hxxps://www[.]roblox[.]com/games/13775256536/EP-72-PART-2-Toilet-Tower-Defense?privateServerLinkCode=22018829464594020330276667533702

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/games/13775256536/EP-72-PART-2-Toilet-Tower-Defense?privateServerLinkCode=22018829464594020330276667533702

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3956	identity_helper.exe
3956	identity_helper.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe
2588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 3520	3260	msedge.exe	86
PID 3260 wrote to memory of 3520	3260	msedge.exe	86
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 2084	3260	msedge.exe	87
PID 3260 wrote to memory of 4260	3260	msedge.exe	88
PID 3260 wrote to memory of 4260	3260	msedge.exe	88
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89
PID 3260 wrote to memory of 3532	3260	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/games/13775256536/EP-72-PART-2-Toilet-Tower-Defense?privateServerLinkCode=22018829464594020330276667533702
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf96f46f8,0x7ffaf96f4708,0x7ffaf96f4718
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5446628347147521511,2672443734107490565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
71f2d3b55f41bdef08259cd21d7df672

SHA1
b75559514e91e37f7cc73ac5a28410cb2f952663

SHA256
e14dd28e8ddcf93700352225a18eb7f4586169b7cd4ca8ca48b44d3bb744a42f

SHA512
eab7a277b36239ffcf8832102cab179cb94242ecef678491daa38d5b8258c7bf35b8955ecf030c46d4a056677782e5f4aa6a55dab1611a8c2c092467e8c03c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
adabdddd37d1769dd9f428398bd0a432

SHA1
6588a2636be03f82705e69b2080190452c329ca6

SHA256
ca765cecfe4b2f6c8452188201d3c24d6d6bcb6d831e1ab89aed64002102107a

SHA512
a707a85103b0b1c6731f8e774b05933d9b218dd36b7d916d55209d489756861565ad0aa967663e965eaa8295595b8de9668507cceadd8f7e3382b787483854ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b25f58db078b93a9455a714c0b93c349

SHA1
97ea6107d6daaeb9a3678792ebdbe972b436d153

SHA256
dc69eadffc57ae8b8e0ad9d9ad6a433ba090bb5ae55110ac8dc35e48219587cb

SHA512
04f8eddf6fa1ac32aa1ba88786e6d9d5d6de0dc6cd26b3268d565c5a82be59db492a878b2d43670f00ce0ccee723b5a6a1d9a055238097c6b9270e3eea7bd2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b8cb4c4999c6ef35d73b02610716821

SHA1
54d3ff9194cd6117efe97c437dd25b2c1c75c7ce

SHA256
5aadc63f6d87d7ce3f8f8b8217537f9404642ef1dac6889c8a58eb12f4086872

SHA512
bbcde382fc893fbf23e10e87340c5289d1bf7e6ed7aa966b9412fcb5524232d24708fed157819d51aa841866263318b4cbfaf0b3fc34f835afb5e00b767311a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8bda6a8c48c42074e6cf7748dfbc960e

SHA1
5efe853321cfcf7dce293982edcfecc8e46d1403

SHA256
678108cd9c3487fd1ef4dfbc09b485d9dbbab84866f442f2e5e96a825162b981

SHA512
50800f172c24d03031011847054702c789d14919742cac680ba0f2cbb155d520433eb5616a39474df6f43ad3321609f90f2893b26ee3df4df18d5260c7a34605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ae4ba32bef73da1c6ac7c9c9c53cbc5c

SHA1
a5588aabf1597a728800c97bbb93e2e511abfb9a

SHA256
d3cd48e7652ff8911ca5163c2b34eac3bf5885d3c7d6fe562ec54f25e9c0b4ca

SHA512
d083957f0752a251c14ef517a74fa50cc0c3ee9f43375c99c986dad1f28685685fd50481039c2f4a7a4a865dbadaab7166f09cbd0a597490cd745a25e260b1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d89e9adb4adf8e4e44a9cc0bbc26acb5

SHA1
46057b40295cab22acf554461b3c6d5ec87186af

SHA256
5ecba5dba4c8af4525300c5ef651c4923c757d0f3b845002e2584c86ac1a0168

SHA512
0e48740db3ce00569e61948f99d60efb0990a77d9c83d1f2ab684d9c820b37c36b90fdb21f72efb7714256e572dc078b823c5cfb0d58f278a74da88c07b18720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578b77.TMP

Filesize
2KB

MD5
391475d0e528a6984936bb533e85392a

SHA1
422730fa9c53abc6cc0beeda0a0797aaa176b67a

SHA256
aaee8947c137927c646432491cb5d2a08c17d526641085762499425c3ee77535

SHA512
c24234a298382fcaff553abcb8f57dfef03ac917dee2025df59de91805eb3c125299da55778d1eb6ba5d58e50d91b5fe15db7864ee5ea434d505459581329e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ebbe24681db38f1fb384bcb0db5dc366

SHA1
cb7874c3d43170c875ecc3fa08fda151c63a6b97

SHA256
f28e172d4d1f466fec3050feaff1a0e0bedabe2ad76abd0b17cf8c603698f678

SHA512
c6e22772b32429499546aa9c7ea3ca79c4a898c909757f7ff1d5635429e14da99ca9137d7a267bcf02ab5d61c391e29bbb5a7c24333b41784260a5c691c13ee5

Download Submit