Analysis Overview
Threat Level: Known bad
The file https://shorturl.win/e/FEUStKc86RGI was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-02 21:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-02 21:40
Reported
2024-12-02 21:43
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Windows\system32\wwahost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceh | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{4570CBA2-B00F-4703-8BFF-AE59A6476499} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost = "0" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1" | C:\Windows\system32\wwahost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wwahost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wwahost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\wwahost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wwahost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shorturl.win/e/FEUStKc86RGI
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcb646f8,0x7ffbbcb64708,0x7ffbbcb64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4ce79ffaha8b8h4481ha634h600d35c2d154
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbbcb646f8,0x7ffbbcb64708,0x7ffbbcb64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,539526925370416303,6025080349779271445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x500
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9220c27dhc04ch4aebhb84bhdfc95ba78082
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbbcb646f8,0x7ffbbcb64708,0x7ffbbcb64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,8571425042248609682,18077395312983895710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 /prefetch:2
C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4624 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,10327676318576328768,10550834723620129461,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3976 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shorturl.win | udp |
| US | 104.21.48.49:443 | shorturl.win | tcp |
| US | 8.8.8.8:53 | www.roblox.co.mg | udp |
| RU | 45.10.243.43:443 | www.roblox.co.mg | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.243.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.239.18.35:443 | static.rbxcdn.com | tcp |
| NL | 18.239.18.35:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| NL | 18.239.50.31:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.94.33:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.33:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.33:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.33:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.33:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | sc0cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 205.234.175.102:443 | sc0cfly.rbxcdn.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 151.101.65.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.18.190.78:443 | tr.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | tr.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | tr.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | tr.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | tr.rbxcdn.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 194.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.115.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 2.18.190.140:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 140.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 95.100.195.173:443 | www.bing.com | tcp |
| IE | 23.40.209.146:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.209.40.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| NL | 18.239.50.32:443 | arkoselabs.roblox.com | tcp |
| US | 8.8.8.8:53 | 32.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_740_WAOEEYXOWAQHTTRJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79ba88d6c88037d9a6c158faec10d7ab |
| SHA1 | 79c10b18e1f860715da83d0adebc729ee34cc5e9 |
| SHA256 | 8544fe142cfa276e0e54484a2bd2ff160784fd452d442b99b842dcde2c5116d3 |
| SHA512 | fa8db317c5835f5645f8f679abb68f38d5ef8aa69f08d8f10d32b83a80071fa02b6c42264ba2d437d36bbc6c5511be4271702222adbcc048ef074d5bd6ecaa21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | fd7daa1b45860c6fee445f06d7ed37d4 |
| SHA1 | b1a042e16891b45e64427a96e3fd9d84bce5f398 |
| SHA256 | 184c54560d0d97832885c310353923b99c071776e96cf033d0f594fb8b549455 |
| SHA512 | 7f013491ae7088f7cd1fe2d283a5d5d1310c0cc2da96a2ca02aba65413e8914add864c37312b7981ec0e9dc052be5d8cea9c745e5dd54a7d6c7a18e2cd0b958c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19f06c9a1a17ccebafb3e3c26edca5a9 |
| SHA1 | ddae2f77b6dd4df3d386a3540cf3126a9384babc |
| SHA256 | fc8a527513dd3e4fa23b93754b2565f245ef00a53997d7ebf68d6c92dc48ec31 |
| SHA512 | 50fc6555888f31bc9c07e980a906f260021496957361ab1d239633cc78fdca8125f5345fedbc7d3aa37ca1c5938b5a17a664fb13cf4cbacc1d92797d1c8fafcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92517a2abfd49c913589ce91d09ac61b |
| SHA1 | 5209468e36a0c98f4de70620477bff6bf9397d20 |
| SHA256 | c424c2b6aecbfe9d798256256f429137705673f478ed7f58bd8e7a0ffddfa15e |
| SHA512 | 0b66a6a57286bdf9138a56bca5b4ecf9bace9cb10ff84895b6c594d251158f8933acb487fb70644ff4ff6d7fe1d6ff078738a8f7b293744f9b2ab053803e3da4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 934ebb04bf7f0be6939e15d2c292379b |
| SHA1 | 9722cfa11f450b4877699775fb0fa1c2c21aa102 |
| SHA256 | 45f5449975f19f5b32d12ee18e917771aaab11392971730b45f01f00083a9f99 |
| SHA512 | d16b055e017abbd6ae3e56239f84064d510a6fdd4ec3045bed9daea403ee35f7cd899a62bf6fb5bc616e74b049448ffc11c033b1b3f5cb83a2184643cd4928a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c35f.TMP
| MD5 | c9b070f4f859a70d0823129b10dcbeac |
| SHA1 | 0bf7d759d22c09bca993cf01f7e225ff5fd2c6a7 |
| SHA256 | 60d989ff0c75740cf5f9379f729cd5983f88b5ab5fbe132d6120e50487fb461c |
| SHA512 | c8d858c515feea19c3d2c14c3777f4eb5efd60665d5e0419d044d94580fcf7bf0bc6beea572c3dde5c3d278bf51c5a1e94e6bee738c7509ede6acf36cd9f2e09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0e60ee0b4c4ed5a4a5b16eb7478ef81 |
| SHA1 | a6481a9dc1eecff91886ade79a0bb502159572f8 |
| SHA256 | 45f5a3cdffc89d9c2b49c7da29b027c8f624fc74862e85b71415f0b15544b1e2 |
| SHA512 | 7753770ff98cbb552976276084e0c6363dcb532f4b1f9ed9d9e0d8affd0c9a302179216ce81bd343c3623d2a3aa94803fd3a74549e54e5df1c6600192ed9c3e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | e0210d118b3139c5c77b0a3cdf07240c |
| SHA1 | 520912218ff8fb26d188dafe6eb7d53e4a1347b8 |
| SHA256 | 09afbb320f0230e85ca0b2ad49ca106b3cc9bbacd2e45bb4e8faed3a3fe93444 |
| SHA512 | dd11395f2f830af1571beb0293e78a4ef01c252371194bf0e8154d6494d951e44b0e34219ab52ec8cc8ed47eed88b99592e9fbfe2c8d4cd65e26faa257a64550 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 4829199e6a5f896653a07f378f420e20 |
| SHA1 | ea33810361856e36459b0da1d93267c6252b25fc |
| SHA256 | f5d8f9bc07f91b59566bbcfa3c572d6d2ba2f35432b9ab89bcd7ad343cc61ebc |
| SHA512 | 83ba69988097dd4a39a19136ca5e68d0116305cc1d04fc519f59cb208ec0e8e5e592abe8fc9badffc701fc56bb6aa293c4089261f4d4a9b3d616026f000f48b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 5e2ec22e3837874c0cc5bb0f641ddaf5 |
| SHA1 | 709b3b13793e22c7661d473ccb5661a57111ef1f |
| SHA256 | f64bd4b8f50d6d9585efaf8646a0fa25f09de5b3b315a9ae47576b11d1cda75e |
| SHA512 | b02dac49fbb92f3953f6bf87164c041f090bd25bce730a29a2eacf2dc3b2b4ff2f41288a167dba81a40964eb10e9fa08f9f07cf030f5c7825f2acd3e7c8bef4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 99adec199701191fda80529b0506e475 |
| SHA1 | ba63a6135825ed9f463762fdb1fe8e4a3cab26e7 |
| SHA256 | 86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b |
| SHA512 | c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 52a30eaf6f9171ab42fa2f4e746529a6 |
| SHA1 | d25e9ba467ba0c46e4ecc225ccc0b79603a15f3b |
| SHA256 | cd627d2c91ebd8d52e0d75635ca44f653d48fb54c87686c78d698cf73e2f08ec |
| SHA512 | e6459aae6da09e974d4c12e9e3c0eefaf072042cd8f9c0c6168d4a4494212e7ef4f89459b25fd4e4fe60617c91b3b274e09b10326e031ac14611eb86f41e2b08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | a63c5a6c1312ff4416da91f1ba045f68 |
| SHA1 | 7785c59c41f2db7641d58f74fdeff80d9010cb00 |
| SHA256 | aac290dde49c6eb4506098e67d7bc5fb0ac4ad262c4ae5349621bd5aedbbeaf2 |
| SHA512 | f6db9f91b73dcb47410319747dc1db849771ccc0e8dac56c9bf8397288edd28041145e82a9056ef3ebe6f5cadc2bff5b14ffc458fece0258ef47349f56e2531c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 8226327996a67b56d47dbca42620a75d |
| SHA1 | d604167574ee91bbf5a6e0aabed7591fee1cb41c |
| SHA256 | 70ac272dfb3bf6e7cd5869a4099a12670dd6762e76bd73df23858cde219e6afa |
| SHA512 | 959ffda13bd17451bb153225fcd72edea4ba3b0111d0f80d41f46da3e718127bea5f1a1674fe13840d8c0ce3fa5773bb8dee62b64937eacc16248f329424d57e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | b5d230d64ec363aae8f2b15a7100048f |
| SHA1 | 0f0b8a1680d3a94dc434266068cc865d19e4140c |
| SHA256 | c1124f3dfca9fd8249da22528ef8d85d930478e6d31e6fdc85d2721077f06e98 |
| SHA512 | 55711d02fa53cdb8837913c2ef0565d823fb8a3570fd9a34f85c0a35a6c9762c97113aa44233fd6240a33508e8b9bc9475f47161262ab46bbfa535447cb8f1ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | e68c49fd30b218d571e5435773c46d89 |
| SHA1 | 0107595579b3d17c8cc585b8a3b08ca7ad1814b9 |
| SHA256 | d1fc73a52c9ee2f44fe2bb46b0dce37af0a9709bb1c1c2992bf435d3aad7bda6 |
| SHA512 | ebf8476180427406119f6760919be8983f1fa322df3982a8fd7d81bd0b26ebc4505048d4e4cc281aafeb5046211c458637f11e8911a8fcd277019ab7e1c9e247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
| MD5 | 807ab99224303d842eee39a1fcd8f0bb |
| SHA1 | 78bad9cd23961acfbb15f21e1a41a9bc95e47411 |
| SHA256 | d7f1c31c5169751f2b69d2b5485ebecc5b7ceeccbfad557f7c06012f01bed220 |
| SHA512 | 9487ccb6330e6768c5112cdcd38ad3aec3ea3ed76f82697bd012d9bb9b7582022e1fbbda871048eacfd59af23f557663611a38106c5db42c8eb7f78e73f59c9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | e1f6e032096b2924e561c3928b9dc73d |
| SHA1 | f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad |
| SHA256 | fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8 |
| SHA512 | b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | cc7ad65e0558327d8fbe8ade40ab94e8 |
| SHA1 | 6c153e9bf971f196db25cb2cb3b62f77f0a1299a |
| SHA256 | 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30 |
| SHA512 | 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | f1cad4800853bba09a023250de102801 |
| SHA1 | 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6 |
| SHA256 | e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b |
| SHA512 | 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | b715a5dd019d1b8771a3031ff85c972b |
| SHA1 | 5768744eb85d3137d094458e4b7842c1c5c526cd |
| SHA256 | e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a |
| SHA512 | 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | d150fb711ad72a3862ff09555afdf572 |
| SHA1 | 169f55f7080a41082dc8c35271c63974f5abd5e4 |
| SHA256 | f3d793f104b300132dc7dc0c652a240ebbca770499b6531cc2a0f67336e589af |
| SHA512 | 9e8470b277a95a5ab077007f4d841b78863c67829dc917a5a5af816e5eeba52609d11982b9a2c20e8ae047782238340d1d96cb1fc8cff20477990e712fe1e75d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cfd3.TMP
| MD5 | fc5a4ef391855447cfbaeddc5e13b5a1 |
| SHA1 | a845dd044ae3f1bb14eaaa94d7e59e6b84ab13a2 |
| SHA256 | 2f99b7972ed67bcd6f33b30d6aa26fe011e22c84c06c595243e784304d9d2a9f |
| SHA512 | 17c7d2a3769cee7e60ede6667945030288f63d081dfc956fdc6e4497c41bdef61e50a9b052c6c14a5222f17ca6c834d7a9e872b0a6eb948808015af207718a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 66e8a57ca91e595cb0b529eff4681d26 |
| SHA1 | 9ece5becbc1bf192ddc541dad6c0a70df9d02999 |
| SHA256 | 2eea021acb52810c7894d27df700b78a923635db901bbfb6c76bc7b04f207502 |
| SHA512 | de32af64651a3358474d28a5dedf910b6929fe89cef0d9ae2d2b4758a6129e2f7134109ee40034d2a89237b300f752bbe188c235507115238d052519eeca89f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19478d4b31abe6ead470abc995578672 |
| SHA1 | e78e8e2e4c26289952ca11aa3d1a21dba596b7ea |
| SHA256 | f1ec4a5b267d2358fa230cba3c853212a8219d3e2c844e57e1de2844ef25f1cb |
| SHA512 | 2986e43d26d68b6ca59818106e7737911510dac414fb9d63a26ab00d01610a2130ad8acd8698382bb3e20b308677cfbac8007ed5c01376c354ad87ff20d23a11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 809a5543ced3450469f9fa40b7ba7582 |
| SHA1 | 89c866339feba4a671c4e8f4ebef015fbb6f1d04 |
| SHA256 | 047212d7db887296bd965da04ab4e0c87d31d865077fae3923037e58141014bb |
| SHA512 | 2fe7c9560def4f4fbee934801167fc78b9df5c7e993df48572c79a3e67bd211ead1663365e11875077c06f4edb452e3742d29131af20312fc9186e8af80d1012 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 501b81ed12a4405a8c64d3c9495000f8 |
| SHA1 | d4c4ea3587c3f4e89dc102749e5e5e8a4d95d3e3 |
| SHA256 | fd8e5050081925c4dbe0f13e7b92554e61535a8d52aa1f10e202758c00041bbe |
| SHA512 | 7660e88e22ce35ea621fd60c6b0888e1f041e5e359fa226c02175ad7da103438c8d1ae55ad9affed47dcc3a27e0f73925444ecef1804fe8e8a2162311a5bb4a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e3523e52f6947f2f72758c4a253776d |
| SHA1 | 4da7536dba8529693d22a1e51ef2d84aca28ccf3 |
| SHA256 | f57823710e2881664b622db4698f8e7e632f2b4f95f3a259c15fbb58f871b6c4 |
| SHA512 | 0dddfc7c60bddd8b561c9c2d37ffea1794ef8744fa872a8497804d8c73ae570a5e0dbb297f01dd9d02ae5456f43992790927641233e0ca8fbb9524ce56055f97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9062b1234d6412d10085ba81f16be90 |
| SHA1 | b72d0e7d67c8b0e0354a1b40ff55fd5c66fb69f0 |
| SHA256 | 97cfa9a00ef4e9e71c527dd4e0764d85b3f24f514cf3e666292c7e7ffc7d57d7 |
| SHA512 | e787d1640ec530465e05c222b6942ac55464b2f0519c2d74f25771b56a9f3c6f30825666989b0ae3d4dc030fed48bd00b80ab5235825c60ff15865eec5756700 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e87935dc-0eb5-409a-8fcf-fe5719739601.tmp
| MD5 | b438b9f97e7a1f9271eb8c8834579fb4 |
| SHA1 | 2324168731240d76e32c24c2dfcc9dd65b9dbe00 |
| SHA256 | 7fd6962eb0d74c5bb142e12d2d928d345ce2f99713a905b27a50c37652bd1fed |
| SHA512 | e608590b9cb4ca07f1ea6dbc64841b194669d84db7dd8b622220b0edfac3ec20b3b21088c5d07d078affa030f291529c86a3b87e447852a153609fa8362c8065 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2009555c0bb5f9bf2c55e65e80350eef |
| SHA1 | 667993bb8554032c3b3755b7733fd6532b0685c8 |
| SHA256 | 65dfb785a61414136f5b61c4e8e9dea11d6e714917704c752bc5f67568f9f4e7 |
| SHA512 | 29819a30731703e1e8ea1141314dc1931a6792c99911c60b065653be36d8f9311b2f95014338dbf5924ffdd453e6c1e6d8fca2782c443e874560beba6d777531 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | adb37edb0175c49bc59b095ef8fc9318 |
| SHA1 | 5d3ed1de900d5fcdddf4d565857005a553bc055f |
| SHA256 | 3efadd9e3da2b2d721c5e89128b09923c0e7cbca0e3c9bc1a496beed8f5731e2 |
| SHA512 | 43323da1cb6a100fb374378595876dcff5b050606511cb9cc58b79ad2f880f69e1ca53dd527c3c0cd216657baabb105ef3262fbfd67dd58929f83e88522e9de0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d72b33f89713bcbd8db3bae00636d3cc |
| SHA1 | 051e410bb35bc514de8aa87aaa44297f6ad83ecb |
| SHA256 | 91e370305ef8c46dbc70f0466daf6825a72172dfa4d942d22b6d1c1bc7165f9e |
| SHA512 | 77eea0f89a23b63473ff70b79e09e45cd3bd18e85ea9bf4394a8c60a3dc3ff784bdd8c90fc524b2a58f049a2d36781cc415971a1ad73a59b87061ab0cf03d528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 39d70f9c3ead4d71f37ab56209ef49f5 |
| SHA1 | d3cf018923e644843d4be9e05633332f53debd2d |
| SHA256 | 18bf9cef8f8c8776602fb74c9c4d72ec80c5df4d239448cfdd2fc89615800e50 |
| SHA512 | cd9e65f3335b05e3811f094a3277a3a4a183e2510d7dd1251330d969e6241baf4955445b13e88760c1f90a6bc2eea030d7679fe06119d82b4a46fba07e9f9be8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cce9e9f4b9fd8e0f9ef79f48c6dbaec4 |
| SHA1 | 4fe453b717b00775adec43b84db8955e1108d8c8 |
| SHA256 | c4191c0180a10c00ab5e70dbb4c01173954a481f48c2202f59257b277868e637 |
| SHA512 | ddd6475da132aff41462af588dc4ec8702e2ca6e029f30f42f2410b061530cd535b559a4a5a3ab219e8cfdff388dbb3a25503a4d8d9fd155d9f7e80065fe5b49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c19a8b51a9c40a57624402ab95f79af |
| SHA1 | d8196986e857f64a54d4f52f077094ca842256e2 |
| SHA256 | e14f3d04362f551cf50aa596e06b8b4494f3d7b4885ac13865107bfad97eb771 |
| SHA512 | 960aedfeb75ba84ff06251ff41710df356bdf3a0af7349f9b237ba014762f353c4380330e073839816e29a6b31be5c3ac811ad23e2f4d6bba9483192da5f4fb4 |
memory/212-1287-0x0000017760080000-0x00000177600A0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json
| MD5 | 9c1e824ef8695a1abc67f5d0a95778c0 |
| SHA1 | ec43ba5ce45d92453320bd6d14d96a866ed4c0e9 |
| SHA256 | 0e9674b55a602a97e8ed235ec72e98e5d816ac014684d179a1fc0b9959345d97 |
| SHA512 | 55e92e224e5d357e4c1dfcd34ee8b7e1d160f8edfce2f3bd156a240f4cc8c73b3329497d8199fabf2a81d8d04be5f49687224b498c57cb115231b47c81d65d15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.co.mg_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dbac559e3d883e2462f3cb3c23b24bce |
| SHA1 | 6ed859ffa695b698402fab9981cb0efd54a81a36 |
| SHA256 | ac4cf773fe674e5f923c6db7ebc1c790e48f876f71dd0a2a03ac2aaf777e2d7f |
| SHA512 | ac51a3f93302d8e5a8fb749c350a00f2c2f0840bc563ee2a2511db36a1f7944056eada19b5f03b2f3f8842578243f65e231e4bb3dd4de3e5dbcf75c48259ff9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d95ddecca9004ec58b0e87668e7ea19 |
| SHA1 | 1fcb0f38b34c366f739ffafd800a6b080fa9c0ea |
| SHA256 | 8ea054ef1ab13fa94c8f58f11e6914d56820babeeba6812ed983b2b4c74bb28a |
| SHA512 | 5734dc67f5c338f4e438b8b3a195eda4936604f6f9907523941119778884436cf7d296dab9e8169e1c3a30344ca6813f7660139f25c7aac42815e81cd2b6c242 |