hxxps://www[.]roblox[.]com[.]bi/users/5445740091/profile

Resubmissions

07/09/2024, 16:30

240907-tzvgasshlk 4

07/09/2024, 16:29

240907-tzarwsvfjh 10

07/09/2024, 03:56

240907-ehft9atfpa 10

Analysis

max time kernel
145s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07/09/2024, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com.bi/users/5445740091/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
128	msedge.exe
128	msedge.exe
4604	msedge.exe
4604	msedge.exe
3444	msedge.exe
3444	msedge.exe
1060	identity_helper.exe
1060	identity_helper.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 696	4604	msedge.exe	78
PID 4604 wrote to memory of 696	4604	msedge.exe	78
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 1072	4604	msedge.exe	79
PID 4604 wrote to memory of 128	4604	msedge.exe	80
PID 4604 wrote to memory of 128	4604	msedge.exe	80
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81
PID 4604 wrote to memory of 2452	4604	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96ee13cb8,0x7ff96ee13cc8,0x7ff96ee13cd8
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1660 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,5936765419148906672,1552742937210354647,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
28bd8efa4ab87bc8a7ab9c4bcbacc4f6

SHA1
5fac8a1ae0af2ba2ac243fc35492c78c2210cfd8

SHA256
5a5d117e616cb78e8af6ff3f7d23fb56fe9c2ea73096586cd3864c47bbbe3048

SHA512
2aaf1a24a708cccda263a8b506df5a083ff6253c34881df973e1d6fe527ec43943cf149ade3e1ea1b18e7337d9b8d70ae7a19d938ced0b1670d136385df60c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
478a90592135fe34cb805d84c5e757d9

SHA1
c73896cb9f0645e0da2f280e4fdf29e7be37fb1a

SHA256
75f489301d5b11af70db0d0afafa774a221d03f18699c27a881f7bb6d87b9dff

SHA512
21da6d183618d41d406b802947352e3945f38103130940ddbc13fb24e6605be8e8c242bf42d29f2ac552d2afc5b24b07ba15b48e8c0fa76397ef7bcd5e36943e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
86b94fddba7eed40df0e68c0ec93ae65

SHA1
029a32374637a707cc1c357e985fc5bbbe698a08

SHA256
2e5314d35386fbf66eace0a6ae130882bbe181e269ae2f394bc0552ec7aabfd7

SHA512
2415aed8263f91741ebed85e5354027939c16a3dc5ef87097d63c607e9393d04d6e432cf6ee4f19a946214be190f8f0920f702eb9fa5bfb8cb9871516feeb297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1f0a1e628b91f19f8c6552116f63521b

SHA1
62564b034819bef7e589289acecb7142c0c52908

SHA256
517e2e2088a93ffd33a7307dca2b164b640344ff5117f11fd78ff9d6a2cf1d72

SHA512
ecaaddb0519b64705d698eae64491dd2525953c3c5b71b3310da7f8add2b1c056212b6576820d2b20ce8d60c81e7bde58bdc1e9bb16ba2b56fa224825c34c61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c88036cbcf1b8f20c1fac64e50f1ce32

SHA1
e8d0a36c45214a6751f95b2282f0adf3034b0432

SHA256
14b6252e11bd7db2e7babb60646c456eb70ebe135cd402c2cf1aa7cc55c2bb7f

SHA512
a9d6ae5ad410e2470af615716cee4b5a4e5851d2287c799616dadf87d964d51c186c89cb853dd508ce0a5ac7ecc48b0431ac57f89caf6e00bc77e9e22b2f4d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22317c16ce271131e895b254700c6fa3

SHA1
e7eb1b4fb68bdfe02179bf598b3fbbec5e07b06c

SHA256
17f7ebff23effa95dfb071a59f9072716c2036c5a12cacd370f20f24d88e4d19

SHA512
1a245a17d4263586e1cd0a84b672e78f6575ae26424dffebb99fd32a1731b4d80718c8a9e076b7ac3208966096f0f7e407f3804ecc95d7370db61eeb5719a733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1e667af26856d530b6e4ff5cd43d418

SHA1
5891b834ebcca7a321c7074e02d3d8408e02879f

SHA256
fcad62b2562bb2092bc96db1e53e26c26391a8e7706ad77436fc3e078db726f3

SHA512
293196202f4b5d23fb242f546f590953d356cabcc30621d41e59c9d7f0d4d788b4ada4d902f72bdd10630465276c6b962aa8167935ded4763b80321fc43de47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef881239ea8ab7b961516815554c5f5a

SHA1
ce86a4447609b57402acdedd204a0e472d5eb4ee

SHA256
2dac20ac2c1a2cb3414c2e588eb123409d1d77d8b7b5dc7e7e913a35ad5af0ae

SHA512
3b26b1d59bc240d018199a844c9fa02f27d93d35caf4b58cdd3a070aa9990cb119ea6fba81b8f3660ead1ba5d9ea371f5dc382902c18fcfc10f20008052b0d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ff6c698e0c844a992346523107ca0d5

SHA1
fac034f4f48d419abbe3f4eaf04ab4f426405973

SHA256
03e85f8addc417fbf36a797f34da2597270c220e716253f26e74a108217c9d10

SHA512
cb2a9aa11c5c13e994e1ffd9e0db998bfd340d8f368edcdfd29322376a909622de78d88e8f31539cb8d8138922db3010ae7996f7033f1c19fa239e867a14993b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ff0d47a3ddf3348f0403e206afbc7b0

SHA1
12931befa951bf7c3303bd5d325ab9ed37e9e2d9

SHA256
78b182cc38e99f579d68143d00d3069607909275858979ede49bb17088c96192

SHA512
c83f9b3e5830a1c649cb226d05a80dfbc072e6a14850aa1c831b3f3f1514beec831ef57b090e69e7d14bf0aba267c016fd9bd523719fd7f970823858b88f8fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b1c78c53aa1b47e1f24e658106cd51f

SHA1
4ee69981679112b1b46ce0904e1eb50b8b965767

SHA256
3963e7df86bc77c76dba11df5eebff7b3dbc4665c3965bf138b99d5434a4255d

SHA512
7088bbc6998a96ee32714fb80b2235ddeffb3757e7f22d8db94d520c8525a2c8caae3308a9c3948cad1f414a4030005069569601b64ff04689b77c31a6481547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f14ae9734220e33a099c32f65dcb335

SHA1
2b047e033fe3c4e31c5661958bbd4ea6fc75e1f5

SHA256
f9471213e94b393d6c3cd29c465b1174bcd2bc3851fe0ba9e3c61cf249a4ae0b

SHA512
498e033aed81dd3d3bac04303500a39e903b11b2d29bbd24b456dfde63aca9bb28a772ea7ba09d146673f0543a179596bf9b1e8bdd95ce2418c52e3fa4b5f620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d93.TMP

Filesize
1KB

MD5
f368169f580ce986f46e5ca104d275de

SHA1
305884c551090a1e549ca54ce0343daee25793d3

SHA256
68e36eb16eac238d96f0860cab83c5532ca3ec202195b6e6903b4186b535e9f7

SHA512
7c02f1a2c919d65bda310806f8a562c005cbfd20ab1d091c7dc1ad0aae6865ccbb76141de63b9adecf2dda9154828c8b4a377f530f8a383d6342c699748017b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e181a4c6aa62efbafbf1f80d74bad3ed

SHA1
e3c861f43d86e7d3dccb4a0ce4cfd51ed5df30e8

SHA256
f552a94dbc6fbf5531ef471a2daeeb7f7024e724791b61fa8928333aa1720b55

SHA512
c428ac44f83837a1fdf776901ffc10c00d65bf408a7d8e07869d35acb19b99395c49bd11387d39c63332a3c2fa45d5ac5e2fc0a7a5b3100e18389522ba08e6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
816064b9f2696cb43309e1816090be07

SHA1
9e3d33465aafe3728c02cc476918c0a817e5fb7e

SHA256
e2663376c03be25670ff047636cab54cc27151adf2ec61363fa1f9a9db29168b

SHA512
a0979cbe0885c939618cb49546384551212ab57574077aa58fc600859c2f533c18511d8e69de01fd3294e514cdd901362d206284994c3590774beee6e89f7a05

Download Submit