hxxps://roblox[.]com[.]py/users/2450393726/profile

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 19:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://roblox.com.py/users/2450393726/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{A4B9FEB3-110F-4F25-9EEC-1342E3E6ABA9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3484	msedge.exe
3484	msedge.exe
4884	identity_helper.exe
4884	identity_helper.exe
4180	msedge.exe
4180	msedge.exe
3728	msedge.exe
4776	msedge.exe
4776	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 2780	3484	msedge.exe	82
PID 3484 wrote to memory of 2780	3484	msedge.exe	82
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 1036	3484	msedge.exe	83
PID 3484 wrote to memory of 3436	3484	msedge.exe	84
PID 3484 wrote to memory of 3436	3484	msedge.exe	84
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85
PID 3484 wrote to memory of 3036	3484	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com.py/users/2450393726/profile
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff54e33cb8,0x7fff54e33cc8,0x7fff54e33cd8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15176890372242360084,4484340441433926392,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
465d4b5e505b7f953c1cc44ca04eb642

SHA1
d916f5d5b2f478d0b10185e7ac56f6511e4714fb

SHA256
e615260e9b353ed0d5c0463f39313834da95b9b979b4eab3fa08654d50528677

SHA512
88c128fc0448bcd3ac6c035c3385a24a3612e7d488b8ca0aa71558cce800085f062b3706c07b81f2c774a0c67a4172f0a694731695ab47969a7f29616500d8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b1dd7be26f351fa540e528687d589a37

SHA1
f3bb18e4a9364a8eb555fadfc4a43e0533166a04

SHA256
13d0e09431874f23a1d458b8d5f2445376e5223e1424f05bf345708dba5384ef

SHA512
d18cfa20150e37ad0589a6ef7358cabc9f21a8d43f003d9286b0e4d899b13aa339ee210c0275c512a98ed5078c16659071e0e6b0a038a4ed7be22088ea5e9ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
70c96d9ad2a607dd51f8e7dee76a9595

SHA1
dfa0dba3671fdfd3f38d1c826bae89fbc08aa165

SHA256
07f88eb91cfd65ff8fe7890be4f02b34c9698b4590b69e956f44eda04b24375d

SHA512
9101652b719c656fe4ffcae9e9bfbd9c1bd0fcf32fa15a216cce2252192752106b4a354b3a368a6edf791e69c44764b93b2b63411279485fdaf30c217bb62e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
32b3a4a7ff0348213e4737accabdc55a

SHA1
583d0f4332f13685e8e8b098f6895c2047bf6ce5

SHA256
baa11dcced2d16e3b427796eb18318d80bd55880df03d35daa7fe733ab037f80

SHA512
ddfe7db7f36442db8aba4e4bfb361b190a0d70e27d88e218c2d5eb1d181052bc39116819791de6b646e30a51c80c83354706d76236218ef2854009c52e4957f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b916e21dcceb79c13e75bc461fe2aa2c

SHA1
1c67db5d49d9a9f7c60c76f954bd0f3d31339ff8

SHA256
8132ca0f35f993a211228cc08e3d3256318858a51a81ec423dc5fbd58519a4de

SHA512
0c59c70a502f81fb213401699aeac104c04cf877ff7a264d339fd0ec940f5556296f06376f1f993c1c6d8510a0ee8e9ec22aec86f9b5b7cec9d3b24fd3af950d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a59e006d1269b50e5ff9214d763a419

SHA1
e43cfd05925cc29e27055918c8c00010854285ab

SHA256
e5e70d41fc13fdcc8087a8a73ce2505f323500dd132cd6484cb76e9854abc94c

SHA512
23eb2b564ea2a1046ddff548e4adb5d01eb8c225d7b7a832117b0ff028b0d8a807e2a1c5c6e3538a94b33297d2c43649c81b559e9caa341d8d95bb96d879f420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
415e8e9f9b24e0703a326fd791f64dfa

SHA1
582f3cf623615ba6c469a4f2a896bad12eeeb595

SHA256
bab4e7389dcef560933adaedc171ae1121daab8ae7681410f6d34114203692da

SHA512
b23df11e941a322f9e2a0a4e44df14d2732066aeb056a5cd1e19dd25c52f39b46682a30625e147092c82e56257ef33d792551d58e90757a09dc6169c55486bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1c153c0db96b41a61d104436aac661a

SHA1
fd16edb4d005cf4c92a32024c38501b926e73c11

SHA256
a98e5d1ae4f2dd56b708af7fcc38221b0ae9924620fa9f3f70dd4dca90b2f01a

SHA512
4b37d046610032be578aea81b386a7d04c7805272c29d35c5532350eedf324b304cf90ae30c47e50f7a5bb2760b39187caa3e7dbbd51c19d31b4d5ee61d60d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47ca055adbdc61ccf0b1004d5982eac7

SHA1
0aea8622eaac0ae60a68e252d4bb0edc4434d0e2

SHA256
d5c9cd6e7c71163bb4f0cd5277814d92108fc3861f23e2066591ec7c7d45ca6b

SHA512
81fc04d59f5cc96455e8acefe3a8275aa14d1d723f3225af8dba6c74a9b49fc7fb5f525be8895e5a4b9638d9973d6b8487b69079fde17d84099e4771da0ee504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
990f531e115159e22c13172cfcb8b517

