hxxps://roblox[.]com[.]lk/users/3122864622/profile

Analysis

max time kernel
76s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com.lk/users/3122864622/profile

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3732 msedge.exe
3732 msedge.exe
228 msedge.exe
228 msedge.exe
3160 identity_helper.exe
3160 identity_helper.exe

pid	process
3732	msedge.exe
3732	msedge.exe
228	msedge.exe
228	msedge.exe
3160	identity_helper.exe
3160	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 228 wrote to memory of 4072	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4072	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1976	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 3732	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 3732	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 5052	228	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com.lk/users/3122864622/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa3f246f8,0x7ffaa3f24708,0x7ffaa3f24718
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
2⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
2⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2412 /prefetch:1
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
2⤵
PID:3244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
2⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15862803768302545332,5741257633950531305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:5252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
Filesize
98KB

MD5
3020c417c60d75bab45eb5bbbc8692ba

SHA1
9cbf1c694914b66e445ab9dccd9787fc39e464cf

SHA256
e051b84978d4d8421e774833fa27ca6e3ffb06e677766898cd3350e16c4afd11

SHA512
f02977e465ce26a0935ce893a5f85e00c225bcfac181ec190c3c73722329eac6257d3d4f32599f3c917d0e708d4231bf7877d029a58e6383fc090fd78cf05243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
981e9d2a9ecec219e0985fd10dd5f8e4

SHA1
dc57cb97393aec37dff32179630adbd2b58f02e3

SHA256
44cf2daf165c641b4cecc9d267fb693c77e231b36dc1baf4a0c323076cc76122

SHA512
e501641581378f1f4e5edcccc39f7d7f6a4f9ea6f0b68af71beb1d4f4fcb0f5274c4d349acd755eefc769fa4cbfbd4ee850835ecd0520afc19841af9dadcc4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
66cbc91feebcbc6472f69553f97a10c4

SHA1
6c1956a52f905afad7655c42620c262b2abdf710

SHA256
a798e29ead84cb40aab0d2b07a1f548bde1c749398fc0195347a89fdd3eea5e7

SHA512
d183f4829db172d3e6cdd1e1461f1a4693f68dcf6060e7f0cb0796c349eea8eaa6cfcbf833abe1746b7f5e116f5af25c7818a6906b22d95a68cfc290bf15d764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bf535fbab6c03ac1afa7898cf975d016

SHA1
cc15b65184e6d81e089ec316ce712ba5c7055624

SHA256
31ade183340cc41b88630851daf280916ffa96d4fb595bf74bdbdb1cd84410cd

SHA512
c2ccc36278deba51d562a35bf981479bd4b328309034364e9181bda8311db7585df03bee0d407c5d4644312c455de91cee253b5a65f96abfb858c8650063f4d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a9427954af79e6096394ad405bbea5e2

SHA1
98d0ca3e9ebb51573ff6414ff8a961079a09cc7a

SHA256
bc8f7ad6b657f9ca2998381e9488f949f4eee76c1e22ed1b56070f3bab252fb2

SHA512
c3a73e259541b4de52f1ec0d3a89ab48f941ad458fdfe83d6bd512c7a3ae70c035a6fe7f3c06c555e68f904955b794e09415cee067d57d5dcd6af4d823ab0d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d9128e6a6d3f8af8ae89fd0906755bc3

SHA1
bfe5599bd4cc2c23d08f40d40cb356a3f3301e08

SHA256
7a1e5dcc2102fe642762048c382939c5bcc3e73134fb733a941f62ec705fe550

SHA512
f5b2d6cc17bc8d1737ab43f3e85e002494a7023ea877af54199ef01f957af0d0d41bbd81e92c9d1b1439622434f3318d2380d4eefc3956c67be3540643c822e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
677a87b3867d38e7b114f65d56ebd59d

SHA1
1f4535d5d0e68ebd8bf4c1a64f08d46f80fb0197

SHA256
e557dd5e3bb9efa3db6ae7fcee0370ac1d019b9fdfbba2bed6f8e0b150e6baf0

SHA512
ed9ea9ac87ff24511e2569040886555f1b5585da199ec50882422ae9bdf200e1d68923d90a8c0e8ed697b3727a3cc90457a1876bd8d158919cfeb840ed02f511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1565508836fd4c1100c18692314a8107

SHA1
f60d317486a2409566775bda871983839664a1d3

SHA256
91e65aa1d3b1e584d3890027286e63ec237a5b4f6296bbd00dc33850971510b7

SHA512
c34c762ec3cc6a6f6d7c2bb940f5740370732b21b132e8fc12476b0a315e013815af57fdd2ba670910e592d54e56988855fa2d2dbc0a73e0ed45b82432747934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d16d589cab806eb6dd7729108005d0df

SHA1
6a026e11c52ff6f1d342e9147203f5bb564c5e43

SHA256
e0471334020b83149dbe22753f7772510212e3952df44fa4dcd082eaa67311a6

SHA512
b9c8f0547b99dffe3e0bb8b936e738e10227ef51be2e6fa7a9d757c43b5070e0a9b0d53c84ba6e40b5a8b711d8bebe623dd9cb9810dbd3edcfe58d2946321c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7dbecef2cd152b975e8b52d125faa1c7

SHA1
59657ae718c0526cf50be80c36ecd62185cba4e5

SHA256
a0f3c9b009e3ed815c0fc1bc2bf9fc7ada0b4b52e77af810fc879f0d5c4303e5

SHA512
be37edfd013fc61fcdb451b8a38bd42ba3578c8963c5b7b1c20fa7e1e8d6dc308c6e79f4affc53e647683f9e3477accb20354b022302fc4d17e5f12f2974ae70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0436675e903d557659d1aeeceeae497e

SHA1
74624cd5e026a64e224b6de828422b170bd9c82e

SHA256
7701eb269c372729d07ff9fbad81e29d97e4ebdbb23129b7a3341e4ba3ae61d0

SHA512
4f9cb1c9b4dcf1005758fd4c536849c3a751dad6fb9750b62049f9e4713a2f3333a37215beab41ccf1cea23e2b29d99ed88e0fe24a3e1b881fab35a433ecdd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
f81bcf402aab0cb3c7a4072b56e1dfcd

SHA1
b9c951adccde81c96cbbae3a8e2629e3c3d9c103

SHA256
1e7f58d5a549468d78f88fe0ac95aa4e24027c23a885a8c2bdf65dfbdf9f2654

SHA512
71f758c5de2afeb50b943f8f00287ab916cd317d42d5b779c9adf39166d904bacc1c3e38453a62c6e3f129c940d252ac25e9773dcec2031b8e49d06265c59b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9079aebc5d32c3704107cdf6db5d94c0

SHA1
272a0e90d602761749cbd5499aaf773e38aabb11

SHA256
5da55426983925f37fdfba5689316287bfe2efd354da4f7b035392778c70a313

SHA512
b0fa430ffe041849098c6f52dba89f3cc8497d5b92d92a3683637c1c73b862fa2aaf370da1337080c3597b733bd700af728c346016ded115a16dc6ce42354ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5b3.TMP
Filesize
538B

MD5
50bff25327e24169c7b823bc3c5cf6d0

SHA1
169459fb924fb9b2fb063cffb2a38b51f6555d05

SHA256
49862a5575897f4a8387ee23a7982522439685f80c5aeb245137fec59f1a1c99

SHA512
0d1183f9807263a629b9c2d768352d5339b39ff35d0e37ee83fa0c8746d2b4e395de555245d821c3bcd2a90d75c28ff927f12cf1803d37bf220e4b2add6253d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5e8b40a4486a4bdbfda8b9e0d4fa040e

SHA1
e39c4d63d363c487293908b4c555cc7a03851a07

SHA256
01d846b1a17aa63fd3fd057a1141f9e1f5eb1ae5e3a5a3f807f676591575b398

SHA512
ddb000cc41d723a641da3021c827bdb78e0b128a6695dff15b8f3b6f2416e082960381f19845c65e245eb2b92bf49dbdba7ec14953c8f48d6a01c4c3abaaf74e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_228_GDMABCMOMLEYLHZL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit