hxxps://roblox[.]kg/users/7427242753/profile

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.kg/users/7427242753/profile

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4880	msedge.exe
4880	msedge.exe
4768	msedge.exe
4768	msedge.exe
748	identity_helper.exe
748	identity_helper.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4768 msedge.exe
4768 msedge.exe
4768 msedge.exe
4768 msedge.exe
4768 msedge.exe
4768 msedge.exe
4768 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4768 wrote to memory of 2732	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2732	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 2192	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 4880	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 4880	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe
PID 4768 wrote to memory of 3420	4768	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.kg/users/7427242753/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6d46f8,0x7ffd7b6d4708,0x7ffd7b6d4718
2⤵
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
2⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
2⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8507566334891681100,2404824032699643841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
bb7d6d47da6169ae9cf3d940cdaf22c2

SHA1
039b88f187158755770e5c5d37170adae3850324

SHA256
63012d09dafc131c1a067c5b2424b9dc28fbbaa23136d4febb7f0d0b6adb5bf3

SHA512
d6f4945faaadf8b251d52ac55bb1340662a66296bab193505d8504c36df9a61a9ead113ab5f064a5cac799bfdbb8d50b590a38eddedebe60b5f55cca89feb5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
324cac0bd0192e56fc3ce03498f1ad43

SHA1
a01c7757198cdfd7c55a284ca5d925ef9fc96a68

SHA256
9cdcc885cf45afe0306815830d952d0f12029036e7b46ec04eccf00b49cf4a2d

SHA512
2f4e672f422b368a45e361fbc51608c56ea81df005fe870c73dfdd3f8e7de13da746315f82983d5be439d7378e783bf637b8e724297be84c2096b0a7df643342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
40ed4db6f565fdda9723e1519a1e0a1e

SHA1
502566b7fd7570eb0fda02e9b543fead8354924c

SHA256
61edd52f322687b3bf483d62eb0b3c436250c4288615c0d0058761011f7dba21

SHA512
22b8ebb482726fe4c043047da4c96bbe1a45fb7fbf75e2a05a8aaaae0bca03b61d6a35bcdd0b5b8848e0c546b0233b438a4c8eb257a8961c5e84736c98a9868b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5aa434b5a44ec27dc105b871d2241866

SHA1
5f9a29b87645073d02af20e612d08e305590e384

SHA256
10b114849d1d8480c743b944c3d1f7e257a27128256fe896e0d79d0064d14194

SHA512
904ce33aaa4924dc6f736b33978f6ed3fe8bf1039cbd7ff139d72f7e240fe1343340222d3dda63614e265fdfddf0f261bbb5444877ef175d6cfb9135d70a6c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
070661a62869b34015dd4bcf65dca5b4

SHA1
7620aa9eed1ba351b9abe6e4c8513328ba5b5854

SHA256
728fada277cf1d136ed14c70c280deaf412d8cf25df612f5d0bf5eff50e28de3

SHA512
edee2a6a3dbe3947ee86adb2ec99a2ce3ca51e1e3b484ab265f0b8b9e30a185b3afa46653cb1aaf0dba05ad6d0529f9aa790b3bef88b28ed65580ffd3d8d77e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6d89999a507d5117f12db34a13748e66

SHA1
c90bf44cca24dd73149f6da8f8f496460a88cc5d

SHA256
50150152698fc14240f88e4b376d8cb5afe8eccd456329534ad42953418c06fe

SHA512
7785becbc5e50a4f665358aa0419c5382c4ee28a2e81596229ea9c4271d3752b3e1e49296dc45c9be4cefca14c94c493b8657c2bee81b0da97b02e703d7e5859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
06d64bf7cd51d8e107cba0d152d818b4

SHA1
de642b4e0eaca3a42336f93b0ca795e61e700d85

SHA256
2318bbe30576a858616c094fc670048d240ae41d78d4190e74decc9244dfee26

SHA512
debd73228a1cfae1dceaa885dfb7485cc1df20edb33b02a345fc1e126df679d601bddbc41acfdab742c630e373a37ca3ad60f4a170d8b5ba41ba928825c2734a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4799f8009a20eed898f44f4d4bb9752b

SHA1
6219c5bbc3fee52f8151f3477b0c536cdb43be9d

SHA256
8f5ed1e48a69600b397b283cc4864e6651cb623d5be0d3636627af7215d5349d

SHA512
fa85e3a4510ea56613f8f676830414813d8ad9c619b1707b7e64fe90d08b2ec69a643547cd33fb70897bdd7fbc4df1d8e575e7f9210b1944fb3e29a4c8af18fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
494b1c18c60cf99c836292699196a80b

SHA1
b95bea9bf26531ac89b5dd2597d4a8187e443d10

SHA256
f020ac71740b37c721c27b81e797d6c9cbc7795a99cffdee7a4aa0d2470413a6

SHA512
7212f3c5a8aa6de148f573dfd4a2903a7729ae5ee874c22a5c9afb062d363520544da5db006b9915d2948c54d85bb44dd0c0a5a31a3bf575dca09a79d906f482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578e17.TMP
Filesize
1KB

MD5
74dc125f4cf70d78bc473878297a803e

SHA1
e01a86649c51838c06714f8e6709528fb718802d

SHA256
41332a39f7fa42245fe059476c01502fa24f66f3dd189fc6065793359b2f1d29

SHA512
b1710a198cc0c1a9dec428b0f36a3ff9b4436dcfb0550a491ca9fe21e859b87522bf1dd52d1397fbb08f612b90cf318d51409f47884a79cf0e08e46c7f986fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
98b189106743e2e143dfba18deeaf053

SHA1
cb3af617adaea5d9b45253a21c4b3cd323f8b1e0

SHA256
dd71bce42c554c4de8262ef21093e442dd460d8064db2a4937df745a88886aef

SHA512
74020567c1091f00f73ce9dd2be4328d6df9ad2f251d0a0e9964d958d9130fea2e204946257602133ec75525211b212914bf3617006fded36e2ab3e9cf6a3375

Download Submit
\??\pipe\LOCAL\crashpad_4768_ABQQTRKEOXSWETCK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit