hxxps://roblox[.]com

Analysis

max time kernel
1764s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 20:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
3828	msedge.exe
3828	msedge.exe
3092	identity_helper.exe
3092	identity_helper.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 980	3828	msedge.exe	86
PID 3828 wrote to memory of 980	3828	msedge.exe	86
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4728	3828	msedge.exe	89
PID 3828 wrote to memory of 4036	3828	msedge.exe	88
PID 3828 wrote to memory of 4036	3828	msedge.exe	88
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90
PID 3828 wrote to memory of 1972	3828	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1c5446f8,0x7ffd1c544708,0x7ffd1c544718
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17803193279599843899,16100761607613494081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\26f9bfd4-5642-4192-a818-276ce9d578e8.tmp

Filesize
846B

MD5
eecbbe6f38c4113d3488a9714a64e373

SHA1
4ddb404e47e14ba7a0d4f65bb96b46099a5528af

SHA256
44ea6cc6d92cac7e3f297249e253f2c60342af5bad9f9a9442f45b7d56cb182b

SHA512
09e5eec45bb19118fec58f164523251ddfc2d8f292125b32eccf46e0ca391450e70ef8e0b8d100aa30fd11728b67cb7663726bf5121bc1b0936b631a7f576d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c138af9b8fc6c7946ae458b18dc1271a

SHA1
96d944594b298170df84feb914217a6345e22338

SHA256
a583662f3e1b287dee7bdbba8bc994d828fc4d20d4ba6d7409e0b2f274fc00b9

SHA512
284431e31cfbd00ae6c25212286f9c4e5d1930fa9a9d94d1e4a24a662a93ab5467f193f54fc39abce96c913bbfd104e9845706ffb63432c155918bd50f047bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0398e18cba2411a15be54a6fa44b058

SHA1
4908d8720d09ce0ffd0ed0c688439e5b820e3b2a

SHA256
dd62d70a3b486727eab06c7dc00fb081cad80db373eddff57797bb5e712483fa

SHA512
277195f6b9574863715e8c6944398161232560a7779147b0534d7f4cd463e56614c9a5309457cc06e26a022f8ddfe9474d83f618b958d752804f10fa738581f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7055d302f13510ebc8e671edbf3bea8

SHA1
beb1df552f86a9db5eddc40dd076bce950c7e4d8

SHA256
f784b013a675c7480672da645c4c368517cc95b82347c765b2e9c084168a48ef

SHA512
80b74997ffb780b822f4ee3b0fe490412bf92b57830050569c6a77f857113e4e2916bf8d1084a440cd5abc7afef19a260a4b020171550881a105a6358f0e12c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a65a55b7f9498eed8aea612202d36d79

SHA1
109d35a9652847c306dd7bf69524fb3647596839

SHA256
c30f25639cd9c90d7540fbbd23afa916fbc4c606a1ca73a6a0163a38a8d26e7f

SHA512
0e95ec36fbd67f62c54c52b5545eb2e05903e3b9a40b08529f27b7938f8b89f3dcbefaf5e24bbe79193a8083e2cb0f46b99e7d82345bae7caa2312ca70b37fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09d04d9d3035066bb8ea24f7ae4ab436

SHA1
9a0a6860104df06a8ae3616e68b73e49c53bcd3b

SHA256
d84c40e1611773482ddcc49ff050131de8926bccb9c58d27a839d1d4c582272d

SHA512
740bb4f8f30a8f69119f3b40075d5f9167da9cfcbef66c000fa4e8b0512820399edc0f576675c6a37d305e9f29674f77854424ce0b9a2adf3aa54bf4d0353928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a7c121c982f680ae5dbea3e086e5c8c

SHA1
d7a12a68c76bbe60748647ce6c53f420a7e92d42

SHA256
d33cd2dd6b6fa24fabbe7771339fd689337e22829233027bd65f4978d675fe46

SHA512
25ed4a07bf873cf6711a9f818a09f51151adae907636a7e32424f1eab4ea8709997be19dea2532c8ceb7e0112541ce4036c47d31da548c149e994e75f1a18323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578a8d.TMP

Filesize
1KB

MD5
569e49ea2a2492da7b81f8da1d9f70a8

SHA1
8f9b7a028d572daf8de1a80401d406f7ad615131

SHA256
ccc0b62412b3f73fa2ffd282237e6cebf503403d55ca6fd4106bc8d24a307e18

SHA512
4c8fbb51519fe955f8c79c47329c9bb291ca62c222f817b23fcf2bfd001ac77575e866e1ae486d3b1a088a902d42d0fec75f61fd222c86382fca4c2a628c638c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96ac5169dd7196e3d840bbf76360c532

SHA1
88a8099555976631972a06baabce9e720bbaf5fe

SHA256
5804fd4fa2277fcfb53670d541e74d4d326e6bab80e017fb0ae3c61aa357a9d2

SHA512
33523baa591145851e1adb7439e2f1dd25af9a71697c14c4bc07c87fcbc7aa86dd98e5d58342ed428218d8678b8ed3e48667ecf90cc8177a3b8da65db04ba702

Download Submit