hxxp://search?q=Roblox&gs_ivs=1&safe=active&ssui=on#tts=0asdfgh

Analysis

max time kernel
1780s
max time network
1789s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://search?q=Roblox&gs_ivs=1&safe=active&ssui=on#tts=0asdfgh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3811856890-180006922-3689258494-1000\{58A10630-1F79-408A-AC8B-BB641F87A2D1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
380	msedge.exe
380	msedge.exe
3904	identity_helper.exe
3904	identity_helper.exe
1244	msedge.exe
1244	msedge.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 3532	380	msedge.exe	87
PID 380 wrote to memory of 3532	380	msedge.exe	87
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 1084	380	msedge.exe	88
PID 380 wrote to memory of 2128	380	msedge.exe	89
PID 380 wrote to memory of 2128	380	msedge.exe	89
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90
PID 380 wrote to memory of 3512	380	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search?q=Roblox&gs_ivs=1&safe=active&ssui=on#tts=0asdfgh
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc69c46f8,0x7fffc69c4708,0x7fffc69c4718
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2644403912968407250,1226526614262150705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
76861fd322ec718d365043f11abac78e

SHA1
8d0f9a255779db95c4d1121268397edcb772ea33

SHA256
de0e50432a103b69795ede31f326f55607e16dbc1b3b6395abf946cf40ff4294

SHA512
d3fc6b26d7922fbf2001d15fba0d0f601ab833bbf54e8da76a0970d08b16030f93ec39ed727b258553964ff2d455aa0c0a7bb6319b932a300914cdf2f2046b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
414f7e83eea765da4d8df024832c3cc2

SHA1
ce5bae80778dfddd9b0893ea174d482f684613fb

SHA256
67d0e942a1b83e8f8db6dbbeae8a5bf45928d222c14c56b9254633302db2bcb5

SHA512
bdc650102b1ae3fd2152648cc20944fac0fd3d605fd4680e201d19248eb398d4ca46a2118407f75a96a8589022b80fa641a66bbfba1aa864864b51f1cd4b888a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5cf92e15a2d1f4c8061cc7c53aed5572

SHA1
2f41cd969304e070ec9757109186ecb4b9028185

SHA256
f9eb899828395521c27d50708c85780fffb6349c8e119ce2ca7e151e7b544bfa

SHA512
ba1d6109bf60d0e3dc1d8fc23ec18770e61d4a42a8528dd750c263935a370508e8b2cc96d9bd26822d5f67d3cc798094b6d687cf5759537be11fe574775f53d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
345b8a9211e126308ec676564932c262

SHA1
c747a34ea3006b7be1bd91e131e8c18e4460d9c5

SHA256
ba5b8a92a3d3717bc61b5aa7b1f5ffef55d044dd57d940269e0d654725ad35d5

SHA512
e58b524594fb0d17b0b40c896695a793ef52680cf5493590908acdfe920799eb96aab169f2fa17dc3a3d20f4a2e3fd28657663281cc150b32b3d8d8fb0c6bae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d23a7b3abe5b1cfb3f64c7d2ebb7eb6f

SHA1
f1f0cfe4601a1258f059552bb59d6bef6bfa51e2

SHA256
825dccd3f692a93a714a3db3269f98bc2dccdc85c6b7d1f4ec99c26bfae8cb23

SHA512
f35f049f49793a7c5556089b949a9110ada9ea175063e0552c18e065ed2062061060314a9ccf73355b5724919b017b3c265b818ff017c8ccbebb8659819474ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07798a9c40195a84aefae7234393fa16

SHA1
4947680221074970680e5187a9c46ef0066d72f1

SHA256
d033a7ddb785621d4519be381bb7884263ec761759ba53fc2d5f90ba17a52214

SHA512
710926b390b91ca3da57c409007453111bc3e6d1215efb8e4e5eaecb674d45c7612ba94e70236648078a52641d145d9814c308b9f3e1eeca9320700fb607b6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07b7ad95d2df8297cbb41f25799d4418

SHA1
d950604e1cd5eb8dd2d4c9c69c86791bb1cb22f5

SHA256
554a8c8cb5924e04508ba3dbee05c48436c870652ab1f165adf37a79d3413b06

SHA512
dc98798a036af95f27f2c800a0ba20b42a9e193a7fce3f330b1d1b4efa0b4386aec7463015aa4df47b4eef02f03c47aae1154e4669f50e93f8b4b8f3465ed6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d0550d2f113ba976eb49f674d7b70a8

SHA1
07aaa710920db8fda4bfb899091e823eb404e908

SHA256
564b705f210ce5692cad5651b27f346fba1a715220ff487d6324634b73dad08f

SHA512
42b60862d3328e2c584391386b5af227850957da982f817564db6339d31819dc642f849ee8311c44b4fdefac059296d24be88ce1306fe033cc172b36fd806934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c0ca.TMP

Filesize
203B

MD5
9ece53e63b9831290cfa9ecc767ba6ba

SHA1
dda2ccf31a2c7408f37403a8c2abbc7fc4d42a7e

SHA256
c2484a0f86af7c241b8103d6d0a2510cc99c5b30c4a96bec3e2a9597a02cdea3

SHA512
ca348c3b52c80ace68a74b49e88dcd4c3e89babb7dc9531c98a67d3c0433d6a063f55e25ad39dfef0f1f4960db680255a865e6f6433c08fe820448f094a48a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb7173e10910ea313b24905c9e692a71

SHA1
89b677a50b1346725992d58d19d943edad04afae

SHA256
3eebd8b05348b4fd4bf02190d5fef8a209f727e8b618133db41583eb5f0e86a5

SHA512
b5fb0a9ed26e683f67316a8fbd5271681ddc58e9d5873b33f073c508933cee27b387cd4cbeffb9a9bc4da710500239b4f5afb64a2f70e4143a7c8f57efa75946

Download Submit