hxxp://r[.]oblox[.]com[.]ms/communities/7015401807/BALANARPLAYZ

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2025, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://r.oblox.com.ms/communities/7015401807/BALANARPLAYZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
2584	msedge.exe
2584	msedge.exe
4128	identity_helper.exe
4128	identity_helper.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe
5352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1432	2584	msedge.exe	85
PID 2584 wrote to memory of 1432	2584	msedge.exe	85
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3808	2584	msedge.exe	86
PID 2584 wrote to memory of 3740	2584	msedge.exe	87
PID 2584 wrote to memory of 3740	2584	msedge.exe	87
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88
PID 2584 wrote to memory of 1412	2584	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://r.oblox.com.ms/communities/7015401807/BALANARPLAYZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe83346f8,0x7ffbe8334708,0x7ffbe8334718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,18402671601241331714,5377716273155068643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fe6fb7ffeb0894d21284b11538e93bb4

SHA1
80c71bf18f3798129931b1781115bbef677f58f0

SHA256
e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189

SHA512
3a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1bed6483de34dd709e03fd3af839a76b

SHA1
3724a38c9e51fcce7955a59955d16bf68c083b92

SHA256
37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596

SHA512
264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
e6197858cc2e41cc036c116640f49f36

SHA1
86409cb353d47498f50940047318dcfba6f31ee5

SHA256
10a4c77213a768461326d667d34459565769f5344704bcc3da96ce2e94a3032a

SHA512
133f4dab3836e410a95fcb639f06c0b48baaf805a8365bcdc9c95b97e03fd8ab568b743fe70469b0f289fe2cff496f81ccff136eb9843b8cce82597828bb57ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b7ee9573203c26acb7afea13b0e3c61c

SHA1
d985e4a0f9ac30c103d2971bdfdad9f862cd184d

SHA256
1bed226e35ad23b6cd4da5677e212065e062da38195ee21ae09b5445ff064f2a

SHA512
839b789c3ea84403fb1f956e177bea7cbc5f0c1b5bdea59c73a1176f0975f866fb1ff852a6708e1e5fbc2045ed7a4fca66fb8f6d5e84802dc63504d5d816f27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cd24671fed5f039313169cd5c2947a8a

SHA1
a5a0c65546fb80aef185e8008a7c890c6dce911c

SHA256
f4164721f8b7fb4f4428082c22bb54b7037141ab49638125c38806f95cd1668c

SHA512
44af3c0cebd1dfe1cd47e10ce6b958957b83a31658ebf4ec4c59f30c136213da1ea7602f011926eaa7dfe972281fc8e87c1dac53b7c023349f6f5d1c3bc894e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8e77a727e9f40669afd7f02da349eba

SHA1
1da5ade5815ea52b12067c33f477762736224af3

SHA256
49c923b80a110b3e908ae6f123f961aba9ea12bcddb0d818d6f27ad1f3deb489

SHA512
c71c964310fd2321953bcef65d113ff7ea1509301fae188286d59e7865baf069f0ebdf546463de68d45f6705a3e8641e1dd99f399c36f5f7c821e1fabd846875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a921368fe51389fb869bdc16eeeafd3b

SHA1
7e450e1c406afe1c58e4f2de1faf9f11b5e81162

SHA256
17365659cd3dd471d47da466e407e07f08b150d61471ca9ebd58c1f35bb6a550

SHA512
012b04064a2c932b7c0236097bf489711d974e06f7ac56b0577d32e174eaf2c626f7dce6da45f6ac99395a5aa9af82e053b265f8e8a489c5991bc6824683fcbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f246c7d719139dcb125ffcc645d48d6c

SHA1
004642767c4838341a7409bdf34942eaecdb5ad5

SHA256
1ac9c53c4fe33cf2b39d864e2894b418951046f99e1d7f710beccc932ebb96e6

SHA512
6827f88e96609b0af72e6a39d7621cd01c562ab47b356686335cd8bc2277d8dd33d2dd5df5841dbe0243522ef0cd625368c8d864a72e03a543bbf6db7603b71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e7a1beaab051d5e3cec4cf0c9d1346b

