hxxp://ro[.]blox[.]com[.]es/communities/7364951470/Bloxgain

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ro.blox.com.es/communities/7364951470/Bloxgain

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
216	msedge.exe
216	msedge.exe
840	identity_helper.exe
840	identity_helper.exe
5844	msedge.exe
5844	msedge.exe
5844	msedge.exe
5844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4852	216	msedge.exe	84
PID 216 wrote to memory of 4852	216	msedge.exe	84
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 4708	216	msedge.exe	85
PID 216 wrote to memory of 2772	216	msedge.exe	86
PID 216 wrote to memory of 2772	216	msedge.exe	86
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87
PID 216 wrote to memory of 736	216	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://ro.blox.com.es/communities/7364951470/Bloxgain
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18213215873774807157,7822733411415136520,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
395082c6d7ec10a326236e60b79602f2

SHA1
203db9756fc9f65a0181ac49bca7f0e7e4edfb5b

SHA256
b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25

SHA512
7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27df0383d108b2d6cd975d1b42b1afe

SHA1
c216daa71094da3ffa15c787c41b0bc7b32ed40b

SHA256
812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855

SHA512
471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
105KB

MD5
16972e03d2bd4219e478f7da13b187ad

SHA1
31fdcc4d146302e809628b21013a59042e3671fa

SHA256
5315862acf4a902d55dbae7d292dd70616fe9ad76ca9eca9ecc85d776824b59b

SHA512
42cdf24190b588812987201c6c7741ed937a23b8d306324b56a9a07416a8b59fd0b34cfda6b67454b06ad1c9a03b9f99f64b5ecc4f027f8417e4259ecff9963a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
00bab98122d43ce20503575d7a7f9e72

SHA1
c3b9863440eff71d28effa689fb7960fdc1ac503

SHA256
3c910b95a29a2d573392f805b3711744271c86a2e648d084070966b05da3a494

SHA512
9058c800066a60a7863cbc2d81aaff3f890dbc3cb58e647fb6bd267c08a8fb923aa8cf06b513d197ec239af6fd95656839b14f7cc98cd701284c6b841d001407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
82bb42eec6a73b5cfe2295e077caee4e

SHA1
6d39380e0f988c7df08198355bf5875a540002f7

SHA256
c16c10e4c5a97ccb081f3cfdb131d2482fe6f8b14c8469c121a64c049cb8cb60

SHA512
601e15ff2bf1ec50166fcd83386f55ea55c6796a63a06870fcd6debb5ee5d4f6ae9d710ea36e589a02ca16003f296910105f165c603af8d9eebc482dc9db5760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c92cf1852afe6900ce817cebf713ce79

SHA1
615cc04f39cad1c8ebafee5d134e51d06afe6510

SHA256
11c14010507b9877e0f796cff3d4577f3b8ec5fc624b7fddaa92cf70a8d45285

SHA512
131ef5e3843d1efc54e6e9618da4dd766066881f26581e4475cb3fb85d9aa236c077fa2b5fe2b597f3e9f193fe465b7ab98f8f37949aa1f1a97681204f33a1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f277ec2a9551bbe322f66157c46fa5bf

SHA1
dbd2767ad1a785e352676c877d530decae0026d0

SHA256
c4e250180b602e5657e405ddbfe4671e9b475e65366ba6725d6c1c9824ab95bc

SHA512
56a5061132f7ea2f6dc186383394008797f053b25b4c4690a6405aaed426c1b1c86c52a482c2b67e77f8aa0d6d67dfa8d47d2edde62aa3945b079bb1d05f61b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
470fd44055bdf461e992d24f13e3eaf8

SHA1
ca00906302ea553353ca78763aefd37bb61b5dfa

SHA256
bf71a53adc24bfffae7d57b6b9f53a587366836f7aa1119502e235115e306f43

SHA512
dbd44599ee1aef7cae8c38752a0e63348498040d13dbc83bda1dd371a64aa31de3c6df9494ebb9434238e217d05d5831ddcb9667b87bc4b859cdb1d697337531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2620cdd3353159f61b5a1d2f0aa70b2

SHA1
6b72125f08e4a72ab02a8df241db81f4ea57ab6b

SHA256
4eb69736d8e5dee2a8d15234dd856c8a1c3a7802056169f9c4f031f43a164145

SHA512
cd7a2f8f773b375dc5690e2b16062a2145bf910846ef738cb3f4413a2621d27d43a72be8898b9f01c0e35128fbc5d827aa469a77785bbbe852285405a32bd794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5b5f06eec4785d75da5ef2549fe390b3

SHA1
7409612c919e657d1d7ff75c92d6d4ae1bcf0cd6

SHA256
2439ead69398280fd9acda0123a790d6c0c2371b3e609c3322745824cd5303e4

SHA512
b2284b65cdd8ae6b0e1cf528625a583d76f93923904d9ab4cb77f2a79ecbd397ce35e22b424f860491c267a160e09ecb535e6a06aae515121afcafdde488c41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c111ee087b3bd6cd0b5b62e20b4a0b0a

SHA1
0b8ccffb5a13f2686807d4408f63d4d594bd6cba

SHA256
2650d75ace8bccec87db6f0b5f4713906264043c91e4b0ded390919d8f736dc0

SHA512
8c7a734ae6394f994abd45b13548c7adbbdc660ab98a29b0172169b19f8e94d311eb7daac63870eeee6e800153a2cf4e87f16ab59139b282a47a5bd66f4a4012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
272cfdd153cd032c0c41f7735bfce737

SHA1
434ace0ac315d073be392a62d1457c6e44e0303f

SHA256
3d3db0f45a4f47088a5ce0ad8417af3cc746a410202879a2296bfd3bcf4ea89b

SHA512
dcc79b59e1b0894370555cfc6174e3895e83f2dc495a9dc44ce8abba37b26c2203e591155212e85d9f57a8f8849152e4b5e196c38e4f36dfcee2859994c3b48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab855a352f7cea6da8b6b8a772896985

SHA1
cefeb393849dd2d3a6e9af23b50ce92c087e0dfa

SHA256
37a6ef6f73b82dbac9ff69c3713153993f8987ef59c9baacf9a4d7bce5e3beb5

SHA512
ab718de222a114eef62c6be6b15b70c602a537cefab1bca1b75d5e1a0f19808afb468c9c5d51b2bc8843d5deb19903c6e11a6222eba47469385c2fa17b0e16ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9a8cfdf3b1c88cd04587ab03f1b0f4e

SHA1
046c5fd19d0caed05d7c582a34ffb24a51f64d0b

SHA256
692ca6a7e70a7051019be0e29da27e836cb2f48abee8da5f4ed776d3da3be3bd

SHA512
78982cdad38bd5286cc5c1a96031ac277f6bae166b510ce7c2217f57d0ff5a39e4d408d0aaa98108467baba46b2d745f2c9ea1337ad6733b56d3b51f22238a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58242d.TMP

Filesize
1KB

MD5
6616f83231a394335299364a4a295e80

SHA1
4a0d5eacbac6013b6f7889e4235c490215ec2bcf

SHA256
5bc2f34bda5071819bf906ef16e3d9d555ccc20e3aaa67d612b007543d17a5ff

SHA512
91a2dfc4adc1afb717966066cd06b232a51a749346e83545ff1db94c840eedec1897860794bf728654f529a193c91f726348e63ef2db895b1eafbc1d5fc824a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d09f553b-fd5f-4d3b-9891-af46e5c7e1e7.tmp

Filesize
8KB

MD5
54abdb51437a79e6bec4717a82f2b292

SHA1
32e5f035af2b96535d84c96e99d9bf0f9fb5ae53

SHA256
c3ef18e18ab33fa68b9c24d3f80dc0debe9742cb1fc0654c378440e146391915

SHA512
9095f6ed31d525e3ee898ed6ce181085f55dbbb1509cac8711c61ab947adf9a612501f58771cd5134c2b85858c37ec402681a207436d3f188c428a477b5294b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8cd71163abbe37b1d3a7c41bbd445e5d

SHA1
4ba6e7bc4ae6a95d8b5ad7ff511b2432803751e0

SHA256
e7643beaa9ef88fe80e38dac48763fbc24df52e6710a60aada75f662a7038212

SHA512
58847161b74c3a00d95df99a0833740dab13b318e0b933712444a9c2b7f8b5e435ea5fabfa018a2f604da5e66434d48a497805cbab642216361dd1a0c5dd2e87

Download Submit