hxxp://roblox[.]com[.]ml/users/6093649650/profile

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com.ml/users/6093649650/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
2888	msedge.exe
2888	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2816	2888	msedge.exe	84
PID 2888 wrote to memory of 2816	2888	msedge.exe	84
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 5100	2888	msedge.exe	85
PID 2888 wrote to memory of 968	2888	msedge.exe	86
PID 2888 wrote to memory of 968	2888	msedge.exe	86
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87
PID 2888 wrote to memory of 4540	2888	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com.ml/users/6093649650/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb08a746f8,0x7ffb08a74708,0x7ffb08a74718
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12599524982400155295,5442792265737679369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5636 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\786e9c62-2fbc-48da-9b97-84a3892550ff.tmp

Filesize
5KB

MD5
4b42761385a135bb1cf48e9610fd26ea

SHA1
b460be516d4f177c4c50cdd9a9282bb90b7e5071

SHA256
531243031822bd08b3989defede599a906a0f48c49f9d872ebe01fd5e947ba33

SHA512
f74e40046a07583b8d83a95009f1d60a90f8da18afc33350cb9926b415fd49c7e004285338a12113bd2d787afd4f806f71bb1377664c15b2708c250f6398ff23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1e81761d9a8b0f96bba0204baa6c9049

SHA1
69965fd66b983351e37222f1454d2cb191df95d8

SHA256
5f41e9d2811986f8ca1dabb0fadc56a5033c7b3a3a198da1b1cb7b309ffb23bf

SHA512
87fb3cd15ad2376cdf7cc1ec4501320d37c99e38ba847fd7064059bdd215535c41354fdd808abe8039a3fa5126bb7397c92c0df0c77b8ff388729543b38dc536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
507e4fb04e38183bf21fe0821d571f2b

SHA1
85810cccc9673dfd56ce475a79be2287bd53d67e

SHA256
dbc321acdb449650e6403b93659982468f9973cb76245ccb88d265757d3c0caa

SHA512
c44e4113157db9710e19d28a1811b47eab7e3c7374b1d6eb092372960aefeb9102be26ccaad4f5c4a659e14ee2654c7afce45d51bd6c8733386f2d615ffd3161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
07b040472b91c9d0157458996e0875b6

SHA1
dad16c84ffbf655c3a270ec1d2c768971ce80a9a

SHA256
9bb00eb82bccdc066e3f3fe287d0aabb0bb82ad2ae6eed5e090e8a4c043ce84f

SHA512
a4c75369f6d45f2a495fb3a77e51ea6911705100d29273852cd685b80074db32ee5c78654fb83a1cb72b5840838995c623333205045831f948fea8332d46a1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
726736035fa20072099c67da949be96d

SHA1
ab1aa1d5b24f9022c5f5dff15293cb692323f181

SHA256
77eeaf4bbc0f0f7480c86f97514c337abe6debd68c4a139e647b6951c89f42ef

SHA512
c97b8128537cbbe4f79af7659da2bcf5ad0f0caabf088fbe1c3732edb9df499ddfa5a10e3dc536ebe62a6dd5d17580a722b74a1526e7622a87dd7a9b19cc98bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
697f1d494b436f842e6bb349c7a08b9f

SHA1
199eb694668d35f3ac7a00cf0f7a82a2deb6f266

SHA256
743ed8724733b15e63ebc559a6a3a8324a5c67b68060fc5ef67194d59bbd2a1b

SHA512
d00046bac8b084b99797b71015d26fd3ffe11826cf4279a2c4a6b92c8ac04e054b98ff00fd8d20d5f12e35e01d84e7b73ade507978b7897b2346a88e72483d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c7749f89f9f8780fb8cb055e2b8e8ed9

SHA1
1ae57f76b97ba38fc395f6ffd10a07bef5cde8a3

SHA256
c655dca3b49c9f0bce1f57350ee670fa78e1854f8f59af1e4cb35b077f404897

SHA512
5268a0cc9b9a1ff0a6049fa771a4fc675b2ad719149478553c2da55661e671c93425fd716f3ebb5a34454056e9392eba13b2c3e04b375bf490f9e6bdb68f38ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed98cd3ccb543643086e78ffd403323a

SHA1
c55f7ad60e3aa74295850f06902bb7792606c48b

SHA256
42157c2e4fde223799767d1382ff96320b6e92e46235cb1b18ca840a63c2eaa4

SHA512
916c6bada6ac68fbd7eaeca333d0c4132ed283908861afc17b961c42393399f6101c8157ae8c0bcca7101df3ab8a024f73f473d89c8e78fb761d89699033f391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b369e1f34d8e6b3e99f5da97aa1c6e9

SHA1
f795e7f5dfc237ecd3e65e1751b2c51f9b935bb2

SHA256
b2c108f312956bca962ea65fc384e3d5e424b2cb86c807650a3b0b6f40dc0de5

SHA512
e6f5eab2a07d05bbe7d3a7533ad5e26ea8c19c0aaa6b086145f056d512ffec413cfcf1886584f9751de65e1bcfff2ff2ffe8155ac7040ada1830af661fc92e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c252f099e551ddbfe814dd09ed0428a5

SHA1
1644c8e42ad43af02ef77722a9721f41165d0d3d

SHA256
1a0e5f39b3e7fdb336f5085148f0745e4c3a8d2764a1864f0e08da2efdc51d2a

SHA512
877d2b5429b041af3c97e1d645e61de18beafefe10877d27112337a913bc8dfaa7d30803c8a265e352c4100717277167e9aa5fb2ab6136405c0c19ea2a468b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dac00dc8a8e8e6f595f04bda29ddb86c

SHA1
faa92f2164202ff43b7fe4b4b86573e397a35f7e

SHA256
7ccc183f3e815e3de730dd01aa841b5767b698e4af9fe25ff6f136b83b092697

SHA512
2e6eb4014ddef94a6ddbad7866594fae8b3a0ba20d1045b01b8a90471faa824e05ed10cd01ff72954086793971aa889c6a2a121e81500ba3a01576d642d5cc05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583747.TMP

Filesize
706B

MD5
0f8859375ae861e3f8d84ce6fecebf75

SHA1
ffefcb0af1dc7556e9f7e11d8cb28d65d7f4779d

SHA256
1bce5f90e95549f6078059639a570a1284ef11171c3369d54be73a9a8e20b003

SHA512
a03c86bbe883ac83f55132d72da4850297c0af4bc1658218bc61c797236f827714ba56fa8492540f0de2797e0ed85dd4cb8c6cea099147a6b02a2e5d6cb685a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d237cd63-483b-4fe6-9109-ced9fad97368.tmp

Filesize
1KB

MD5
8721201836a02f4975543c062d764d0f

SHA1
84fe1277ec2d18a07e904b322b1103bec7c24922

SHA256
cbb12e4281687f56fb7f3b0a1631269b190dfb818a6876e3f0dee1c6ff2e6672

SHA512
87d115c67c2f7cd054976b42d7e5e8cad60d0bd9d62026566a5969b73a72a586d4276154b0e511f8bfe9aa85625b1c1259330c8557db63240a6f6f4f9c8b87c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f48b2e64f0b4b769b278bb917e5f08d

SHA1
b6141e98f90e2ccc516c274e6c11641eea85c622

SHA256
ad931471a7ab243171c599ea4331f4f7b61eca4385adce6566bd683b9ea7b38e

SHA512
b7e69d5adad8bb595ac6d2a01ca6465fd1ea4c39add5b5bb98dd9d5aba577ed44d3d2b2f4c99fd0875e62e93d872fba2cafae4652325cb32eb130d5ce0d45fa4

Download Submit