SHA1
86834fa423c0b7769183007db58cb3161efc1e40

SHA256
3bfb026a64bfdbe55b3d587d1169f3bf2f70cacf2b951842e84d1b89e7204da5

SHA512
775e20df936c84a75cd0eba052a599b873a61243b729878da01f033b01a442b0489fb21bfb83c71cfe789c5bb3b9aded40617640608b8af4f09b7f7c4c3cecbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad76b70fbd49fb0925dec72b2ebee65e

SHA1
96300391cc4762231d270121b63efb44ef7d867c

SHA256
4535b712e581db78c298090637d33b43c72445fae08e7c63b1f74ec608023a84

SHA512
967b931f7e41b7bd9df8785977bc8ca5dfd0588cbea1a2467205a6f6cac4028a3abafcb3d4c7836635d68dfa052ddefb685d8cb8a9db3cea6e7762c26a5668bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b15d68d04e67208adfb5c5f45610ef65

SHA1
f710e609494de79f8b39b49905ced09df29ccde2

SHA256
162c65558660273fde83ef269050c01f57ec94d1eb2745972a3b049716dc6f76

SHA512
36c7c3f09513fc6bcc08a5408a40ca95a3f1b85b96c3940a086bd5cf4151e0b828d47005272432082bdf0d7a3b5ea2bb235f0086c8770db270f6689c6d5fbbdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5c02f1d1d1c9fb40d84a977b48d76d9

SHA1
2bbc0926e58e6d89ccabcbd22d1a59640f0e12cb

SHA256
57f85290b7673ce6443532f24a5bbb4cdb083a9cf1442c3330d7349a9bd3c593

SHA512
e39ff9f7464bbf639acc0bf6527c17e8d9e0c7e6b785d6d04541e0670553081b0548fa1761235b445bb01a65537ead9ab05082c45481b760f546e768cb2d85ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78e8149fc12244f72fd8eab58c425b02

SHA1
ea6f21c19aa20120d04cc2cbd687942b98d48b6a

SHA256
129bfd72a0905d99063c0eb227054cc871392d004c5a78662cf12ede46189c39

SHA512
619f63f1caf55be8807705b3f62e0a70a4b86c4edbe1f2a0bcb3e8d938e8e689b9f1bdb1ba989327915d8243d019cddf3bf13d889ea850f73944ea46c7916f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a19e59241e543c8d1ad67b39e7fdf0c

SHA1
86bf38ebcc3480c69fb1b437273d9ba16110e757

SHA256
512fb7a243da6d5ed05ecfba1b22509fb1ceaab97a3341a5f81c76f4c363db8c

SHA512
d0b8937408b58fbf2dd0c1978cf71f7adf93e79c49c79ff4d432bb7ae6334137a53a4e8955363582f026c2b229538f089f4fa503e5109efa0369913ac05a8785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bdf6abb2b9872874eab6d23ba093766

SHA1
5ad998ae9550c9db0caa1dab32e3cc916d023f63

SHA256
76c11acd0131039a9040b52d3d26184dc2b584f5c3d392921a69083704715c20

SHA512
20367a6830ab1154b88d964925502592563e9ee4c1781c0084217e033a3b6fac62d81a62b980c7a7ab36203fcae1da421600ead156855d774717d776ed9c11f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d68a.TMP

Filesize
1KB

MD5
f85d2bde5b7e147b2d1f31d692b73239

SHA1
8eff45252470f0c5ee2f40738d8e98ed1b4e8588

SHA256
b26b462763d8e3629aca8f5999efa529654e88aca1d72033204feeb52583cd12

SHA512
fcbebfcf15bc853abc19ff7b9738fa6296a03b325e3484604cf2aae01ebce383a7c9fa6f310c111cbcf26742106631d7dbd9417d197824103529e88214f93ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30e5f7735ba3dfb2af735b4e2e47d2a4

SHA1
27ba001fb1fb0e0b821c0e0e121cb6b0149c2f04

SHA256
bf5111f81d17a113812a479a49bad3a972f30262ef4a1c52ca1cf9eecc7c3587

SHA512
6786a72d36985d9a16a1b10b2c20dc39dddbb1e37d0d4f32e2ae5739fd1845d03da9355e36227fc0baca52bff4e40246f20aabb27b85eb1173226dfe94eb8672

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit