Resubmissions

23/11/2024, 18:20

241123-wy1ysszlfy 3

23/11/2024, 18:16

241123-wwn68azkhx 6

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    23/11/2024, 18:16

General

  • Target

    https://www.roblox.com/home

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblox.com/home
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3660
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff893e846f8,0x7ff893e84708,0x7ff893e84718
      2⤵
        PID:1628
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        2⤵
          PID:1384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4356
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
          2⤵
            PID:1924
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
            2⤵
              PID:1524
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
              2⤵
                PID:1816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                2⤵
                  PID:3680
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                  2⤵
                    PID:3396
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                    2⤵
                    • Drops file in Program Files directory
                    PID:2944
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6ada85460,0x7ff6ada85470,0x7ff6ada85480
                      3⤵
                        PID:2504
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3784
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                      2⤵
                        PID:2140
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
                        2⤵
                          PID:4620
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                          2⤵
                            PID:692
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                            2⤵
                              PID:4936
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6177688000161482380,12800736264286181058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1500
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1676
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1108

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                5d9c9a841c4d3c390d06a3cc8d508ae6

                                SHA1

                                052145bf6c75ab8d907fc83b33ef0af2173a313f

                                SHA256

                                915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

                                SHA512

                                8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                e87625b4a77de67df5a963bf1f1b9f24

                                SHA1

                                727c79941debbd77b12d0a016164bae1dd3f127c

                                SHA256

                                07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

                                SHA512

                                000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                1KB

                                MD5

                                1b52a988950ab6fa94e8a336cb709951

                                SHA1

                                80dd7b05896c90c7734e7f22975f9116e92c8277

                                SHA256

                                1c45c0b39f17e28e1f7ae58d0ea61554092dd2abdb86799816409919338dfbe9

                                SHA512

                                2b0acd9577a4b544349958c1af9cd2560922607b6c8474a702590c23d065404dde9c7c5bbcfc6a7dbb011a0531dfdcc5d56db3a64c4ee2379a52fe66a8a9cdf5

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                48B

                                MD5

                                9668bebbeba0be1747ec9c073c3b26ab

                                SHA1

                                1677f073a0b37569ed4bafb8800b3ce2ddff0bd5

                                SHA256

                                2e30948943cf7422f49ec0a2cfde49f5176ff5e2bacb1e3d0c51730b350a23a4

                                SHA512

                                3805131beb9db76a747b66981e7ca9c8966cb5226dd13acbccc38bc5911f6a28776197f6b0c77531f65fd6f310bbc479a94525a663ad812113eb6a2e3a14d432

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                Filesize

                                70KB

                                MD5

                                e5e3377341056643b0494b6842c0b544

                                SHA1

                                d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                SHA256

                                e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                SHA512

                                83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                689B

                                MD5

                                9adf5ef4ac285ec14c29b44c43356e78

                                SHA1

                                82fa71a32bfd8c954eb803c4607ffd255f07391f

                                SHA256

                                88610f3dcebdd7af6bfff50a9204df05d9c848fd1671ca66a271dc8506154a2b

                                SHA512

                                827b3b8ee25509f9ff5ffc27c7d02d1574db72abe361735a4cc914cee63c22e873ff57a7ffff7bb4cac222a42bdf0394e4826877673bac39830bc2a40f79d1fe

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                4bf66325974386bca58cc0cba85859df

                                SHA1

                                7d4897909fb1f3b86b23606ce0a84a404e718537

                                SHA256

                                850714bcc14d7aa4284715a00a95329b97468b2b4521facc8b2c31c734564757

                                SHA512

                                e4cd134ab7ffae108c44a3ef5e208997cbbf126c65c2caf42b922c35253877b98744aa2e82cb0a2eb20ed7f193e050a4795271d8f817df2ec9d1b8444af6e947

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                d391cf4f07857fc199429bf44525e321

                                SHA1

                                be65ebbca735336da1b4b1f199ccc79b504b7aaf

                                SHA256

                                d0c3f38588b6f8b8e0c4bddf75215b63bf204317391508278a95c48715f2de03

                                SHA512

                                e1fc1d6f5cff91477ac94d0fb5a736d992fd5afb106e6b3de974d1d77023fcc42dec591504fdd6e7643a2898479c4aefd19900fa1dc6d3a8ef1e88d538dfd5fe

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                c945270808d8992302a6fd0fb5bf2df0

                                SHA1

                                63af456f11ac9d5f92cb46b363794f8c29fd35b6

                                SHA256

                                d9fee2da9bbea4d5bf874000bb593c6f927f0bf484e651c1eefbb260cadd8dea

                                SHA512

                                1573f362e4fdf389c3d1f48b9c35a4a84454cdd8bfadc2dd3ab4d24eafb1157b9a6e20f6f1ca81eae625275c286c47f5277157598adf86ebf25a5d93d5cc5827

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                Filesize

                                24KB

                                MD5

                                137094a3453899bc0bc86df52edd9186

                                SHA1

                                66bc2c2b45b63826bb233156bab8ce31c593ba99

                                SHA256

                                72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

                                SHA512

                                f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

                                Filesize

                                41B

                                MD5

                                5af87dfd673ba2115e2fcf5cfdb727ab

                                SHA1

                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                SHA256

                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                SHA512

                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                f6086fd687a3c40b51dc297b65ffb521

                                SHA1

                                22fc18fbc829f117159c3921aaa295cac6f8747d

                                SHA256

                                3647ca35df7211812f4cdfe27ce9654e6f95fb033ddea73b20e2842f4dd02780

                                SHA512

                                c6208cd3fb65c4f42d743bb34ca4b9a7511cb9d8343e87a66848704813783d9ab738d667cd63f4b4bb9c6ffe8fd05ede03f6c4a409f993b59d3db2ae06212053

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                9a9f702885e5dfcc9d8a02c9dd98523c

                                SHA1

                                b060db6ce66ee44a5e45f4a049cf238e6383ee8d

                                SHA256

                                693fdc475d9d8fa5927842d68c14a5f84ad93fc04c7636b6d8ff301cb1d9e4ef

                                SHA512

                                ff301c23b9ae6fe74c3ca96fdbd9fee4d4c34a69aeb5ff08713cb41362aa08110d522e3eecb5fe05988c71a90269dd0986a2159607906cb8e081a9cdfba948c1

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                Filesize

                                1KB

                                MD5

                                8f33f7d37035516641fa3e9800017c6d

                                SHA1

                                bb67f0b8a2ab93f8e21cc90ce44a362d10270c60

                                SHA256

                                2f3ffb89ac99c040bca4ae306c08d01221f9c5c789547c120a69a348a040e4d4

                                SHA512

                                0fbe99c209be616fb4264c5c398dd04975b85b9dfa739900e4b49f48e29e96f7b5b27e23582b59f7b795007ec3fa8b87f61968ea53b44d68523f2d2ab63cb3d1

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f26e.TMP

                                Filesize

                                1KB

                                MD5

                                d1a6657f1d60039a749b1db69a45edff

                                SHA1

                                032ba683ad874b2fef281d67d073c87cbcb8bd13

                                SHA256

                                ec6f78c59cb66ff2bc98232309984749642c954721939620bc9c212ad3d3146d

                                SHA512

                                06813a480c7fa39ab7ec54903904bf8f4678e982f326590a57f38f2f394eaf9c5613c3eaaa9bcb7676363e4b94e9711841d19a181098b5603f096ae129741748

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c92d4911-ead1-4f54-a427-7a369d1f1e5d.tmp

                                Filesize

                                24KB

                                MD5

                                364592d2cc18adf665987584bf528cba

                                SHA1

                                d1225b2b8ee4038b0c42229833acc543deeab0f6

                                SHA256

                                bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

                                SHA512

                                0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                8KB

                                MD5

                                a68f3097da41d256328c85ede4092a5c

                                SHA1

                                fbd466024182dbf06e1a46cbcf725a2776c1fc87

                                SHA256

                                d9062f35bafb5bda263bc7334c0d3c58d5dbcd34b61cb9fcaa3ace2fe7141132

                                SHA512

                                7a7a5cbc98b21c4bc8d6e7990733432aabc47581d6756e710d8158929c713ee5c4a39160d1ce0e1156725bf4c4702a1fc583bc42a285fe6e3c290b007257098f

                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                Filesize

                                3KB

                                MD5

                                ccef8dcbf42fe435cf3b055a5851451e

                                SHA1

                                5250c52cf1bd722cec663ce37f2cefde97969bc0

                                SHA256

                                9d1bc980c422710ed824afdd7e79b79d67f2b0e73554b1860ca8ab11c51a94ff

                                SHA512

                                fbc53beaad87d1bdaa90c5ebcf1fd5fc38c68d6ac086865b95df1c4533188a2a661551e3ab39658e8e8e9fd6f74605cd3c8740fa5fbf7bcecf71b09d475aaba6

                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                Filesize

                                3KB

                                MD5

                                f34b7720e3506810e81f665295070dee

                                SHA1

                                9ff96668f571d7e4c9f7861539c764adbdfcd120

                                SHA256

                                c80f981e7a51a3d43af710a4de3682b4536e2c08e149399c135fe50bec2913a3

                                SHA512

                                3fa1ef53071093dba544238ca5961f1deb499039541d9c9adda05965e5a9222ceedc4fc7a42889f7e209652ae956aaa3f7b3b826b0d0420d30a7fb22b4f66d42