SHA1
03cdb1403bd90aa933d351b8e5cc5176937fe451

SHA256
5d2e08a35a72251c7d4ef2893174187533f977b5591ba5ea139c832524a52648

SHA512
7874bf9a00b35dfe1227bbbbf6078a08423b3567c1af35f54d55e21c66ff0a9870af94764d48f838b52be180f479f22d55b68af78f997c1ab97fcfc2cf374a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a5b3f20b661a18c97530987397f4a7d

SHA1
624a751f8093519aedef205d0bfd3f606139ce12

SHA256
8e1279f1987fa3a062f31139cb23eb3de62a2fce109c30bed77a8979f1adc4b5

SHA512
959dfc11775cb7b1dce68c6a5316adac7993aeaee4003eb17cb9da8ac2c957be2340f05a20cc01f65d127103e2a8568b4f9a306c3c0b6510aea0f8bae2ba2335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfbb3e4034b61a2998b334a8bd2dda5f

SHA1
d3e55e8e5a55272c56b82f7f673f9ece204fa09a

SHA256
edd9642f1ad339529f8e4408fdb6427126d86f2d701c1f2c243dd5689aab1b94

SHA512
2869133584fa0e0f054ac2bbd1eb25abf2757e378f35d26a873975bb93e2850d6e9f5fec01bd7cdd3ea3e49d78ae1523101adc40f3bb923bbdd23b9e6ed712ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02c5753b3e016bba23c472a59ef5a4e7

SHA1
8ead68d2d4d36907fd4328680a0c0608b74d56ab

SHA256
b8db1b1d296f14e953e2712ea2b449aad04a123927b806cd47ef4382f2b6d38a

SHA512
7ab503f5586cd7460237abfd31f4ccca2b6278bb43bf5421124dede0e8767bb615bed9c16d72f6998460d6c197f22f2f39a33ea5e6dd011e445d039921baea53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f99adf70ec7c249ff8ab5fc59a1d0773

SHA1
795c0b2044716fd7a61d1a6192c3637b6dc43147

SHA256
a84a4a4d36735bf0ca03246866ebc1b05f368c9e52dc173cad03923063515cdb

SHA512
3dad0717860a85dd1bd7e12edba3906bac29d6692c3dd5c0281b6f623bb52732703ff358a1f0acf5681063680f499387233e7136afef45b0080b96b803f6625e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
011f9ccd2c23dfbaaf86c826a4555aff

SHA1
e991c2e8562bfff7664692b029439ee3b4dc4cfe

SHA256
c24e4fa22512ccbb1ccef6bda518f21c518f080a66f32694e9aaf2c101c937f6

SHA512
cd1ace20fe81ac71cb314ba6646d570a6b38cfc5e91bf25cf225a2ee319de70147322669ed2d52bde8ae46671b40856ae45a4c6c387676540ff4919c9c1c3614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1bcb11ead2cd1e361ca95715588feed

SHA1
504a7493b8e24843e34c507323c266e64268e794

SHA256
cc58e61e424915d7d0c28203dff9c004e2d3fa7953dde4aca6458ba4fedd37a0

SHA512
87f65db1da8d2d8ff3619cb2aecbf1686b6b11348b0b5db7f9c070a1c9d3a5bf2e4aaa3952cc5b6d60ad550543b68cb444bbc21a4d0836887b79ce9380cfe939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5f9ed870a0559af500cabf4be1f635b

SHA1
d9ec09e3c5d987d4fc5a80392657388bc2c71a7f

SHA256
deb1b42ed49160f0125dc9dd8b81cc50d4736c74ab03d2e9378ff59ff1903879

SHA512
f7ba37e4f416943d6a4a0440769f3924edd028bccb36abc5e569b4b6e70b2828822515024546b0f68345880a5a9160e3c9b9d3a966cb9ada1a27db73aa6dd6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf58.TMP

Filesize
1KB

MD5
e8a410995a33a6464cc8ed56925d40b6

SHA1
a2cac0fcb2a700bc05adb949879a243927de91f3

SHA256
e8119f4968e33d4580c7afc296389ec03d0eab342ce87a44636accde56c79ff9

SHA512
ffc7edeee3ada5f5e4a53520c12ace34cbac13ec451f5ad45fc4955f77b16df2162cf61ade6a33f39341315887512d0b488fdd8be3d2c31328cd2b69f593d57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d33c68b8dbb8525b5a88e0efc0e919e

SHA1
b9081dca40c1d17a11dcec41d563c6bedbce9d8f

SHA256
f2b88104c7cd12710f0b6319e1ba1393ac0d5b33815ce47dba05b9c9bce46f22

SHA512
4e2df914421958f3f8d231bfbb8a357f86d784d28319352a6690026dca652a8c39f2cadef884e0f19e619d27095e9a67187381eaf3d33bcc59bb4ac2e84bbc2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit