hxxp://s[.]id/claim-free-robux-here

Analysis

max time kernel
240s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://s.id/claim-free-robux-here

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
3592	msedge.exe
3592	msedge.exe
2064	identity_helper.exe
2064	identity_helper.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4768	3592	msedge.exe	83
PID 3592 wrote to memory of 4768	3592	msedge.exe	83
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 3956	3592	msedge.exe	84
PID 3592 wrote to memory of 432	3592	msedge.exe	85
PID 3592 wrote to memory of 432	3592	msedge.exe	85
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86
PID 3592 wrote to memory of 4828	3592	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://s.id/claim-free-robux-here
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ada746f8,0x7ff9ada74708,0x7ff9ada74718
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10308157273632587922,552052452843260287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
0fc3ee8d464c87d5b2cef2958f4f3ef1

SHA1
fc9e6fc7b3953178ba3aba5fd1a2354582c541bb

SHA256
2f67ca832d50de11e90ff5b37fe319f149fcf0920216dbc3fe0c24313b7ebde0

SHA512
5edcb8e72efd968eb989524734b891d39de1c58212c8aa085cda30e203f62dac2aeb6d1ff799c57dbe2f4ecad1a7d86705b9ef74959b8278b4b9018121fe5f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eab86ed9d2ab74a78e3f0af97a13b3c2

SHA1
4cccb385446a86395fd85043949b8825ee69e84d

SHA256
27dc5b8bed3a1e41b482fb65cf4958ade53241489f972f07c6c611f9de1b0ae7

SHA512
6e9e68d7460565b2c758ac2ca3603e0ff231674486bc612ae57f4fc4ed204a0430dff0363504cf84b65ad9a016cb6d894534b1ccd719833ead94ab70fbae25fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ecf4f57dfbb15ee4af3456053f5ad6e

SHA1
ce069c9562b8935e08eeff8065bac1a924a38bc6

SHA256
8e02e7f427bfd10a1e2ae6edb6643cd2e307549e31c192d14d4597bf49989914

SHA512
e944bfce022583adb08ad9d9873b450c882811d9f8fb6da0f13d0597e1dbee07c647f0b8dc5c25b4706cea4f772ee2bb95c709434b4ee6e5a2d90f591eeefa59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e06537ce2e2361dd7da282a993cace5

SHA1
4df3d719547aff6abb34cdc7e4f9d1a79177125a

SHA256
699ae496dabb59738548324f2d7ec2b1919d0b2d83a3e3668fa733d8085e2229

SHA512
1c5b454745f3acba0d15942b7227be0f3c50233cd3ca91b2e8fa351fa957153a040a920834d39a279893d0dc063ff8f03501ffb665cdbf79e99aea7d6450d479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cd4db8ccc20f9ff47788b480843129c

SHA1
64d8f433021d482a7871d4b7021aad967da87fb3

SHA256
dac72c77c23835c03bcfe5e281f005037d0bd0392a3a27f691083265687e434d

SHA512
0d553cc3dccfb77707758c2566a0838ff8ed61adee21978848c6da60e59e0a64ef5b4cc01c15e118ab1945aebf4a25d9cb8f8a3322e2529d10491c22ee8de21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b485ef8a807a6efa995d69693199f9a5

SHA1
3f23f2139eef653d5825eb6a8d701887ee44f812

SHA256
7a131e23144858a3ea28e8bc01674e747d7d823e7bfe8a2a293c288ee43529f5

SHA512
d310cd0ff250114fbd1bcc6a249a2f747bbe366b93fdea6253c338b15d7da32b3cc0577df7dffb8607c666f17c99d4c9d45e51b570c346b8378b73f519562d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f08a0373568393ce41abb24eebc095be

SHA1
0803730e156b687e874da068e636ac707bf70fc1

SHA256
f3792ac83d2e25bd51a3e716d3bc0c3550759fac22eae3ebe6547db0ee628cb1

SHA512
112d96e54ed815d7982f7be3956354a9af16889e2d90f0499d8b4c12183ce82511a8be3675b73d4ad5141654cb459fb4493a8748375bdd65eeb9ac12d32badf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f3244550e94c3634051fc13ac3b5073

SHA1
8129efa05ff84bfb21eaa0b49376cff922a8c7b5

SHA256
88f0afe8a43995a2a969d02e370495402852e3d8e6fd7337e3a92dc86c658d73

SHA512
2b9af6c4e6b6ba4205abc9ce41602983a38cbab4cfb94fbcaf81b6508c09f1b394e965e330bce1ab0ffd5ad57fae4ff7c9d021e4102c74e5a006dd443057497c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
916a17fb8371a0c2d28b0cadd948abd6

SHA1
da9f854f3a953439ec512ff75adb0b68b100d0a9

SHA256
05a3d097398ce162d544ed387ae4a3ccfa7c4664c4699ff6754d7e1bd7bd1432

SHA512
635398dbe42824c3c320f910e6259759f3b6eefd41fc7d98e1606743dabbf3ab6292628a1e552a3430969cd2620e27ff48f12ad9914b4fd88376588e77d94539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581652.TMP

Filesize
704B

MD5
f5c0b95471ce1a617d07e7419fd61398

SHA1
e8bea885a330305a744a52bcc93dbf20e63fa132

SHA256
116a76de2152c10bc118b5e78f94d30e4c950c99bdf71b41303733b3f894f2eb

SHA512
e198bfd166abc9fb95e7ca0e570f98cb7d178334b7763abefb9f1e3f4243bd92eede3ab07b2a0573f78a0c233da21b6ac7318183c93071f7f853221f3195899c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\baeb48b1-521e-4fdb-a8ba-601899395271.tmp

Filesize
7KB

MD5
3f3bccc45951bd84ef0e7e37fc1b4de7

SHA1
d107f1c7d58b5fea7b020b1464d3a21445338332

SHA256
e9d386e9c01f623cf43b8da02d6046633b8162c5fe86f4ed2083a682ea44a747

SHA512
12f30d4f2283bb2de932f0a2891b1702c3103c0ee570395539da11bc0cad941751e043e3aa1d5fc51d6fbbcf831c723803f0c23def36bcba24c35a421d92b1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c9045ceb-89cf-4f3c-88d8-7d1524f3b2ed.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b035a56e2f4d973c83c2bfbf9837130

SHA1
e97251af47b448e6b044f3acbd0613d9f289b8d5

SHA256
d91da4725befe99a93c19c0c61d953b1f6e0dfe501d931f9e69a958d4b224559

SHA512
643a00d87cd2607fdb59ccf82bb2c54ae97de4a9934d5cfc91cfc8924a22af441db93ce84b4379b8e619e1bf80808355d109c6939028a44a09a918b9973cf7e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit