hxxp://roblox[.]com/login

Analysis

max time kernel
1681s
max time network
1688s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com/login

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
1956	msedge.exe
1956	msedge.exe
2736	identity_helper.exe
2736	identity_helper.exe
3728	msedge.exe
3728	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1116	1956	msedge.exe	81
PID 1956 wrote to memory of 1116	1956	msedge.exe	81
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 3876	1956	msedge.exe	83
PID 1956 wrote to memory of 4696	1956	msedge.exe	84
PID 1956 wrote to memory of 4696	1956	msedge.exe	84
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85
PID 1956 wrote to memory of 4824	1956	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com/login
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3f483cb8,0x7ffb3f483cc8,0x7ffb3f483cd8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,17252413639469557460,15628042467621592866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f3789aeaa2bdb411da30099c197e8428

SHA1
d36b19b4d3617e9ab32700ec610e1cb2363df60d

SHA256
01ae30626ef7cb2064374a447fb89fabd7c35897e43aa74ac8c2081f486e1e04

SHA512
901a3e55f08e0cc153d8229ad13ff7e45fb41b255ddb08a837d8ad431cef24269b90453a87cbf187b4eb35e6c0d45c49455956ea7a78e9d266e2c52769086bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
b9b5c8b760dc6db0b5a7b1d62b2a36c2

SHA1
14b779ef296d1a1e1b31db915885a99bde856fe5

SHA256
7cbfa8bc9ba35552d925b29df450b76fb94cc45f6815f8f5bfc493b1570f7b2c

SHA512
fe6ae2ebcd56df523bf8395bd20b62c57bf8ff780a86acbf16427b7ee69195ef7c68b706125aa08292c47e2590b170f473a79115d832bd2d9bded3c273e003b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60ea3210d9dc983dc37be8dabfecd77f

SHA1
a57410c9f76c58e7b4a20ca4a30f6aa4073be4ee

SHA256
152d61b9b73c1edb5a8e1553883d95425d73e44d8881c9ae772d69feb962e270

SHA512
1e4541a3ae28067e57464720db283e66203ce869e6acb3b8bf2861e3acd5170cec15985c5bfa43ebe82388448c492659868ea894716041d4b02cab767190c4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53db241617a46d60d7105b6e5eaad946

SHA1
af8c3731ec0b1a6c50722b3940986285b89d16dc

SHA256
fbd6b74e09a15c7c7092097f03f44422bda45cf7f21d0ef5e209c30cda452fa7

SHA512
4603303eaa5ee489fe84fc71572881d328be0362a9608e123575032799d9b46d941e3fe436525dc0ed49b9cba63cda9b723e6bf6c3d56461bd042ca8a77d8b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6c67de96af2dfb4ae99ebded1db44c94

SHA1
161343d9c351b5b6738633ebe411e430a7818cf2

SHA256
7f391f8221f0a142f133b7a105459b42dc664c2273a3935ef2803eae7089c593

SHA512
8c9515d1c003e558e86329a1ef4432a335a74c8185a6abad84f9be01b0156505fc08bcb1084e058ba9ab4258f99a71f14a9e969127cd4e9de08523ecd13287e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
165f1d070288059973b172bd7158b177

SHA1
3cf707061ce95e44e631118b296ce83289122730

SHA256
c44d43cf012e08996add3f11643eba0a26362fd22bdcfb43e2dc5a85597cb0a4

SHA512
6b319bd432912602394c83273877e3c643d5a0b29ada4f4698ef485060fd3ca0762034143cd323d4661d30ddf6fecfffaacbb7be34643e8899b7a980b2d62490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce5c.TMP

Filesize
1KB

MD5
fbd0f65512f42bf003f7c2159a8739b6

SHA1
f16bc778e3bc4bdff3bafdd40727b719e67815f7

SHA256
089cbc6f1754dc8c89879db99799f594e9c6e4fdaffeb2a799f38e08aef7b092

SHA512
d2b706e6e03cba191dd0a747f2858432efe39405f706c9ce1066546d7081a579e3706504a161e9df8d8152f84e2eb1c1e578e11ec61aa0fb575999c2829ff9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b36a65cd-cfb1-45e5-89fb-3efacbd7a065.tmp

Filesize
5KB

MD5
c7a345b34a8ed431fcd345c27e2d18f5

SHA1
cd281d9cf59ae023d5d6ceaa4f344cd90919f961

SHA256
d5661cb90b644f189f9d365f88e2eed1247421b9eff45e9ba77d58dbf779daf8

SHA512
ba78002cdca67c0ebc48ed14a1e47832bdf3c566a9f50cc6b58c2e97ec7d03b2e03bdd91c291fc0d9c4ccf261b61eda4c3628e7a468e971dca026b93e0770a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d2afae81e044a4876b33ff5496616fc

SHA1
af431308b9d9c9ed5699d9e4d6ca1327aad6ea7c

SHA256
3f97e65213123b4a80dcd3f297542740ea9a1fe04ec7e28ca07d6f251a5f8aaa

SHA512
3f27d7cc8d7c78148a7ad58347e93b49d2f7ac1fcec373b014a26fa3e71b67c4fdccb181e642587ba7269529ec3682ea0edd80bd3c55341620c9e835ce48fbeb

Download Submit