hxxp://Roblox[.]com

Analysis

max time kernel
43s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:20

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://Roblox.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
1756	msedge.exe
1756	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
5776	msedge.exe
5776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4300	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 3440	1756	msedge.exe	82
PID 1756 wrote to memory of 3440	1756	msedge.exe	82
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 4776	1756	msedge.exe	83
PID 1756 wrote to memory of 3216	1756	msedge.exe	84
PID 1756 wrote to memory of 3216	1756	msedge.exe	84
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85
PID 1756 wrote to memory of 3688	1756	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe1346f8,0x7ffcfe134708,0x7ffcfe134718
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2679316576132321928,7007867242464704315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault64c0af76h807ch449ah8886h7182d7a2e969
1⤵
PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ffcfe1346f8,0x7ffcfe134708,0x7ffcfe134718
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4450175914938330232,1556549720218576472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4450175914938330232,1556549720218576472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3954055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a078fb69afcd2b551362f817ff88b752

SHA1
84fcb9a8772baca90d25c468047562a7fbbbfbfa

SHA256
f8ff681036f889051f2acbf41dc234b26335bcf3e4242ca8c24486b82cbf00b9

SHA512
4a32b4edcc1182f322ab733c83b30e9eb66d02bb12c82bace53277069450f046344ad572fe30576c086d842b0992f44f5dd72e9567d3e7ceca7d99c4df6e60a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
17d5732e0512d47f98d5c3909dfe9680

SHA1
54fc1910453731c4512ba7e73c9b7e25bb43774b

SHA256
cbb54bcb21b2bb0790af9d2effa33a801ee5d968b29be255f7ae3f4e95251117

SHA512
842b84e6ad6a849d9451302bafbe3ef226088adbbeb8e3731a47a030ab121b5ba5d99b607ef0921a839a6857c47090fff62064535fe72876f5a23da2e1c86dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
466d6f7dabe11a1f06ff350041800d42

SHA1
2985a3c3bd2c086b7326dcbfbc2084ea24fc6aa8

SHA256
3645145e06326f7ec6e80235de254fbd95c0ab4d58294561ba0889d018e0d064

SHA512
f1e47a9e6c60b4abcde0a4fdf397e1c180ace42b13085f92089266745007812030b32790b655d4e01f7ecfc8eb9b41165b7fd7e99039490d0df8e48125f40eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96abd3d1300fd5f4ed3dc97f0d89f5ce

SHA1
6b988a356c931ccc38087927ed3d2a68a8da1327

SHA256
a9743e93e4aecaaeb412a6ad7f7ce3345b76222581860778eed3e0db08412cec

SHA512
d4dbfa9a234118a3db0c2a20ff8043129825cbbf74be50eb4b6c246569a8efcb3fbf25382ce070456e7ddcc9743e8b561df11191df8cbacf2f5c08694f3532e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f948d398fa1853c18db1bf791df32bd

SHA1
9943952829a647000124df9ec3f09ddc3d1fdb1d

SHA256
6dc0e94295707a855514940b2ec1bb8cc8c8bd71449cedbab307b17982d768c5

SHA512
b77cd7c7ee9220ffc033931812fc533edbc9208cb30fc06d73428427bd304b2c2aa4bd4f23952cc1e72f4c899b38763406bf0ec9e9604c8d6673bece2d404f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efbb0e2c12c17d01281fccb721b9a9ff

SHA1
11d1018847e75eeb034bc7868d0b30140cbda240

SHA256
81132efe32a5c552d59e3a51dc944c1ea92877dc017192e73d5f13b0d221a89c

SHA512
c680308aa9554adf029a917ef9619a077d55c8a6b58c5230a985573a3cfa831a5545d2af9154ecdba2fa73eccbe26c380315644935b81dc7f3d01014a89c2b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811ce.TMP

Filesize
1KB

MD5
0c9e25a8a02f693a57f4094f2eb60500

SHA1
45a18b9e2906c3789fb2400b2a04cca4bbddbb7b

SHA256
caa1ade032135b76b44384a2d79a20dfff7bb026f12868c1f8d5fabc1257d1cc

SHA512
97979887f335971f19e94bdc3013e644d32bfcffdaae00bd552716e59a6e6c0fff49966affaf1ec9bd668983cb07d4a0c9794de5be52c134e1d49cfb0365fb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74faf6060eeaeaac907c9cb6c8dcef5d

SHA1
83a61bfd81b4bb0c440d2ed5834184dd7cbeb6bd

SHA256
ebda18648ac264d95ac2f8348afb75146a8367a1ce749628ae0790258f827920

SHA512
423349598f6028fcdf30a453bdde0841a2c3780b08a74db6c5371bda650a46b393e726e738e0260d8b5b8a16f13485d7bb8719a385717a8f700e743f7feddf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9055689009f9b0108e791caf6575d649

SHA1
ed9c6781c2bd64b586b913e0cc00c7ac2b2dfdc7

SHA256
b1693abc439ed1e571af063a3e031205798ab92eed99b6d104a6cd42989c3f4a

SHA512
7859127f34f8849fc9a5b88f6c666062a1804c49933bc4305e158e40df255c6008490da751abce0fe6392a3e55c85b22193b355a68a134bcaaa729e7fdfc34e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f99f0b19d95c5208bedfddafa316d25a

SHA1
43ff9080344c9b5101bc6805983512bacbed3644

SHA256
0aedc31cab1387cf774ae13839f8b53f23f52fe93474bfc22a416e6a398e7c4c

SHA512
31a85440566c8f8a76971e2e2c3045d501b00ed297c47ce088fb9f853bb2a39a245a07e041312c55cebf0d0073a29ccf8d0e1d6769f2ddbdc43b4bc8bac5e65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
408d474fe0569af6dbdba851d0d14ca0

SHA1
0d20dbf3142d402e16d9f0f39a3440ca3f0f877b

SHA256
3cf2f5063098de2c1ba792472a649337b8e1edcbd585c486debcd861deb5e6b7

SHA512
e4dfd7a3d66938c5a5fe00dc65bc6f3f5463e226083285b95e12b90d68f81cea4e05c153325db67cfdf5cc9b25f04448503e0eb71e730217f49a033bfecf3cc8

Download Submit