hxxps://www[.]roblox[.]com[.]bi/users/3548817588/profile

Analysis

max time kernel
1680s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/08/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com.bi/users/3548817588/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
792	msedge.exe
792	msedge.exe
4744	msedge.exe
4744	msedge.exe
3696	identity_helper.exe
3696	identity_helper.exe
2388	msedge.exe
2388	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 4692	4744	msedge.exe	81
PID 4744 wrote to memory of 4692	4744	msedge.exe	81
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 3276	4744	msedge.exe	83
PID 4744 wrote to memory of 792	4744	msedge.exe	84
PID 4744 wrote to memory of 792	4744	msedge.exe	84
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85
PID 4744 wrote to memory of 1444	4744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/3548817588/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff66823cb8,0x7fff66823cc8,0x7fff66823cd8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,14368619499486735673,15547592602045322971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7e0235ba-ae2b-4d93-8a56-759a320db2d6.tmp

Filesize
10KB

MD5
6f5b9466e507c5ce947fafc6d85ce334

SHA1
b27a66b36370c62d910e7e60b5e0252a2b6682d4

SHA256
4e76e0596826ce7d28f40f864115b741c484272bd31ee98a7ff3b160fdcf3a9b

SHA512
a51a31a2af1a7c9a92fec4758f1e9b486a24b79b3e3f3086e6ae1baa0addfbc30c3564a92be2d3d3755865f4048134fdd206bd3dbf5e4ea9e248d6add24a6b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d861c5f48857579b49257e556bee178e

SHA1
e74827026fd0c75a8dfd68b79d23fcdfbbcfc4fd

SHA256
9e215c7052bc23ecd26b7e6008236a822bae8e737ed040862dfcc50ae65b3b0f

SHA512
e3b3bb6629948b5c195896355c4782b795e2c6be71b9fad612ad51094d4fa756722a5cbfb6fea39e5236c9c9900fd5246cae1b01fe43b1b56c2a6aed20422732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1891e77cf78ab6d6279fdb0da64c99bd

SHA1
4c27dbb46e62b200d7eff283b29b016f21da971e

SHA256
8a9104bd8170cf5ea23ae246d64f051c6fc693ea537cce8c0d250fe2dbd32833

SHA512
42f26da17961e1790308f854e46dd22c96273cb776a1695074b449d1b38493e1d4fd67f45274a08377b3340c3bbcf0368d95d80386eaabc6de839026a9513b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c22d2bec351eff0ce1d68f39d3bd7f3e

SHA1
eba9a5f2acc3813a90eb0c44e3a8d4a2ca2fe61a

SHA256
8221ac71970865e2fcf1e6b63e3d3d3ddc3bdc32ec95f8fc3c67eb21eeb585df

SHA512
1bd598a6f960019ca7a156403a85ed06dac31bc04f1a41cca9cfbe364983a3c6d352e38e731a2fdfebc83efeddcba10b417cd0d98370e7462d8b88d1d33a26c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d5565911f8471a87b730182f64df175

SHA1
38833999a2f505db95ae5a593f767d1b16b7bbcc

SHA256
4f810f808a15de409036da4bb61250a62d9f7aa97a94c407383bf4d647aba367

SHA512
bda2d461cc0b69745013f0467e1f8facadfe6d762601aac56c35553d2a7cc05f86418920bc18ffa3a36cebe069b2f33dc4fa9d5fea4aced0c306c4c81650e973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f00977a1f15dff88f9aa91c106cc0696

SHA1
d054c9c4a4da3860c66ccebe4e44c93d5e6bcf41

SHA256
3b67e76f1f73cf8e84f342d2391e5d4e517ea02d04f509044625f7c97e1b9e74

SHA512
9f33f8df4164fb2504507ad48e2a7551ebd0e0a50d187fba1c6c1496a9b3bef493579413f49661018f933a5eb50753394fddd514bed2253687fea830720647fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c28def5b666753eefb97030dda533a44

SHA1
ae29e05b44064a771f17c5deb579d5945d0058e8

SHA256
7ddbbe9c2a18a6b2d7d7fda676e580ee6fc4cfa3b512bfde4dbb17530e71e7f3

SHA512
99225d8647a010addf70806338f6de6bd12823999610b115d563f750ea3571c40dc5da95c2c050b63db11c32793de5735a1ddfa4adef3cbd305d8b6c602a7493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65869fc31c3040e666275db6751163af

SHA1
57fa048501c13b30ecfb456693b6d9df1a4231d3

SHA256
ab312acd2228d051a58a420f75f2beb5dbd2ff64921a026ed3a1fe8a0c0a876a

SHA512
145fbd04c1652a64a148a0236d601b7760be7bb33e86a7d87a6937fd722300d269cd3cc935bdb0307773dd402edc75a4e789a9950c7eda0d896a6b6b30b7a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea02.TMP

Filesize
1KB

MD5
81a6c5033c6c94afd14e7b36c104cf61

SHA1
29785f5006b9db752b1318dc69a171bca0482af3

SHA256
7e2405b5e2ebebfde6b23aacf75d36139022da6ffa4e4ad28195dbae2b0d305a

SHA512
0d7521d8e7cd4bd31cb9fd9854d4cfbcf23f005b06d827d6e67e2cacc5de8468b1d490df3cb29ef32a32914ff266cfbc95804a543f7345c4bd59ae93b6644aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bdb5c194b1837727a089e64ffff0251f

SHA1
40fbdec60505f7944b80071f95c18e6cdd8a80f8

SHA256
74d3a2f0d0f80dc22761e4bc1f7c03e2fb52a3873ee26d36940fc69964ce5ec4

SHA512
62ca4bbd6e05055e2dabd20264ceee7e9b0e59971e626a6d6b5999153b2591f4b86a7e9f2c540ceceae99f6c6323edb837a282e7eb526e5b595726f1b5201198

Download Submit