hxxps://www[.]roblox[.]com/share?code=2f73a511ac78d641b853a58d45b4ee94&type=Server

Resubmissions

30/04/2024, 05:41

240430-gdw2saec6x 1

30/04/2024, 05:36

240430-ga1wkaeb9w 1

Analysis

max time kernel
62s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/share?code=2f73a511ac78d641b853a58d45b4ee94&type=Server

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
1588	msedge.exe
1588	msedge.exe
4596	identity_helper.exe
4596	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 4976	1588	msedge.exe	86
PID 1588 wrote to memory of 4976	1588	msedge.exe	86
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 4800	1588	msedge.exe	87
PID 1588 wrote to memory of 2436	1588	msedge.exe	88
PID 1588 wrote to memory of 2436	1588	msedge.exe	88
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89
PID 1588 wrote to memory of 5088	1588	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/share?code=2f73a511ac78d641b853a58d45b4ee94&type=Server
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdea146f8,0x7ffcdea14708,0x7ffcdea14718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11414454155886326857,10137708798879053212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f89d61d41d9c6f9f5eae50c2fcd76b56

SHA1
eb4450f5a8ef051d6f28619c5e4ccc6890dc7fcb

SHA256
a17590fdd22e9383bf906aa25cbceb1888b326038608239fbeb3c40455cd8adc

SHA512
6e56057883c4716236b62d89b788b987ad9849aa33952547710c021027a1ef99e4694de0fe8e3c62775e43a20c1af65f7cf13b6e426769861bea94e0009b174d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d9714bcd07db862df6b900ab49bfc26a

SHA1
7630a71c0ca94160554ceb0a7086d8ea4c1e4fe6

SHA256
55f7259e7b8923d975b0959288260af5c40a4724e7610e80b2511444c4585a9b

SHA512
54c77fc118ef123e4a2b52065b510674d0ba479ffc54be035f40e98f8e0b4d444bbe9ade4cc3e3f8bbf84359ec5ea84fdbad0732d68555072d88a80b103717dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7938873a9f251211378d2df23d69341c

SHA1
05cada29a171a4a9758f3451a3a952e74b2ad115

SHA256
f914a2c9a272eff81f5d18c58b73284f68664f8797c9d2e87b0c476fc73b87cb

SHA512
b3365d8df646e2a98a55abf2f89c7e71e94b39b3d91d3f164e66b9d15b33070a96f86b61c56431eff22cbfb8d4da20e518748b5f048cb5e9e34e05bda525e3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
458a52a622ac88d6157b34e3042ceb82

SHA1
86ca9cd678b534e3fff36d6147f3281ee2ff52b6

SHA256
ab6a2c9e84d9444a56c626e01c640f27dc1e31d8a949fd0e34b9c245a70118f5

SHA512
d57098ba30baac2ac47d38d855875289d677dd761cf725fa658b92230bac0470237b884e74e4fc061a6bb08d83a910d3bcf83f1ed7e637d02f31fbc09a785d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
21d7a97d619e1cb13193f9cdecf0a86f

SHA1
55849478c63f3d34645520be04a81f23f77f23d0

SHA256
d721def1f6f4adc1a91e4afb3166e6dbb606227ef3548e43e02c4daf44d4778c

SHA512
73b6948421f77123088580f58aca97708f82010a5cdd2df2e3072e0e657e84de1d7d67cc304d5b59a3fe549555cf3a3def3044e0438ed9a7bd09aefb24eba75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4fb79d3ec8474efd4121e91ab76a56db

SHA1
e237ebf6decc59ba5892780234aaa02d27fdda4e

SHA256
1b8880a94e5cb7e0fe244b8013ac676f81d7dd664501505c0f08aa9c2aeae591

SHA512
0bf0400e4f38225e628f94a8c073ef2f7864a9c3f5053e3cde855b680c2b52bf55ab3de47648e6ac83df4ba5645b69579013c1d97625c59851671d5c68b9d4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73dee74629e81aa93d6c851485a768e5

SHA1
a13f5e2ffcd730478f0933bdb6ddd11e6d686c1a

SHA256
c8297cc441c48a682c15e03432c2038952c2c8f73e0eca0fb683c9adab3c60a5

SHA512
9ec50cd10a89b35cd67a60e8ff5b589535610d6518cd80e7fa18a87a2673c50a31814aef6a6a9b3cea1116dadb2f1ff88385561bda7140b61cb5444b52765242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ff014cf60f51f088e714f2ab2177d33

SHA1
87b3cfada7da68c503f218837b1208eb44498d87

SHA256
c9dac46cecc946c45a93b2ca3746ffc5acdd926c155871ca425c2c044f37ba21

SHA512
6521a91ff89e5a2a39e2083d5cc62860d44787a5a1b0de01f2a4d3515ed06f76df3533348f061124dd67d822b8fa5d9f5c74c63b1dc8d5d39469c165dbc1451c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57956a.TMP

Filesize
1KB

MD5
3c0278abab4a5d80d1747461a63fba08

SHA1
32df5271c55f7534f020694dd6cd84087c3f8814

SHA256
2cb7836a5e9c7fc04467181d9118e805d11130bf8c05a866a600c1ae667afa9f

SHA512
3119e20e89c5a4bb88aa931085711da8fd877e5980bab1fb32e2a1f5ca74d07211367d9b097f655bbb3ad7e9f0bbc7eb42121c2a7e85d98364794d589839e5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9615fe5be09265fe6925bb03ccc5d5d6

SHA1
941d6bfa1a8f73bf732a6d6296ecfd9ba315916d

SHA256
18d878ca948f895e6463b5341298ef479b735f5806257a6e3adfcc07ad9c46aa

SHA512
f383fb8657e876f9956ae11e78f32f3ae75152590bf63a743c46b8b7f7832883cd733dca3b8794003313c0e77b13b96138a3d32ac3a4b9eb014c218feb21a470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03f6c537ee476dc0f6c2cfea57a1601e

SHA1
0f0617b2dce43cccae0d64850ad102b09741e626

SHA256
895b412b78f42b7b401f94a543b3d39db22382eb31af0a486d44c19723a7a066

SHA512
a2af1df942a8d261032c8860ef6665b2f52ae013ddaa309b4b890691acf3e291594797d92480310aaba09ebc4dd18f4170773b28b4d161f33d07f93e5a6815c9

Download Submit