hxxps://roblnox[.]com/users/5500427381/profile

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://roblnox.com/users/5500427381/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
1848	msedge.exe
1848	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 4576	1848	msedge.exe	83
PID 1848 wrote to memory of 4576	1848	msedge.exe	83
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 5060	1848	msedge.exe	84
PID 1848 wrote to memory of 3256	1848	msedge.exe	85
PID 1848 wrote to memory of 3256	1848	msedge.exe	85
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86
PID 1848 wrote to memory of 1916	1848	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblnox.com/users/5500427381/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0cd46f8,0x7ff8c0cd4708,0x7ff8c0cd4718
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,18245143897980647489,3185383346069626848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b55d2d2ff2a4d5d7eeaff5ebb96f3b4a

SHA1
12d94b9e84142b10d6347a2ff3b634a20f692c7a

SHA256
3d249eae36cfc3837b043e4b8df670724fee5657b302c77d488f1da3d835f776

SHA512
4dc2fe1eeaca5f9c91d548c70a44ffd12b806a385e22a3c5f724b6f749a15c9ccb3ac1a752c63225bd4d1d90f2b25d8004a15d3912ca6a3cb92fcba91248626f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94c981336abc388ca817dab46e7fc547

SHA1
2d0f8d89a31adb0aad5c599a195ff40ecf4b161f

SHA256
4d44efbb5447fedc3cb21311290fe6a9d0e5a0e682387a1a341bd214df820ef2

SHA512
f1c9c98f6642ea3b90c8667a4871d5a3b8c05eb0c50d5dc31e32704e0eeca1d33add414df485aced130523d6be824c48e37d0022b4d58db60006efe3e337fdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9e6f89289c62b6ab2a5a00562e987efd

SHA1
2347985008b8c0fa96683c8be77254dc4094ea89

SHA256
69a0716959bafe41425d560f6ef00707a9e1c3925f523f295a136644c9361976

SHA512
9bff72a3ae2549ae7e9623ae5989681b18b1743b4759e52b333122e69cb6caa95f2471ca2dacecbaf3502b1828b2315cb79547c6bdef9e30a96d3f044fe7be29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
500B

MD5
bb7e15ad49045a89eec61520d5011cfd

SHA1
dc05782c0c41321142fffc6d00183165f7560fbe

SHA256
74a976ae1f014b5198be4d6f623b7996c306819c99a62f037b4016b7c088454f

SHA512
ba880fcc45d982397c574db5d2d5173e411275f9f87c59049ddd72c4263246ac47457100c4a7c485124b42abba85cd3d83f949bef1f500928c5b6c8b248f55c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7efafcc4ab07f2ed557af1098542e3d

SHA1
4b18fed83e2118002b463dd17b1d1a47bb39dc44

SHA256
aa38ad12a1ffd572893112c82d1391695ee92b9538d6cdaf1ae87a77db7437d0

SHA512
be2500858bfef0bf2437d22a96c46faad20e4b7af748608f9dd030a2127b2cb9241a99a39fdb0798b0344849d2125319e4170d7c23db34b4d759dd357d40cc84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42c133b89c3fc0d3ecf3cb181e5b19d5

SHA1
3006ccf943715cd99bad8f22dc7ef4fa281c8f90

SHA256
09d3410986b9a6125feb619f92658870b0f5eb4db9e0a3727ad291d959016739

SHA512
65736bc1c71fafc5409240f6a1d39f55ab2e6bf9e73bc4a271d3fb7c8a25f1fa5ce296342b7c8ace1490cfadd4d2a54353901ffd927e6600015cfe6844cab549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80dbda3eff8e7f9dfa9052a6c03b7d3a

SHA1
054c8bf36b1f2d3386cb5ab0cb6892101a04758f

SHA256
8dfa91f590d5ca66b3e87f13f7cf1614d72a1026b3103319f1922937c737bd26

SHA512
03391936c86e047a274f14ee84dfd3032eaafa589bc60bb4f8a1b37be37b6a42ddda07336762374a084b8d49eda0122359b9febb1670cdaf6c22ec49f3f4ce3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
3601a76ea80bb08d0f741965bb883541

SHA1
fbc0fafac1f87c8ed522d8515464ec17fada6435

SHA256
baeaf6e73f726f8724a7b2c015eeab26dc6664a0cca21113fef15131232b76ba

SHA512
3fa6171a8423e515060a4346c2f13574f2759778d473cbc46084d11c1c1849917026907b8f1cd4b30c44831ecc2783f592229207abb5292ea65ffb9d0da38be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
937863876cdc9401aa34bcc11c512889

SHA1
774994a5b628bae77eecc867cb88bd2657c9a392

SHA256
2587bc15572669586f7803679748fd9a669d0da79aceb50d7ea9f1ffe8c0778d

SHA512
07d5e413505e0c35d634240e7905a2f7e87094eceba6fedc288b8cfd9589bd7e67d97185d708e6183dfd355bdc2dd17d695948e195923eacb5931e311678f018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
b9732ef2e37823e22dea94f5568302cb

SHA1
40d6dcdf5c23f32fc6159113646967a67b7dcf51

SHA256
f7c70e9f59100e7b595e549cb297cf6289b5a58c07679bfad99d043b04e2bba0

SHA512
14dec40a09ea7b705fe8feec7e8a387fb8688ff86861a9e02d119b91ab97e19ae74d28fde4d03c29a6a5be6e28c234ace73106325cbe220c809c2dffccf45dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d174.TMP

Filesize
538B

MD5
2fa8bb67523c4dd6d2895911030a7d19

SHA1
7d57efe48d0482cb27984a330350d9eda662d09d

SHA256
5ee43a8086b37ada2b53314911d8f4db3435ddea55724d2f733d8d31841b69d6

SHA512
b0dfddbb6c397d544c89db928132b624cf71455c2c1cc07da81a8c5405b685d59141e5935ac938d11788917530dd02fb3961f9d458c39be09069afe9bc667201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8abe3a9470a8dbb4d5ec473c3648a7ce

SHA1
7fe9e2a43c7de9c0bdd08bd681880e2d4b2df1e2

SHA256
93e0fc614ea525424ccfb2ea7f2d7c0acad750238d1d699a28198471e885a12f

SHA512
bf25b4f6b8a3fc591f79d97bac24f7f673214846c14eca48be4cb88a8d109975e4575b41d830b632160f682cc91ceb5409b1bcf316cf071c80e7d63a5d53ac4f

Download Submit