hxxps://www[.]roblox[.]com/users/3263930514/profile

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/users/3263930514/profile

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3500	msedge.exe
3500	msedge.exe
444	msedge.exe
444	msedge.exe
3324	identity_helper.exe
3324	identity_helper.exe
5396	msedge.exe
5396	msedge.exe
5396	msedge.exe
5396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 1904	444	msedge.exe	84
PID 444 wrote to memory of 1904	444	msedge.exe	84
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 1148	444	msedge.exe	86
PID 444 wrote to memory of 3500	444	msedge.exe	85
PID 444 wrote to memory of 3500	444	msedge.exe	85
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87
PID 444 wrote to memory of 4220	444	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/users/3263930514/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd830746f8,0x7ffd83074708,0x7ffd83074718
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15218720473747612037,13597158929918264229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Windows\System32\winver.exe
"C:\Windows\System32\winver.exe"
1⤵
PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
96KB

MD5
987d8920f98c2d9e0f7c2b9f30c8e27f

SHA1
10a0b1e40e7a1c97d62e2b5944a1f90efe1f8c86

SHA256
4c33060665a96a5dc1818a2345702b34f035bcc5d0be88fa1d76afed38a9f1e2

SHA512
683dcce0bd846e89097919469bfe5772680704df4137bd6a5bcc198b187f6768b202f4b9d89aecd46c330dd52c3f1fca595b7eb83c07c36e0f9f703bedcbd209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
49KB

MD5
72833ca29adc5cce206b076e9ca6a9d2

SHA1
7372b7d941879c70f7325ea6444a8b39ec3cc1e3

SHA256
4faefa997c12fb75d8bb2331adca20cb184db722eb8b33e54e6a0cbdd9920968

SHA512
2d9bd15b0cda3f3cf393adb4bbfab3e2bfdce03a7d83bc8624c52cf0cbe46d6501b225bc04238062aa322f24c006c9cbfe9bb01227d9a7e329d7c06793323401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
fdc305a642fc057c5a7adc9cb2b282d8

SHA1
7c0ed7d8c2e36c2526c77c6054e83b15e3f65fe4

SHA256
4e7d73bb332205d8bc91c2dc7227fe48f3791cf6a3b0379398fdbb4a5ec25d9d

SHA512
6962b1a407c1c537c4d17153004fe159030a25b56d772fa59fe2eb35a541fe183c6e53951ec003b3cc2e6f5aa46d1c18ca9306995358df60b1cf700f05f9dc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ecf2f472ab0f721e57e22eaf92f59fe0

SHA1
9fd38527d57289219bf8967f1d0e64e4c4cf1213

SHA256
5c95f9372a1e65ddc13fe7c4489b3abd3ec9d2d67fa68cca78829d4941fdf327

SHA512
cfd2c00496d94a04ff9e7b5141efdb261ee24d84434b5f19f3e7ff93b4dc741d3b41aaab39974678e7dbe86c6cf8b3a50f4909d3a636d9a4371f014c630347e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3d5cda92252093bf32b74adb2a5448ce

SHA1
71a44a0326b6a6cad29d2ee08d1ec1565550bb4f

SHA256
ce43f485cae7c73ae7b303335953e1542a665eed1beacc8e2dbd76afea696f4c

SHA512
6d63a2420adb86cb072a90890ec72c0b9a6dece88f57e9829d92b78155e421571cf68deaf529a48219bb36de166fed7c9bfa5378531616886abfe435031cf327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba50c256330a44326af64925388b33be

SHA1
ae251e0da2cf7631d9a3bb62923635cc7e8f2353

SHA256
078e63a74ebaf7370d030f834c27c47866e124ce088132c3f67245b02ed1312c

SHA512
b2f4074407ebbb5e602edc610fcf167a992f3cb089c957896ca8ab0c8cfd860016ec6ea45a809ccf561ab9fbcdd7b528e4c68d79565ffd39e22f5b0ea1710281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36553b2ba102cac83836adacf1826a23

SHA1
1c050559405044ee050057a86fe345e7b0288702

SHA256
811edebb9f9276b723ed2a753f8c69a06c86cce24a1c2738b4b5cfff0f581670

SHA512
72fbf3683f2434f0e66e890e33f9915fab22ce9d212b11aadcaa9201ced463165bbd3b004999a3a2314a710ec3ef268d5210ace6a2c096dceed8b472ecd824bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dfd0a724147b26f808a0a18310080ce9

SHA1
8216af963b0397dcfa7b0a47ad69000c0af4117e

SHA256
45a9cc11e72d2c96ad800705dcccf690c65b04d15ccddc5ebc1a270b30cf0d16

SHA512
9a7a41448dfb9f407a2bcf0e26a7c501fafd887c86db2bfca7375fc5c93096f37f07d45cecd7bf337410d53c6f986bb88cc351b3f1cc97b8deb9e85364d415c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
517965e13e675f59369f8d90f88f73d2

SHA1
d25ce92b4d41eb461ca94d3d267d7c6cbb0a2a94

SHA256
c2d5b273a8decfd096ebcb009b665c1d98b72921f4cce07be339cfa37785bb71

SHA512
45b2defbd6fce83f8ec93c5c5457b65f8ed1b30e7e8cab3a30bcd20f8da77c3de0dc94042cc0aecb8a9eff4872c35565b999d762979bf14742ec793d481da4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1384d806d526c8c83be673041fcbb1d6

SHA1
a078d0022e46992925d8f765c26f4abd7056a550

SHA256
a7bd4e4247d54ac202eabe006f24ae487fc616c55bff6d739ec8e8aa9a162a64

SHA512
8d6211fc8ae3eeedf87b7759560ba038e58709b44a3a00f2f16f12ca5810b563c5759e0fff6a93659366ee66091bd6a00cad1d2c87727f43f7adcc16adcd4bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b7935e3165133a50cd32187ce2d364b

SHA1
d6a02f05b0f6938c87024e2dd6cee03c08a1a462

SHA256
67e4902380ae4365178cc08da960dba8e5b14a9578038b5c79ce2a772347ed14

SHA512
d12f2c67b59c32339cc4471884ed31a3e217c9daf84fa00f0086c5477de8c81af44d1d9b6a1d086d7385a19771909d4da7eeaf4aa217df53893a21e7cc9ab725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e04b937fe4b10f4590ca1940cf1cdfc0

SHA1
2293ce503cf66e529fdb740223ff7ad1273f9bff

SHA256
c237c27cf58c1ab747abc6ee458fde8225a585446230a3cd4535b0a33b390df8

SHA512
0dfb32c418b099c372e18db12ffea3c2bbe64783504196cc2d845cb49b59ffc26c21ba430e5c5f8b19802e5a21a052b6d68798aef07c4dfb3d6a3d7401f435e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8d3f843697ac444e85e002e7bdd4c1fa

SHA1
c3e76137c0b47cf5792c3477ef0ad7c6714c753d

SHA256
47fff17683184f4e03caaa47ec0ac0f599129d1c8eb0dc452c4abd5a07c344c6

SHA512
3904120880cdfa3b294f9f696d86c483e15b73e737cdc6f326b5174db5616a4b61a3607d2d7910c88b3f14d995e2a8b55f108bee1421aa244d2fde3655b4bf76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ef1adbc8de8ed4b24d0b4a2304675955

SHA1
00118be10307ae016a61fe3f62edc1614ee42ed0

SHA256
f8f4930261b281e2430b364e192c7cb8edc034a19443da7e571ffb05b99dd639

SHA512
23964ddd05a08937dbd7a42e41f6a02626fa4e74b6c9c95095eec698b946c0c24c2da03b281f363b9d4ee86b8fe78cd6a1b6b57cbd90532c344a11d9405c0f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
db3b29eb3f192947d694a03ed96c7ff6

SHA1
a77a17142b37fa56371a116e6fd1bbdf950f515b

SHA256
de429defe8a8259fbe716c49cd07e47c4e7398baf71eb5f8b01c3d70fca9873a

SHA512
777795202e4584df889ec66a40d2f90f5f7efd8290c7f647eb35b9430bcd28b916fa8c79179db2c7c3bf847dcc7edd6f513290ab53211de54c83cad63ce90c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c3c4afa447f832d3a8f4e3409bf5c458

SHA1
d4b4fd94640914c9e2bbe4c78116751f2ddaf837

SHA256
a2e14bc0ac87958565a9a385ff62c6fa695cb31f7cfe52408bfe8fe8713ac2d5

SHA512
2e8525dfc2b42dd23217c2e0c1ca2c1d5b58a632477575f22161462b09be0a1c3532ff4be919ca6f4b74adfbe621d6a059cb0d988ce54185c06b56a9fc4c48c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
20641b608ddb17f69739eeb7226f160f

SHA1
03aa74f952fc15f5a0cb8b56b1df4a909d4a6991

SHA256
8e9b50d583f38e2f51d92db9aee165c4c573c70e0effdc7d80fcc08c7de9639c

SHA512
2c6cf60afa29248d656b9d8dcd6840575dcd16f7fb820df43d9a8fb5b18143ce751070b3ba214d3f6127358177a9c9a7277d67f03ce0e1d768cb2149a37d0844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c479.TMP

Filesize
3KB

MD5
7560fa4392331e11cb0a0b1f6d871748

SHA1
736edb089183d01c56b43150dfb725440d3ea43c

SHA256
0cf334b3234575ba14e7abcce285e0439d1eda160329015a91352c52c711969c

SHA512
b1193277533452f42eba23a4c37fcd4c1480603283f336ea460b5527322a82f8ef753e2a3f06fd553fbad063500229c8b6ac7c45866115587ca48fa0cd410be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53fecbe1207a774be0d0f7cbad7aeffd

SHA1
c1f5207e1b95a038759a18f43703f786a6c10533

SHA256
9ad9be990b3aa135bd0aeded37d495d7db9c7e264b393e560eed094d4632bccf

SHA512
757490eac5169eeca781af8b891968cbeebca2b73528f2fb62d167d93d8e8b9354d73e5de090ae9e9363625fc5ebe6f54243271ac05feec9e05d02379a8d9b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42862c517c42ac96236647f452134071

SHA1
5e5c5b458568bab465dcbdb1740c5fb6e4e1212a

SHA256
029736dfd07a4ff7fed15373f222b1e1d3110657f77efaa3501ebc9fbb606b2a

SHA512
34cb833901f0991d74bbf39fd59f10c9f367227ac93b533058df364801d42bc1998b6cbed98167dcc45aa2c3954973b93cc7442ae765651704e2bb10368d2689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f25b6f4cefbd4fbff6553f27c9fe0f20

SHA1
20e4ea9da1be5affe9b646325dec019da3459710

SHA256
b89b4b486223a3ca50f35be5e4afe25e0ff410abe4a51e771e119f98dfdd00b1

SHA512
7484f45885bccf51a1d397aa2d2223404b75578bc26f4d4d984785b9435774f947a5250fa741539d62ebeef8d6f33c5b78f9e06a762c284b8b209883cc66b557

Download Submit