hxxps://www[.]roblox[.]com

Analysis

max time kernel
145s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
19-07-2024 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
1068	msedge.exe
1068	msedge.exe
4428	msedge.exe
4428	msedge.exe
3272	identity_helper.exe
3272	identity_helper.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 4676	1068	msedge.exe	81
PID 1068 wrote to memory of 4676	1068	msedge.exe	81
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 4116	1068	msedge.exe	82
PID 1068 wrote to memory of 656	1068	msedge.exe	83
PID 1068 wrote to memory of 656	1068	msedge.exe	83
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84
PID 1068 wrote to memory of 4904	1068	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffec7493cb8,0x7ffec7493cc8,0x7ffec7493cd8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1764,13510250712188339749,13244269623578834081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe63f44aa3aa9393e4251b4b74226e3

SHA1
29eef15e4d60afed127861deebc7196e97d19e4a

SHA256
7787181844d106768f78847869b5e784f07c1b65109d59b46932979bac823cd3

SHA512
f0f7951b5d55c2cbb71add5ab0c2ed3617a6fdf93f2c81ee9dd15d9f7c67881b42cbfd97cc4d2f17ba8a383624b23da1897fee069ddcee34233c1f625062a1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b0c53c5fe6ad2ee4ffbde1b3384d027

SHA1
0c9ae4f75a65ed95159b6eb75c3c7b48971f3e71

SHA256
2e9fc3b050296902d0bb0ce6b8acc0bb54440f75f54f1f04ae95c9956108171f

SHA512
29f62e085d685d3b4902515790ab4f298454d0f8d53b6234fae9f9a0edffdd0d4edee57261e8eb0b94a4af8e86d3f7ab8b044c6f259576b89f91183002e58b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
91292bd00e5f8f756fe32fae65f36d32

SHA1
85b3b0c9b3d0b69f1732e9617781a69945431f4b

SHA256
e12ef561f2b894da929a9ae144fd2d7348ecf2bc73623541193f33460541ea95

SHA512
0343c2615890bc54bbff657ee023532f016eeaac38eaf75341a6cb4f942175326024ee732f9a805b6b1c9ef782cd4affaa85afcf987c613715b8d2d91d8ebdf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
da9b178d5b3b83348b3a819df2da9937

SHA1
f93fec677b9e7583c19b2b29aa0cda6567e2e48e

SHA256
8bbe46e925e3f0a359ab422a63c73f5257ec03404228f5207dd63163745784c2

SHA512
0d6a0b5ed6bbc92b95823cf18f76af4fb4b76cac7e1c182c3a31955182c6fc5ee85b560b0df6f9b17dfaa533a024b7374419f091af18a15b2670135aabe66030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
402bb37d22d2cc25e633d9eb91e11ef9

SHA1
c6871445b228ec88856564fb53c16d3fe73090c3

SHA256
94fc8748d8689b45a552e75c613c109d92bbafef38e8099a4c0031e7d87de357

SHA512
a9ed1d9eb925b7f2eb1deaa333209eff4174a6c8056c8e7f9f29c73e25a1d9db22ce84304a66131118cc287b2389ae6415af21acb08533e3fd803a22a4e6e7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c79bbc7242a9b9373407f2863c038bd

SHA1
af79c5b549cba9597a2c7f0aa92056013f4520d9

SHA256
62d88cdc0aaea6d5c3104557277fbfeb9e4ec1dc7f7bb60acf98cdf2062b34f3

SHA512
c58ea48506613a520d38ba5bbbf72b30eb1903d003a96a0a1efd8d46d05b572b52d3b6e9a400fa17b24ca6880cd22a2db8023357d27ac7bb585d496b8b7c5ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53bef9afd5218970b8dfec795bcf20e0

SHA1
1b5f437d870699036093a53b01f14284d46abf66

SHA256
c073e9848cea45115dc5fc9ed78e4b528ed09e8d1ebdcb6af3b59cce79c80ad7

SHA512
0b1d106f7c0ff2d6a3d80b896eabc5f4d47aecd330a4b6485407975b340f4870352f89c530c12dab8ab9a7b3e93de721174381499a5f572ec63b91265a4c1f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e289e424aefb539b788b4efa2f89c3b8

SHA1
9ff653b1fa49adb25cd92e9460e93ce322f0f5eb

SHA256
20c1a0f4a75e9d6b821cf228327583ce2695f3e5bbfc879df38f37f62c0c8f4b

SHA512
b48c993c0433a4313a4e08f56660230c113d5f818d3287766e9e619aa35321d55dd58b19f495a0f7a9c4021a2072357018349c005834c57edbaa1886f1e3c455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f6935431416d55223d5e8123961aac5

SHA1
fe282e1b1c096b4a431107bedaf995e56378c4c8

SHA256
94adcdb93cbd5db5560b28daae0db9ebd73bfc875adfcfe6f7d4f02d45b56baf

SHA512
5f6ce07f0e5b4cfe6ac6a929925bd348612135030885cba62c4486b14a0503f923eb119ad721d1a3ca12d00d21ca33c7e40988cb418e7992eaafde74fa7de260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580bc3.TMP

Filesize
1KB

MD5
bfc481a2a60717f101b3786edb376178

SHA1
223e94e844fa5649b7fb24ccb60bf0195c25d5b6

SHA256
c216d3e1d3aedfee2efb61cd21763ccf7ca7ee5eea548656dd6e46e9841f2c15

SHA512
b3014816cd816c22e34b3f5d48f40ef289c653f9c148bb35de082b8649a28423bee739d18bc7c3f67c831e4cc30b907214385e57b25eacc91f6378d457724627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
612c444e2e9c1b86fa7981e37ff35935

SHA1
0d7532ef37eb509bea3eac9bcaa53d1d60bb39af

SHA256
0314796e049404b104118fc9aabada6372bbd7133c0a41c985a6ac04e5fe8e8e

SHA512
6df21b37bf30e52c36b951a1fa595114d6a30a118dae6a79ff470251c1be10eff1b9abd249fee270040948cb57bb8d0e91aece8527bc3df0871b775c531519ca

Download Submit