users/8437721814/profile
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ff85b5ff208,0x7ff85b5ff214,0x7ff85b5ff220
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2124,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5068,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5204,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5216,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6720,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4352,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5168,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6464,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7024,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7000,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7372,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7468,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7476,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7756,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7392,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7880 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8100,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7196,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8384,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=8416,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8076,i,17446716578367032455,13929450901527340547,262144 --variations-seed-version --mojo-platform-channel-handle=8128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2316_1397201919\manifest.json

Filesize
118B

MD5
56decbaf515f574521f86e481e880496

SHA1
cf86b7e930bccc9168458b7202ff89b50a41a8e3

SHA256
4aa32c5d74a694c56869211d6ff4a3d61334b9b61659dab631eb6c285416c608

SHA512
669804a28a9e1adde2e259c2a0442f2d8c054908fb1c382db27d6f08353f1d8e3ba495ac18ad4746aac4d19eeac67594f3b2b0789a607ceae70c445d07ba3196

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2316_81331821\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7dc78e88-e249-4b8b-a60e-72fcfd92a1e6.tmp

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5

Filesize
19KB

MD5
5c0594df80077e26802d50818ce1ce99

SHA1
0d34912bde940a447a36ecefd79e9fcbf46fec8c

SHA256
4bb649110ce0b3beb61b23cbdcbe053c2f9d39fa81be3065557fc805a6283a00

SHA512
7246cc924246ad9d1b9fcc9c3e6301b28e0d5e35b21d37954364502fa72ea747261af26ab5c0b585d0588ae67904604947208cce62621394612e00e50ea1675c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8

Filesize
129KB

MD5
471d6f48a773631edf4531e2c66c43a5

SHA1
9d76c2bb061d43cf773e4b7546852e49a5314e21

SHA256
4af1d8c6420355d8110436b19efc4e4c4162ef5868bc3668f7bad2c785fa3dc2

SHA512
3c996f6f909e7e561292b3abf24545bb3677f6cf053f0e5958aeba60192d356403e51dcc6fbf20bc77a40dc2fc4d43bfe183e11d85fcce11fb1ca06c0ba8efb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001cb

Filesize
43KB

MD5
bfef1c88c7a2462d08b6930531953552

SHA1
6392a0f160eb73330bebd4c324535445e0783231

SHA256
5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b

SHA512
339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001cc

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001cf

Filesize
60KB

MD5
16cffc267021d9fcc12c6d1813f5e004

SHA1
2a0df77cc91040f746e262761676e046a3006775

SHA256
f1658778a658d4cccac30130d5637dca601bfb7bc7413e91f23846f6868ba94a

SHA512
7f60b429397425ae83496c7f363625f9910e3d691b975a29eb6bb0afd2be37f504687053f4a93e4ca5e87cd57d96f3d44e22f2a6e9bc64264933d97a6ea55c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001d0

Filesize
356KB

MD5
c7aed2a8d58b5bc0d59e9d223b6a434a

SHA1
a93577a27c06cc088a6d966b43e01c9fb3f89d2f

SHA256
1e5565414fbdb8b804b1ff25cdd3ce729fcb9a1285727588919a667920cdc1ae

SHA512
863473a4550c1325c3e3f10ee8a94c22d4896b16462be40c0f956ea9227a065be15d310816ea87617face1530652dce6d4b6406888d69ed63e29e5b2b788e165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001d2

Filesize
71KB

MD5
4279aac10eef912ef8d3edfa3c57fa4f

SHA1
2b046f56941e2684f16f1f794f27c3e34e8d0c25

SHA256
c1248f41922bba9b0d9c2b3d922518f36027841ae048490d40efbedbba14fb58

SHA512
bb0ad20d821f76e98a4dec3aef467658d7711fa1af24a4b2ba8b0d1161eb107f2b3821cbe734a8b966faafbea4fe30bb61f4738c342dd8b73cab7c9263f5513d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
f51d5b538f229166a67e54624d77d925

SHA1
5f6294bc6f5562cfb25efe81a1b6ae45f63006f6

SHA256
986014754b651e0dbce6afcfc640fe2e93a0089e8810a62f7b6869136f106de6

SHA512
21677ce3224a50fed7b79d00a504319387cac0a32cdeda37960763f8e1f8f280378e2bc83c2277eb126d098eb90bff4c7b48b97f971533fffb5ab78288b4a707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5814db.TMP

Filesize
3KB

MD5
7f19be8c38a0f260ab9293bf9915d4a6

SHA1
cac4a763428bef2cb374859ff12987cab794ce8a

SHA256
1f02089681934e3b6447a9d8908fc8681e96bdca391469a1f478c26b02a57fd4

SHA512
81ee80cef01959878390966d8aff695782a4e568045c80393786fd3d7981bbca07185f76d202bc3c2e32a4090280177961847a960897b1296ce65ffd644f67ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
515B

MD5
d6e289a8b61da2e7615df0e1ab9d1a1f

SHA1
467190bc64ff0ac70a49c4ff7b43cc02c6c1e170

SHA256
e1084feb9bf98bb6b5172ad4178cc1bd41b10c5103df36bd99cd7b957dab2b64

SHA512
b639cba875271fdfcda8702b7e9ffde8c122dc4ad270ba19cdf6beaedb784704e5879ea1068caa7d7b1bac1e3c24ebab6938a3028343b6e99a18e664911c85b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
8e778be2331b5ee471a7ac8025055f51

SHA1
cee574ed5c264557f569bc8959f946240b9bf75f

SHA256
cd4434a2ce0bb86fc72f8eb8fe1c81a1a3a45af56ff609413350fcbf0b51bf72

SHA512
a43d6b8dc3f10f0f125caeb8fba7b0387670585220cb8c7fecd56debeaec1754f2ccd796ac14b6720b629bd06b01c421228a0643e906c7fab581a5930659154e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
67f2611a645465f4cd9e2d1e9c370a50

SHA1
5add70761f4656d60f45d00c53170baf650c0225

SHA256
7dc9e45b3c4e0e3cc35e26c39b9188056fa711a4db3e73b6de4eb6229dc9395f

SHA512
c0787b3bb7c982dea795ef6e96459c3956c43cb452f434af6da3adb20dbcaa0bc3021aa3b299e28d2999122bdf63b14d6c8723e385e04655a2a240b3ac1f42d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
e837791a48ec999cab0e8d73b13e4674

SHA1
79bc5d75182f16e10e1e57ed180e866e6db0955f

SHA256
35c9e0929728192cd6c288adde04a7c20842f3a04b39dcab8bb9d97691a964b0

SHA512
5df8f704af09f0e038479cf4fa5c26b1ac1a410dfa423e567b192db85dd101c77612bd78ff66b4faacff3524af0b42bae18a023b345bd7c375574de23b05db90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
f931add04cbab69efded191dc8323248

SHA1
7929ba58c6a707f4acc69566ca1a181fe16adc74

SHA256
02c7e37b69c7c18bffe11a87409d74169da5dedcdd70fea1aeb2613e99fbd5ee

SHA512
c72fab9acdd8475e0b99113189fa7570a49edd22a0ea2f7d61f22e9cba8220d40ca081420c08d74c19c32b31a31d8fb21b1d23134b76716f5a12affd99e84ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
26cd0b04da671464a5ba095180967a49

SHA1
b061cd17b7101875d0947c77659590b0b8c9a7a9

SHA256
e8febdb0b07ca17edef0246c325933780e7eb3abd56df4c7f59950b8e0e02a24

SHA512
23940de98393679127c38e7814128e907bd71953f9c1895fefcd778e8391954baeeaec12e151d0aab244275cb997a9012b49f48d4b18c0e9b4d43b244f804a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8aa084d087240f7f3f07e0c8c8b47795

SHA1
529398d6f8744a150da830cd6fd3ee78812ddce8

SHA256
f8a2efd284ce984a0bff1e1fb3a2b87618825445bcf266bccd03e2d596d3160d

SHA512
f1df3c0c4b2f0e7acae60fed823871331a5d1d8e3d2bbaa657125e5f563e099fa21eca86bff9c8d599b7e031daed2ef6c96a3b96040b4766dd5340dce13e70e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
52af02abb48b94bf1a2501faaefe1bda

SHA1
ad09b52f51e1b9255b577ea038955b68010bebfd

SHA256
809084b21f8c781f2e810969616182af696054ed5e63ab0f650d79c168f3f460

SHA512
c7315e73b3305dfaaea8212a511e136c98106311dbeb0c8205f8cb2efb9595edf45ca154f13c521416c39c6d5559cf6948646dec022913a7742b4a09eb06a3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b31ac5d5-f3c9-4706-bd69-fa1295cda083\index-dir\the-real-index

Filesize
2KB

MD5
588329b4be0f357d0dab776e0bd06056

SHA1
e4cc5c24b3f339b7e004bdb3b7cf8d1e5661edfa

SHA256
4c6e5526f0414a044d878b2ca555d6d950773cbb3cc0662fb630428960abb62c

SHA512
c3f437b0646889411c1caf93cb2257f7c159f7bce1be49113125ce2fd13f7f5df21054e3266a653fb70af68573b9864fe63dcc9f85acf4122f856f5b4f4345dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b31ac5d5-f3c9-4706-bd69-fa1295cda083\index-dir\the-real-index

Filesize
1KB

MD5
42a82e1de302db0744d62e0f23c70df6

SHA1
27d4059a05afb7358ba4aa8d6887ab4424aca8a3

SHA256
a520ad35db4e7f5a9620c6990f56deece84cf5e7a17fbe20992cbaa30d7dfcf8

SHA512
a8c71c20324a84f7722eeedc8d97c88eb0c6f2cf52ab89b452959da1d66edf7161528a7103d7006aa255821fbe4b7554c0831b8e01847164edfd9939cd16693c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b31ac5d5-f3c9-4706-bd69-fa1295cda083\index-dir\the-real-index~RFe58c520.TMP

Filesize
1KB

MD5
834a7a25487815b91f66574d3698d93c

SHA1
e553904c943e11a737b6aa2d036e6cec4adb5c02

SHA256
4c3cfc8a41b9c295e344f7a01709a3cc155256fce1eed4e52da7bcf142c1c8e1

SHA512
5af27913da33b20a0e37c3b4a66f1ff91eeaff9d7c761512430207099e2bf7daaf1b51c885899893dacd2bc35cf76552cd9a87c887a212a79ffa8ba384fa5bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e1bac1a2-df90-4d36-9925-71bbcaa24977\index-dir\the-real-index

Filesize
72B

MD5
8bb1fb80a8d02e3f1e8b5b846cf23117

SHA1
4201b1544bc9e6866e5ef7d133bb4032ec8e8de6

SHA256
bd96d1734686036c560f5519797d58889a2adfb6029a64e928df7e1041ddd6bf

SHA512
7f1db1747cc4d561e12b69ac0680474df2185ea8410961061be837f397cd18e1d8901597a914e3ebbedf29f714f18597afe0568e0ed15d0a5ae598694386eb29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e1bac1a2-df90-4d36-9925-71bbcaa24977\index-dir\the-real-index

Filesize
72B

MD5
fbf6847498d33b2f45cd62226e31212c

SHA1
f54414e13ff37a59dac87fcd85437d158891b3f2

SHA256
993dfc11733080d014f83618a3279c419e3734ce463262e1d3e6b744d2753518

SHA512
ce0d9a85b1001afca8d82ff869c69fd4001dfa6b6416c18ba2ab13ea06270519b4a825261d1032c331d33b5675d2103207b1dbf63d4fa5afefa1f9d990a4b546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
1735416893b6a1c32bb37bb09c90c292

SHA1
619f61eaf7e8e5ec9e1822d343cf3ab96abbf0e4

SHA256
12b94df35ecaa5eb849b40f878172d3634264962365f6d58696a5d0fd1d55134

SHA512
7a84835ea4311a11ee1cd2b7f69d6aca01ab308b2ffdac81b6331e20ab7d81e0f5338391ff0ff921d04f179c3efcf80418d3e7bd5831319ca6a91007e1ec720c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3cc12eeb3b51c227edf8114de08a3e83

SHA1
cafae0c9fb3e0594acd8b0cbb4b4d4ee502ec9ca

SHA256
14344c2606fa820e718fd521583701e30de19871e224c90074ebe3ae8745429c

SHA512
6616b8ba2991f5ebe1e2e76e175bc39a4865b4a0d7657b09d5af97a80bc012da8917ed3d77ce81b403e1a33ece9f13a4b5cbd6d7303bb87616de22e3bf7ea64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
75e7a0a5ebf4cab38104234ffc841d61

SHA1
da65399174d32149ddaa58a360a3c51dd1159ff5

SHA256
ad43bf7a4a86d4830359b3dc40839b3b948b969d719ddf7c356f5a0a494eee23

SHA512
4ff850aaacf9d1f75b1b72c3ca8b02be6042cd7c7293524304ec1350f3c8a82e63071869314bbd0d2e47a612c313ffcdb739763c49b329f14155a830b161c407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57af89.TMP

Filesize
48B

MD5
680d62626dcf70bb990bfba1efc24183

SHA1
66145454d43fdf2c73f7d2419e84fd12540dcb11

SHA256
e74b61e62ade1c2aa90960c03210749fe87129b9f1b0c3cffe7ab051b23bdccf

SHA512
aa66ba247d5776d9610dbf4a4895383186ef213bddf1ffa2db5fed9ca326d4db579ffb31df41c0ff429f5ac0d4b1e08e9684c0e10ba803dba39ae35527b552ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
30ff6c0a41d13a14625b727ab973d139

SHA1
ac1797b2cc34808dc7b12960011eaf2a0be08941

SHA256
c33415a2c6be8a0ca6dead984ed6e8ac388e069f7bdfcd530fd3b8a6db7d3835

SHA512
a24e3423612b72c2f766bae3711b83e0c6aef1b186cf6ea9876cedfdb4c05d0d5d866310ba932de3e02da565b495cabdb3ab93744a57cf3e949cb5d061e3d233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
e34c46f9122ee113b81a1465910168c5

SHA1
f4fe51ee99450cdd18b4f17b3a315d8819d494ca

SHA256
fe877cb3828660164d5e963c2afc2ef238180202dc548aaf1d3c4a4e13f3de21

SHA512
d9eee8acdda0f26ad8e8089e3a7eb19dd55679d5cf8a5acadd5a9a3c8ce06c3ea966dc60d603758b9a46b58846437fc6cfa05559b9307449579bcc6bfd23f070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
977997087697d148507bc12ece5bba58

SHA1
029eceebe7f520385d3789a353b2a9b215a8dafc

SHA256
52d6fa21d601553ea4c6f9c4bdc06b99cf48a8936c62461d2ea909e6a34c71c5

SHA512
6ad9bd87dd1ec462eb678d9603e4dded926fccbe6101735c3e74c44f875fd611cbdaf6b2572cf8aa43b8dfbbb5a949942a3e7b89a1f12206c31ce3e8f23763d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
acdb6cb0c97541d2081e5349f251d594

SHA1
641ae4153377b6811bb6c1b8ab6a74aa820191bc

SHA256
b14f562b98c554b01611658f5fcbc8f656c32e570bd73ac45d7ece0bb61f3f2f

SHA512
9c264482d064f9c5cb98696925546e14b8ed9b763bba086c88ad67b62d8f55a8526ed715f8b9dec6b60459c3208ae71cfbb749934a2e56995a8eff105f9766c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
ee8bb29d9e80f1573402d9d10c10f9d3

SHA1
3c89b7a63839da753120937d39f246af9b6ff20d

SHA256
ba31477097e034f686b63175126b5ac154452cecf46ff3bf126ba1eac501921d

SHA512
1dafd1cc8b01365188d4e5d9bf8bbdaa75b11216fcb40930eff91e30dde1c56b09d963f5fb44afaa8a41b4586fbe5ae626d06c2e74572b07ecfbd59f77ce4134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0441de3f6771ed1ecec212d5bd32f19f

SHA1
7dd150e457f0cb1451bc6a84ef1d20b3bfd9ed68

SHA256
6baf8fb3442fd3e7cbf4cd644d7238966847578239c43f1eae39b861681fe049

SHA512
f0ca46420f899055fba85e70e84ea58c1e37694e5582de408b2b1666acbb173fdec8159c4a4a9638c4b3d0ccaaa5d47a9a17fa2800f330f700ca0f396843eb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4390667c47d360b9bab361d4bf4569d9

SHA1
3da28b049b034b5c1728bb701e05dbd424d039af

SHA256
b5e8705a6a88a28b52af7a61573473892ac918a88a22292664fdadaf2e41e28d

SHA512
9e8d8ade86c883efdbf8ebc1e340a6b4b9a48b972f4648a6ac76ddf7124779e9c2d86f3e143d62302e436aa40d24b3ae17a2ad521644ff2af79a9b68f8fcf313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a0a9991baa395dd6b6be78359ae385b6

SHA1
d687b2629e3c1a50a0210760d54aa7e8a9e7bf0f

SHA256
79163fd7c0cf7f63ce8dd4215845f9a7e740ea270ff7dd7497d03e442e165c1e

SHA512
67b27b5c70bc570f6fd73153a2669f156bf6075ffdbcd9ecc2c08f6b96bb02687bdc2c89082a41a84a0c80c7f7eb8accff4d8db868a6b572cfb5362ffd2f1227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a1950fa2a36a9d3300f3d001335ebef3

SHA1
62311f554621e0627c27f39ec4abc7a8810024f2

SHA256
d0b9bcaa7d80a41d4adbec63687d55d3893f98509bd86ac8cc4a9244479a7726

SHA512
879d31ed4da1e23e83457a986c529443069ef091c919a340193737c6f2669f4b6bdb00cb4428d6fc29085c5c852010d57d30c3ece47b88b4963dcaa2cc4149e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
13cc448aca6ac5ce06b1bb31802fe817

SHA1
85de206d12ee76d571d514eef4eea19a95578c61

SHA256
83b5debcaa793f489387a1ddbeffb42db721a7d38d3c7071a188926b961fd67f

SHA512
830cf1e3c0d0d1830ffd2c5faf25d3d54888d0885952150a0ffed8ad23a5b11fa62064c3a2813fbb224acfd5928547cde1c031c8c866ec7aad2905cf240d32f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57bf0a.TMP

Filesize
392B

MD5
d32675e906aedfdaf0cd1c33e78a4c38

SHA1
bb311f8cc2bc1db279681df02e1abcf8e283a253

SHA256
719517ab65c816bfb1be5b65d4cf4f475bc1cc3957db1ba24c8ca7ef3ea46962

SHA512
cdaeb617f4014ea80439bac7485edd9909dcee0222c578569f2599b4231323e6f39a652d5afacfac9dad817f6c7983b2d0165e85dbfe735718771069a1772157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.15.1\typosquatting_list.pb

Filesize
631KB

MD5
ad013f0723d332e26a9101a81483661e

SHA1
a3db6536228681288dbf39d4a94d2d8f11e77d3f

SHA256
96fb259d4c8d3ed7d7c657b6aecc8ccd2b0730b11244a83499c0d8dab91087d5

SHA512
b2c700ac36657d288cbe0bdbbe7856299d6af24e00fce8f9d78434ac2f10fc82f9399b03cd5995817721a0d252976f99424062e5b79d0281d8163aa5af330f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
979bbdc8f6b7d7fdb521e5b61d150fd9

SHA1
36bec5ee6d1ca7ff6a17dad7accf835b321a7227

SHA256
c76df11a18a92535d65a170710876d4a5e751b44ace5c8fc69ca183a7f06937a

SHA512
3fb85047cee14e8d3d3e06e64352562cdcdb5523f548e1ebef015eaa9c7e03050dbda63e71a10b2603acc43234b1462a404958b415d33e2cdae34b7afa2fded7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit