hxxps://www[.]roblox[.]com[.]bi/users/5445740091/profile

Resubmissions

04-09-2024 16:28

240904-tywyqsvdnb 10

04-09-2024 16:26

04-09-2024 16:25

04-09-2024 16:23

04-09-2024 14:19

Analysis

max time kernel
145s
max time network
140s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com.bi/users/5445740091/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
3224	msedge.exe
3224	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe
860	msedge.exe
860	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 3196	3224	msedge.exe	78
PID 3224 wrote to memory of 3196	3224	msedge.exe	78
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 1660	3224	msedge.exe	79
PID 3224 wrote to memory of 4360	3224	msedge.exe	80
PID 3224 wrote to memory of 4360	3224	msedge.exe	80
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81
PID 3224 wrote to memory of 2968	3224	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a2eb3cb8,0x7ff9a2eb3cc8,0x7ff9a2eb3cd8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5a02f75e174abc7f833dee6307d5bf0d

SHA1
6197e9ffc2febb5c27b233afaaad496b37f0cce2

SHA256
9b79be6dccc77ae6b9dfe4afade5ff7b87c4f31c373ac92900c06fbaa623c96f

SHA512
2d70402d7ea85b3a3412ed69fcf8d166c93a95391ff8d1ae2adaee64cf3cb25cc563c80634ddfb4bccbedf7dfa5f9844183dfa0a3f918557927c247cb85f6659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2980604b78b18d09e1f29769ed7e35a9

SHA1
eb1c41863ff48dec8036d162c0a9e2f88d3e57e9

SHA256
e93901cf297a18a73b6f5fbd659178662889e684500fec8ad0059c020aa628c7

SHA512
8d7e628d5c3cc855f6afaf63a69c38b3481276641172a7a85e6aa118ae2e63e1b17419a4c29419eab9c462268fdd8b0beb12d952c8b05c9d42f36bd9053df7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e8fb3639dcf27ec73b74be2d7c272952

SHA1
cb7897edb5f967850b791c1f197aa596b0c7cd8d

SHA256
f9e2480a1ea19ddf0cfb6c0b75661c22a69ef12412fbea64481a438b5f7fe56b

SHA512
cf4286c5f38e729e971d759c8e04d0feef2789f504e6bb5ad0598c92c3f26d90dbc47fd2a74faeac10bf79e7a61490fb5ad305e603956bb806a52787b5a55cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7824c36b50a7a59085cb0df6524dacc1

SHA1
5cf2038fa3881089a8ec3d8b6fc8e9365e003546

SHA256
b8e31a6b10b28322f6b0d71fd764dafb8af9dcc623e433a57ca3eaf439124cef

SHA512
ce858d5f04d49c2bdc4d6e8462b33d2937ff6200b61d5692d06d9c42f6a96ded2892cdd3b2929af16131ccd2cc3f3f7daa614f2dcd1898687cdf1765453e23dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7d3cb330f538ff3897c4764ecf42b1b

SHA1
f7087199f1b1982c9ec7aef0e00211f706d50295

SHA256
8e121e7a4813127bb2f7639e48d16bd2a87051ded1a52c8aaae6ea4dde37ded3

SHA512
50131bb84c4f3975284d0976225b8bd453607046fe4c7dbd1f1e7fb9ca7bf7d5c5bf68eb36510164cde1b90da20ffad6d05ac291c67161655bb14a651c080e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07a140aa58eaf77c388063ebf8612f88

SHA1
694ee12a258a376fc8cc6eafd9bb174f540ad399

SHA256
60664e28273d7e5d71cca53cee512bb43b3ded64fb8649f7bd798862e7f9e2af

SHA512
4a7f181e8bd243fec00d5693bcd86eeec766dbb7a6e9f577044de1e64e95ac5de11f34b9b7ed6f461f820ff1b2a50863bc93876805f7b94023071719f37d6461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d51957f94f713afefe81cfc43ed5120f

SHA1
ebf58f56814aa225d1ebbd49a718680ab04cd485

SHA256
d017215453c4915c0c037ad0546e642e1ba15f4a5348b1f3f93b33aea8e0e1f3

SHA512
57d74d857f8f69cd4123b4e3c43cffebc994e33d8d9a2a964ce712b84ee10f68b049ac3e43f29a9378d4f441c975b0d3d3949ca1afbec45f98fe11b51684d769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae51.TMP

Filesize
1KB

MD5
0794c944c8b41c1371ea4cf1b265964f

SHA1
26869d7f11b129d003305141d513f8fb20e385e2

SHA256
3485c8b23b5b87796b9208555a68bc8da85e24decd8a4b54b6e900a1cad32ab7

SHA512
6b0c99e936f5d292f6e693b329851c5050e94828ac101138c76ac5f4206255ebc7c6d5d79e56aa2dcea1b6e6d642c8ece051b55954a29d2a38e138d9d5a5165f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6b54e439e7bceee74b52cb10f32b8dbe

SHA1
5eb561e3ffdd2305df7627f6ae3f75927eda8ed4

SHA256
33f1cfa3b60bdee4ce119c0aaff39a7a6264f37eb03b032d9094845399985852

SHA512
a98b155a06c3666b850b6fec6e8415055467c219d15a7c22094eb4a5d86a0c12fb308ff5b3a442e71c78f09e32eace939cd6d9f619640cb4a74f97d8c4263319

Download Submit