Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.kz/communities/7319700900/unset#!/about was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-02 09:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-02 09:28
Reported
2024-12-02 09:31
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblox.com.kz/communities/7319700900/unset#!/about
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10436230474582372241,16551206650046281733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6640 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.kz | udp |
| RU | 45.10.243.43:443 | www.roblox.com.kz | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| RU | 45.10.243.43:443 | www.roblox.com.kz | tcp |
| US | 8.8.8.8:53 | 43.243.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| NL | 18.239.18.40:443 | static.rbxcdn.com | tcp |
| NL | 18.239.18.40:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 105.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 100.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| NL | 18.239.83.105:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| NL | 18.239.94.64:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.64:443 | images.rbxcdn.com | tcp |
| NL | 18.239.50.67:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.50.67:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | devforum-uploads.s3.dualstack.us-east-2.amazonaws.com | udp |
| US | 52.219.228.58:443 | devforum-uploads.s3.dualstack.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.228.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 172.217.169.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| NL | 13.227.219.33:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 33.219.227.13.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
\??\pipe\LOCAL\crashpad_2256_DDARTSSINLAMHDXV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b26fddb9faa5319d1f46cd41462a6dc2 |
| SHA1 | 89a4de46623e66d8174dedcf7de18370c02f8902 |
| SHA256 | 60a117a5b1012f248ab0ee06241d7f254f93483defb1b68c71a98813bc76f872 |
| SHA512 | bb6ff779bc706ead1c8d554ae311397a77278331bee67f69d1754964ccc027bf4c62ec59c832759fd7c2af3ce3fb272a608fb64d52e4d91c49b7cd30cb225f46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01155d738bdaa4152037c96ce9dcbfae |
| SHA1 | 503285e287d4c0a709a00f7bcecb145eb74d1bd9 |
| SHA256 | 9282fb334a7390376767eecddf501945f66752e00452524898a003e2f218ca01 |
| SHA512 | fe28ff407ccc9d03b7730c6918ae1ea398d226fd495845f46726e755be71074ecf560781941f4111e881f879462298889429975857296fadc93cfccd98fa516f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8707526d53e4a37b1cbd57baff6c53a1 |
| SHA1 | 9ffd4da07595e01e7f06edc1844d9f8df96abbcc |
| SHA256 | ba8b34ddf624e05649a8768b70431b370fcdd9702cc8058eca85a884e7fcd05e |
| SHA512 | 01c80678d1cfd17cf3f186e917cf22c3358bd7a1d9f857215e15e0225e5b00103ad1c5d6522fcc25e245673adec38d65a08125686af82d211db12520217d0e75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 76c4c108db49540c219f409e96d8a610 |
| SHA1 | a5aee24493b7e302e7626bb6d4abbe70447adff0 |
| SHA256 | a7e368a6d2ce48827aaeb9c1ab15f3775acd2389fb877c0648650923ffead081 |
| SHA512 | 18e6889ff5ca4d072e82d85325cd8217f587a2620f47a02c1e6e820f236e99509162806de558fd8e9438e25b495dd4bbb5ec83d79a200ff631995e8f89985398 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c9f7.TMP
| MD5 | acb0805f40af6b4d84147482b09bdd7c |
| SHA1 | c7c472f63659571400cfcb058b93e1dabe3c4b94 |
| SHA256 | f6becf69896892ccd051b9dfc890d8892b5d2392dd76a4dca8f6ef871f16a82e |
| SHA512 | d278c390ed21d8be7aeedfc51edfa265faf7b2ee2a7c8a6057ce2054ee4cc9c492aa14649e90a2499459e118d9123c119a6367108643083e4da1a08f2d341ad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9e4ad4f7-0242-4485-8c96-a03dfbaaea92.tmp
| MD5 | 2b3d4967b74575377e9540291b1a75fc |
| SHA1 | f49ef6050020d46402ed9b88d72374fb1e3e157f |
| SHA256 | 371547cdd4457b0f41c075f188467a1c8292609ef4232b09d5ec5e160de99104 |
| SHA512 | 2e24fe6f034ddb6d9cfe1b637d5e23aad3f93111d06995e1e5bff95a1c69d9bde53610929c4bd5d25db6c953438be927fae86208a7d9cc474eeb5df99a782180 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6e8c30b65a6868c53b63f55e5bfd49b |
| SHA1 | 5075309244f6463cf10b9f2e5728b9649f044b31 |
| SHA256 | 8b239ecd1dde452edc4dbf77a117c55cc797da123c398d4e12e384cbfcb5de95 |
| SHA512 | a14e7041c8ee16ebbc13298bc6329b690e24d68f1aab3708d7c13848c81f111e2ca052b1d7a95693c6b4e381e9bac8e71ec22e2705ae23d65a93a5afe07ce082 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0526691638d5b7c96a6823ae10db8587 |
| SHA1 | eb261cda257f60d11d57318f8926bf05d5ac8592 |
| SHA256 | c1fbe8e85274d6c1e67e43dd95accae865a838b8ee5aad8154d4e7d1cdbc7233 |
| SHA512 | 4a59539ab01d7d086ee574c6843d6a8140779b567ffc5a466a80b6466934f34954984867e8451e09b749da4c8bd2be20feb18dab1d5d547cf686c87a51ad8d63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f78f.TMP
| MD5 | 1170efbcf6b2152c9f33dc1d6bdf42b0 |
| SHA1 | f64b30413a29e80caa93846d8496a4ab1db2db78 |
| SHA256 | 0276c1f52156dfad10bbea4302c77e8cd2aee2c044d4326e7728b4088a49e980 |
| SHA512 | b1a6b454009e12a1008b25324e067ebc36276700df76f7bd643b203a9589cb44d23392f64f646535292a00e0b6c1f91c346b2690abfa08114f1515de917857e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a96fcac5fe70c2b7dcebb364e468757 |
| SHA1 | f2594cb8d92fe03dadde8c1594ac0d62cebeb490 |
| SHA256 | 2c8ac30bcd8562da8ad0947761cab287c8fa1ad1da577d31667e68c554f3c1ba |
| SHA512 | 01efc4dc3f943c08bf9ad9f7b97592b7466d21eaf9f61f709f798e31b874c8fd3431461d176a65da916d9ed3e51ef1e22e7d4ffa94dff266f892f88adcf1f194 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5fae805aa5c23573187a50d4abf35072 |
| SHA1 | f8718773f706495fecae865f230b2ced221a9f6a |
| SHA256 | 98631c7fb3be34d9a3f3c7071dc3f89fed250897883225b7264f5c679f79a575 |
| SHA512 | 4f74d13e2accb9085232cac97432961cf07e7c69f3d2043c174c4fe9c9a412d952282b0f019bcf43a76d6d543e219de22699d814d8c55cff2a1217dab2cc65e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | e4b0d20f483b4c24ecffd4678479e3ae |
| SHA1 | f0f3175f2c92922d123eac1e3a4c5bc8f6091b49 |
| SHA256 | ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a |
| SHA512 | 54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 28d6deba0823880f8331bd4695469645 |
| SHA1 | a9fb38e13eddaed233b777f4db8efb4762c215a2 |
| SHA256 | 2897ce935bf259f030e1c67dc25840da8793d4b58bc5fc8d5450525490d62590 |
| SHA512 | 05261445ce6c11d1cf49716c0a2c6c2abbc930af4b7c817d36afa7819446f7e40f740a31b8e9734a5f68a0b140f2424db8779f27bae349a429002bdb30c79e7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 0184869286788eacac1ba69396519d49 |
| SHA1 | 0c5f414d628c549f94ad3a74b0afcb60e5dbedd1 |
| SHA256 | f696dbf8cecfefca50ea3fa5cf29f5ba98c37e723bbcd5c6381269e08be54e0f |
| SHA512 | b6bb6bec302cb11e978fb40be6ed3ad6ec18afbf3bc4e81aa5aa078c841bc323542b7a4c83037c7eeef8245c29e27d0143528f071d33acf5346ccef4fd5f38df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 7fd069146ea79b16633bc8b45f90482a |
| SHA1 | 98dfafac54f6f5db51e3baea698208833ed1b642 |
| SHA256 | a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7 |
| SHA512 | c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 6fd1421c547715cb7b78ca67104bfb78 |
| SHA1 | cc7f1d6761d9c7256745ef7586ad53e3183f0e2f |
| SHA256 | 57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d |
| SHA512 | f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 761338e7d858565d6976e2c442e65384 |
| SHA1 | c36363d7b6391c958778f27956a8f033e79675be |
| SHA256 | 8dfa8eaa5ffee5d0f297c5793bc907f1ecdd88980617064d15751b0191cf5d9b |
| SHA512 | 630332ca5f39c7edb2f829f5cd445ac27f157dd2efae8670fbbf0808665917ee599c197e8f1d071db3d54d7cfa1225603704c46c16a330b79a606a07e92bef77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 2f4c4483d3f4a087d5a26b0180688607 |
| SHA1 | 6f616df9d2f7feb4d7ae7e623265318f5f44aabc |
| SHA256 | d65eb75c2f3cb2b808687bb9667615029ba71a52d6261cc922a239a7df8a8d28 |
| SHA512 | 25ee93d819b12b7e8c8649a115b40fe7c70afe0884c51868db9223458f13fcd22acd46406d7a023f950862b41593957d2a435e120db0e4b81d6baedcbdfa6bec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | cc7ad65e0558327d8fbe8ade40ab94e8 |
| SHA1 | 6c153e9bf971f196db25cb2cb3b62f77f0a1299a |
| SHA256 | 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30 |
| SHA512 | 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | f550dad3dbfb045a5d3b91aaeca0b384 |
| SHA1 | ae0700d295166c471d2e3640134d7bcfb183bbcb |
| SHA256 | a2d804e54d655a53053419498366fcc7e4a9e485fcc872795b22b31c6b889720 |
| SHA512 | 1eeab46bbd2eaadd75ba18fa3d74f9ba0555082588e7dfca77425adf6716d9553b669250af5cb2948cd4d4a5a4453866834f018709941da5aa67214c0f6b8b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | cf32003b2a71b7f09b15e9ad77a42d40 |
| SHA1 | dd13a04a430ae36e5947a503abf60c24f17d31a1 |
| SHA256 | 9442cba9804cbfce11010881cda395e6df369f778358e50536bc183c926370d7 |
| SHA512 | 6007af3fe5be0f250b877d18351510f82fe40458033c7342e26aa4ab8fa75f728881b2b872e1bf1a6aca7810151523bb53bf9609f87d414390b45c32c0e66542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 15a2f0d9497bdefec193f1951b076696 |
| SHA1 | b673c0729fa90d589261edd38bcaa74439297cdf |
| SHA256 | aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b |
| SHA512 | 36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | efd99f6b50b61e6bc88ab81db271f5dc |
| SHA1 | 13a91d8c6aae48306779d950cd3da773bac54a04 |
| SHA256 | 3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9 |
| SHA512 | 3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | e1f6e032096b2924e561c3928b9dc73d |
| SHA1 | f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad |
| SHA256 | fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8 |
| SHA512 | b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | f1cad4800853bba09a023250de102801 |
| SHA1 | 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6 |
| SHA256 | e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b |
| SHA512 | 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82f84206b32cb2f3cd77ec28fbcc723d |
| SHA1 | d19eab8fd65b65be7b5eb7b3a6e0d1fd2fe15f7a |
| SHA256 | 5c558ee41b0b5198568c024dd30dd6439891bf2d551a15b3975bc4debf81d561 |
| SHA512 | db8f01170ac77c457ca159f3bc87d06e54136717843a8c6d508e7c3e7750d1e5f1cd6f53411c94400538f253d58b1aa0e9ac68ab5d1b535a287428339dbb7521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a930bead238ee795d17c7b7fa8973ea |
| SHA1 | ae4b45e7e22001d24095bc3a30dda9d6ec55478b |
| SHA256 | 6fb9fe93b4bcb08d30be3f1b5b8a1ff86a1faf3b4ea89f6b2e56165de6ad17bb |
| SHA512 | 52cfa942bfe6488e9e22dfed35451eea6086b7c18ff5edec8c16cb11ed028668d4026b2d1d2a0faa5cdd1a1681828b6c2fb83e9d7a41dc08acbfe8d7373af035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4402530a5faccd092be2711f324e8155 |
| SHA1 | 1f0fe8f3bd968fe4adadb0fffa628e046cce0daf |
| SHA256 | c76f24b55ab2b4978ed89721f1d197146cd5c64e40e2ec10362e62b4cd751d98 |
| SHA512 | 59597daaaa5de901236c3525764fbc4a28c08013d0c5d4c3d30cb5e98a976cd5c772bec110377670034b8458896c3429da422aa4e1efa4a6a65e65fa54f084be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6d209bff0d3eae95dd82406447e4a32 |
| SHA1 | 6c48788978707af3c88f45f43dbdb7e9c4dd0d10 |
| SHA256 | 98ec70c5e333db1c1cb96e14ac361a8c84cde4a0046c3f31b6fbda924d202901 |
| SHA512 | 499ffa838a6f45f5f488623fd644c2efe1f1e653e467ad76e66f0c1ad71d89047a6e64eb8e1b220919422b1a1af389d0fc621852d8bcc72dffd0fbfaea29bf30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ab246ee92a522ae991f9490949e5c79f |
| SHA1 | 205bc087b1feac4a6f3551839a37cf574e35ac27 |
| SHA256 | 8129c3eb2982187d1713342bc5ec13c7f8fc046368b03e19525f1260f9be6994 |
| SHA512 | 102a5b86cc6d29fac9edf3c42a95d7f9481a6b7166eb6f136d8ed42f63d52bb66ddc256a3a4422b9d8dd8601f68d34c6263f194342f09e69a6fb8597a825d9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ad5e4c45e580471062dfd5171126181 |
| SHA1 | 597702e36fe216efabd83ebd84518f8c2d429ebb |
| SHA256 | 4b754109125b1400e4dd42e6fcbf4b2ab906dab55176c9abaae7ba6b256376e5 |
| SHA512 | e1f6cbf4f768c66a252f4d12c6d56c3321444b08649bde4001239cb85d02aab78545ad9a09149fe2ba3540f05257464d8bdbe8cd77ae09a971a4abb75634eeb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ce5da460e5f1f753df77a4486495e489 |
| SHA1 | be1ce97a1b6bae6b9afeb21afdf68ed777144bc0 |
| SHA256 | 5f689ae43d3c43082af6e98a0b7deaad2e2379008332f42bccf12d4193936873 |
| SHA512 | 685f944331ee3df18004bbbd629dbb6b7f4db247705ece54c1f25fa6aea9a162eb9b1ea14b1efc4ca367530913fbe28afa7753a5dba2a5c27e7ba98cadc2265c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 949d3fd62497f1e987175626a4fb60f2 |
| SHA1 | b43a9c040a4303ba01f87fbdb43a4bfd215f38fe |
| SHA256 | 002eb710f3a04c35c0cd107935e3c303a59b7f3feac5f5bbdf9756a9ad9cd24f |
| SHA512 | 99de4fa8575c9fe09cc37453112a53a060c1edbe7509aaf557e3405b7c5fd7b2309b09a56a655245879bc93445c22db75e1934f54f46d815c568314c4594e84a |