Malware Analysis Report

2025-01-18 22:54

Sample ID 241207-zlpa1sykar
Target https://www.roblgox.com/games/185655149/Welcome-to-Bloxburg?privateServerLinkCode=396279872745387689481331850447
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roblgox.com/games/185655149/Welcome-to-Bloxburg?privateServerLinkCode=396279872745387689481331850447 was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-07 20:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-07 20:48

Reported

2024-12-07 20:51

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblgox.com/games/185655149/Welcome-to-Bloxburg?privateServerLinkCode=396279872745387689481331850447

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3804 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 3928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3804 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblgox.com/games/185655149/Welcome-to-Bloxburg?privateServerLinkCode=396279872745387689481331850447

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe67f346f8,0x7ffe67f34708,0x7ffe67f34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3366010982180355081,5412198940792221273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.roblgox.com udp
DE 5.252.33.158:443 www.roblgox.com tcp
DE 5.252.33.158:443 www.roblgox.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 158.33.252.5.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 inju.cc udp
FR 3.162.38.18:443 static.rbxcdn.com tcp
FR 3.162.38.18:443 static.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
DE 5.252.33.158:443 inju.cc tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
FR 18.244.28.55:443 js.rbxcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 18.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 55.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 13.32.145.71:443 images.rbxcdn.com tcp
FR 13.32.145.71:443 images.rbxcdn.com tcp
FR 13.32.145.71:443 images.rbxcdn.com tcp
FR 13.32.145.71:443 images.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
DE 5.252.33.158:443 inju.cc tcp
US 8.8.8.8:53 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 71.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 94.12.20.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
FR 99.86.91.74:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 74.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_3804_HOJPJBWIQIGRROPS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2412973acc83f03ab9284e9152971865
SHA1 703e886568f9e5e889f550948f80252bd8f502eb
SHA256 12c88ab3cab1721eb448458adb8855bfadcdcd81e1bfb2d6b26bad03836afd13
SHA512 98d8b5c1f18786fc8d6bb50357fd73efa5e204cb64f29477c73ac59f6ee0d888f9f2d21b5c60239b2b14c7aa853734e582dddb66ea38be8fcfd298895611ac56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4fdfd7d06d8bfc723b3624c15771b1dd
SHA1 9bcf856b0a82e14b0c473abea245ea04a717b21c
SHA256 c4fcf3956fd10e49a0a9ff2423f0dc7b880b8a7a64e45417fde4cc3d43aa2476
SHA512 9aa0c0f9d80d928b6f2e4faf19248980b84371ae6f3f4ba2e670b5485d9cc999efa26ce534e18039c825d9c26c281581e91696e33bf44a6573e2f05dd35903b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc83ed3d8b288084dc1a546825984524
SHA1 49f168ce2f307d33c89aa3bb361f5de407060d24
SHA256 1e855ca69de1bf680e4be0802f78fcb13fdf186bb0f3ba7e4136000a08766a9f
SHA512 48deab1b3df6ce8c8c8ebe6058fbd2eed59577d567ae8a13c960e081dea38e06cebd6b822504c5902e4bff30273d9e143f73ddbabb910da900c7cc93d50ec995

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 77824f36f14111ca2fafb378e2d5ec73
SHA1 b3d0aa94ba25061490f31613d3323ab9f2bf83af
SHA256 8313342a78ac3833067f6e41ccf5ca7a5714f8f12db0209770de231c47a3a427
SHA512 c331ca62c61b93206ca04443f70913b0a27449b227787f74c1628e1e7ededa9071edd48dd79d35eec5a614e65af0bb331b9abddd40d03a025488ad7c9cddccc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ece0.TMP

MD5 5555123405cdaee78cf6582a3ea3b8ef
SHA1 b3e0b440e10054a909028abd3a1eb69d6dd5de02
SHA256 e4cf3d3c09278865e489bc537b8c974fce6b909baf5b317abb5113c3fc3f3f99
SHA512 ee13696cc242ff70dca5dc9112bda387dccbf40b19e51497f298e20adf9702edc7b9a2b982a4e411d9c3bdd746bcae570cfcad2b7e38ad54449789f0a6253049

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 337f8b13e97f34abbe26aeef6bced920
SHA1 d77843bad545033f70b83d9acb0e052233197f1a
SHA256 a6c2c0740ccb75e0500aa5d0ab09ca3d32fc68016eff47e59ac48317966afe94
SHA512 d1effa2c0bc66d0c1731b5255f31b3a4384db4a33be696477fb68d3a95c54e1a4e1efd65ebcd003ff5fbc5e7fa0fa28ae719786ea89473281afe9a99a462c95e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f283c4cefb9a1c30c33b31f21cd879d
SHA1 36a24a26af119c7f3b5ac3ab9cab8abd89fc3514
SHA256 bc3f823b8148eaac944756c94cea7b81e528f4b2418290e395b50ac554464ab3
SHA512 28028bf0efdd966cfae454b75f828cda631e4ef6467237f50942d2ca101bafc1841fc570fb7962ed8c636f1a9fb6fc3cf8f9695d88d25fd67c89862bef24e979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0064ac7ece1ec99a5b83f5075ef35148
SHA1 012da2c6e7a284fdcd8f571e1c51b17e78a0c85a
SHA256 94c60b31830fe6e61810f1fcf7701851024c14ca54d437e9f9cf202aea380645
SHA512 3edc8a54bea040380fbe18f54ee65e79342e101de460449f32093b174b90ff7a25cc99e2be79a5558e40c0ac37420e7f59a3815605dacb6c8896c161edf2fd16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 72b2a2abfddab75fedec5e995783b93b
SHA1 77c2bac8a3b2c0dbd4035e738c60bd9252a7cbf3
SHA256 fc41e56da63243f51b49f8d6674c91ec6f13464cf4f78a0694b9252adefda47e
SHA512 9486ed556a34c7883c9ed062ea4fe526777a967fb6b575e6dcbfc0d8ff9cec31348da3bdf05c2db066cb011b69fba974597b4063acfa867699ee4e78e670eb37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc16fb293eaba0eecee31297d0a6896e
SHA1 b00ef2bd23499a2f672130af4d3bce48e7635277
SHA256 a7a449ccf4dbc835a6ccbcc74a58b7124da9316e8bfc07972781ed36a112630f
SHA512 e94dd7f59bdcae403f2bcf6e802a8c2ccacf4a1744ee9bd0545f9159e957a5da83a9a071df7a30faddedc102aadfd8bf7e2f0f16cb5ac34d53b581091e6d7905

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f36fadcf74e8c5b7baa3eb05b111b1f2
SHA1 01964243375e4781649f37fa3c8a5934cde8619a
SHA256 8992ff7b04d3d6506e2320134cc97d63c634be1edc0fe2ffc2a38649c4efeeec
SHA512 e855a98aef27a8dfb8b40229f738c92a7b99843d2f48f6df2ee786af70b7f2d8f9b049640514d9a420c0d9aff851b14b4962aa0a1bf4bba2ec264fdcf4639ca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f0f9db2c-12b4-4491-a98d-13d261c591ab.tmp

MD5 95672d15d4bddc677802a020c950b3bc
SHA1 aa3d72d7984e940e34c97524749b43c256f148b7
SHA256 7412f82edbe0a6442e654a1cb7790eb1a4b28a00cf7cd413dc86a269776927a7
SHA512 80523a7607d2f4e07e80e2852ba72fd1873af687c8a7b97f7219627ce282c1c74e6cf7bdc8ce4d805a13289f9b616110b55dcaede5e22f1636e1da3d92ed4c00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a940f1afb4d279d4a3cc3dc38ed8c977
SHA1 678f1c7480e3521ad594215bffd797f05ea9d45a
SHA256 84b3fd03dab3cf25e40fe43a4fc4bc66928e8c241ee8a9f914818b26da567969
SHA512 86468f4aed779a7e1283078bf7e4b26deb3d5439cb35304b5d5cc8e84cc6de830fc2a085ed7f6e4b18c8d18495753b9013cfc4e66d31f3702e2a50be60fad0f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 f35f20fce70080388794ee4e86394695
SHA1 5ca40cdb61ae0792b44b6e263e795459978d685a
SHA256 862162e097bf6ab8f98b8d7ef0e25d9b2c9e393e42c7cd39adadbb2972f43bff
SHA512 e5f3c9ca4e4ae72379c213fc67d965606d8e4d40156a6f82425bdd3a506b50712b0143cf625a3b9502b1da5d0279d2312ed85405788dc45aebb0bcb3770584f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

MD5 d14e8802e62defc16914e0a07ad43ca2
SHA1 78872df5c10ccc9d57fd2a1fa5bf438989b0b781
SHA256 932a98892a0f0287f7224a85d93ed555e60a5d9babc675d9f550dd45348b8418
SHA512 c45be820a87e086d32509e449aca1c459c0171b85f59c35f06e6a6d938d45ca54ad4e2c2526e27e47a1b2ef992664359967076ff040bf273bf66e7da4aa994c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 4822866d4c91b49688d1aa044c61c38b
SHA1 2900419a1825af3cdb1d7c0d535bdbf80db75bf2
SHA256 96ca222cf1dee023f076455b179662edfde1222cd7e78d805a0c013404f773ae
SHA512 d15905afff90097c0fd59bac58b2d02743796cab71af6da9af66666888de932760f21212796320b71aff98c2ff108d5bed20b2a2400926862746a2ab29479102

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

MD5 8c0b18f00ac7822925db8a0da85b71c8
SHA1 dc2e78826ad87db5c41194a2c74a3f600a5a987d
SHA256 b09d0632d4aaeba18914544a3146a61b90274c09c8baaca0be8a6562fad1a5de
SHA512 c79715982c0928d4620dd26cc438dd788a1cb451f525abe0d01ede660f0d57912954c16e422b6afc9d60042e39634b5ffd7d3bd5d5b3d40b87cd018eb53c2762

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 aec524e0653d8afd02b6a7c6427eaf47
SHA1 af03912e299e4bb4073091d4fbcd0c7a5350f022
SHA256 1af03d385d7f79954ecd3166cf8190b06a5f09c47669839ae3c1fef3fdefb0fb
SHA512 fa35276588a60b534e7351cf44ff35adfb1c8132c4b34cb0af27f5c473a7dad2f19fbb00ce827535543dfe1dcb09242a96416a4360aff4d88dc5e9f8ab7d250d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

MD5 037f9de0a742704d765a90aa4b58f1af
SHA1 348829c107d3eb3b23bfcf1a7e92832d7aec2ed8
SHA256 253e4a067210ddbfc056bf61229e579d4727a0cda8e89ac373c87a2bff323ec8
SHA512 a7b4bedb88c4791008f663842426e69acf98022b95448f62c8f20babd34a46850569a00bd40d78eab79a50b03f67528c26d70af9b0fd73cf999535db99207e70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

MD5 a2b67a025c06e3010985ed07ecb236e8
SHA1 9a3a915ad7a2edeaab18e2c0996ee8a34eaf9af8
SHA256 049f3eecd6bb27dd6c0f7a21a7443c5fec05ba310984bb834146466e4c714089
SHA512 35e1f09b4c33111a1f9533843b4a3161578ac55296d34b6de6515ca10557551d6a66b17682df2c408bd0e6be9909b1647b5b8d24d4f00945e0b5cb75fc299c35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

MD5 c3caa237ff99a1e55d7fbdb3f48b10f3
SHA1 a31ee58ddeec33770613cbfb6f7418cd94e07ade
SHA256 13a06d8b3e97713b984a16b8dc8e4e80fe59890bf88791aca961e8a54911fe93
SHA512 ed93ded04db5accef80e0fc3d45197ff8a0e031a23a901ba2cd2611d4ec96bd6208c9ef7f0ba79e3f0b9beaf927b674a7dce1fd1f58b3762fb70476817271230

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 602724d2cf29af7025b24e4413e41c76
SHA1 e9724beb34e957244af2d035f147e4a5cb3fda18
SHA256 a22310bd20f6f833cf8480b6db42416b399bfb20b8491933522adeaa02f61212
SHA512 8232fdd8b9bddfde8b1a65f19178090313094ef996fbae26b34deb5e0fe30c0d3aa6cb4e66b4360e264d69258dd53b98ebb85099db015531741363e1773ae196

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 8664f2c3996d8611e9f2eae4d01abd28
SHA1 fda43d5a3a9e020ce95774a79e95c14ecfe8bea0
SHA256 339566dbf1826ec0ff77c281615b433cdbafe4325d727b14261c41ace4d19aae
SHA512 0f7cab0f4aa7c16bb075beaf56aa37758251e10bb20976834a9f43b57dbd6299d3fd41cbd77854215746e409df2dd71ba871a22ff6894ccde9ccafc78b2f0888

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 4670305c7a91dd7d819c49e11aaab673
SHA1 c808a80f512a23d3905909941e4cc9eb02efebf0
SHA256 5043a78776a6f0ebdf75562b965cc86893553f30efc120e5647d8b157629447f
SHA512 05bcece1cd9a592e6a6c9e5a80f4f019d1a4d57c9949db4a5b9296767ad8f7e360a5fed197c068b00156bd43daed98e7cc05ab8e62e13e568bd0bb015134c7cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 e0210d118b3139c5c77b0a3cdf07240c
SHA1 520912218ff8fb26d188dafe6eb7d53e4a1347b8
SHA256 09afbb320f0230e85ca0b2ad49ca106b3cc9bbacd2e45bb4e8faed3a3fe93444
SHA512 dd11395f2f830af1571beb0293e78a4ef01c252371194bf0e8154d6494d951e44b0e34219ab52ec8cc8ed47eed88b99592e9fbfe2c8d4cd65e26faa257a64550

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 ff122ed83c65b35220660f38c2fa26d2
SHA1 f99451f4b2fa18429253c8b80209900bf711e8ca
SHA256 a0b52734f27b7bcdacf0d69789bb34370bfc772019a37ec52a3f62ea60f83dbd
SHA512 482afdf9c42f5277ba8412746ed79d2a9628d1287b53c7ffdf4afa3c71adc3368bdd1731b45104991a3a500451c9f02a29e0d15387fd706ff22ff0dc6869bf1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 97a09aa4f4b80dece35061510ab8969d
SHA1 e5a6e838772cb4e8b7bbe73a302f71bb972d51c2
SHA256 657caab3365bf04728d83c35c710ed890130a83ed11c20333577eea591a662f4
SHA512 c4e05c200de14ffd86619f1fe99c78ddba58b22acdd61ea0260cd291a6283bd446b54d882b40427366769de76b56714bcb546330e7de96fe10a8ef49bd7e16ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 99adec199701191fda80529b0506e475
SHA1 ba63a6135825ed9f463762fdb1fe8e4a3cab26e7
SHA256 86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b
SHA512 c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 8226327996a67b56d47dbca42620a75d
SHA1 d604167574ee91bbf5a6e0aabed7591fee1cb41c
SHA256 70ac272dfb3bf6e7cd5869a4099a12670dd6762e76bd73df23858cde219e6afa
SHA512 959ffda13bd17451bb153225fcd72edea4ba3b0111d0f80d41f46da3e718127bea5f1a1674fe13840d8c0ce3fa5773bb8dee62b64937eacc16248f329424d57e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 52a30eaf6f9171ab42fa2f4e746529a6
SHA1 d25e9ba467ba0c46e4ecc225ccc0b79603a15f3b
SHA256 cd627d2c91ebd8d52e0d75635ca44f653d48fb54c87686c78d698cf73e2f08ec
SHA512 e6459aae6da09e974d4c12e9e3c0eefaf072042cd8f9c0c6168d4a4494212e7ef4f89459b25fd4e4fe60617c91b3b274e09b10326e031ac14611eb86f41e2b08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 6de364539a9af501b74eabfff2208dd4
SHA1 69e2cd44916c641bf41b993735631429ceb5d38a
SHA256 1b6fdfb416fa4f9a22097bb18854c2eb537099cab843d5f9af6d926ca2983f0e
SHA512 9594134fba6af01946a47c45f1f7177f6d98486e405b0534a205c7fb15e43c9b3837a07c94f65bb62b1608fcd4217a40ae372ba44e895180aa7c1c13fb9bc592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 6c338d3c354401500daf08f18901f7d8
SHA1 19cf6a6597de45b83a8c134ca517394ce439461a
SHA256 b9e7f663ecfa8280e24243768218c2cdcfc92ef9e47923fd8f23aada4cb766a1
SHA512 112b885bcc65ec01ad17f4731a29ebd37332dc5e00437f537425801690d5d45b3f9591023077711f0348974a770ebf9bd9a93e47aa9b0a649adebbcc69de0e92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 53507924f7ea9ff21e5565306566cc98
SHA1 9efde687a803338222a6cf5307a30d7956d9f69a
SHA256 82341ce650ac27fe5ef2470a1f60b7efc2e12a0536605213405dee20fac49470
SHA512 adad0722fc08d62c8fbbb89c95f51f66ec60e140bb96b44ee180874173de2de2acd7f3d36c5d3ea336f8d5e8f3a4f165fa537168a1a2dc3792b41e36ad24f64d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 cc7ad65e0558327d8fbe8ade40ab94e8
SHA1 6c153e9bf971f196db25cb2cb3b62f77f0a1299a
SHA256 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30
SHA512 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 ec96a142a7d6fa416030d44700f7101d
SHA1 a748ed979d1aaceb41f5a6260293b640c729f222
SHA256 94061d2c8e7aeaca7168fd3f0fda9fc13c3d6bf18ac8d3d6e48aba34f5dafadc
SHA512 7d87525981ff2fe83797d81409704e04ec8644fba113d83081beae5ef721847948a419793f31ef4a1a646f74585ca8431d4aebb441ae78d19161934b9d3085ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 e1f6e032096b2924e561c3928b9dc73d
SHA1 f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad
SHA256 fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8
SHA512 b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 58e0653b41ac9a6c6b0c9c1130dbc4f5
SHA1 76e2fd8d83ef892b9e1d7b6499d3c2fbc6636197
SHA256 515ab1ab1fd5d82a897f7c0d7401107f83b91ba3e3fea8c47650d570c4f78663
SHA512 3b04b61e42063a6c2483ca94c737220ae52270579e659980e968a794b5c56d8658e2f0166cee09d3bf6787b0ad271f8efe37fcc68501f5125bafd4be3cf49f84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 99f8b19ac0da4452cfb4f322d8d3836a
SHA1 012873e12f96ebaeec7055d454a1f5a073e98a5b
SHA256 2fa6eae1e99833260b4fda946704761b8a70493f8a17b70764cc30da05c939f2
SHA512 22a362ffa2ab98dd59a7a6f9db6d89fb0a8b3331eeaa17148ab42e4dbac00ea34200cc2fb49a17f9388e0ed1eda5b13329e23f0af48fb320002d41e778d2b901

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 0049e2c4454a1b88d7e5232ce501274e
SHA1 562dff86ef5302b31a35f3335b94f2120f83c3ea
SHA256 97977d6df3ba89444d76c5a05e1923ab4722e3c4a9c8d04cca207493fd2e5532
SHA512 34addbbd3ebc57bf1b6c39d876211d8756bc74decc658c8a64d253414b93ebb7b394837ccd7b2fca7772794f114443548f7b98c8a023cab3a286150bc8fe7ec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 8e0f49ff0058ff253f619fbfbf98e1fa
SHA1 c78b6d53070115a4f8857e8da6ff553f7ac4d249
SHA256 124597c56f49af7cffb3ef5af236818517d7f161a0acc7b01ab9ea7c91ffc60a
SHA512 e18e40004505259cc1cce6753d17bd95c4c548484554d5b75183cd7efc52d881516724b2f18854f065b24785ad148bc649ab70264f09285dd9f60b83ee36b718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 edcc07bf89a91fea1ba014a4302cd9bc
SHA1 794c3628a1c20bb4efc3a17d16960485d161e708
SHA256 62b808c58ea83d576c1920ad44ef018591008827c7dd90d5a32a20d8b36ddb0d
SHA512 aa97450ad74f83525fbe34c79af8628f25ef1cfca83c5cac22f806975932420486b063bafdfa1773bbd9894cecab679bbfefa336504f4761d053143625c0294e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 e68c49fd30b218d571e5435773c46d89
SHA1 0107595579b3d17c8cc585b8a3b08ca7ad1814b9
SHA256 d1fc73a52c9ee2f44fe2bb46b0dce37af0a9709bb1c1c2992bf435d3aad7bda6
SHA512 ebf8476180427406119f6760919be8983f1fa322df3982a8fd7d81bd0b26ebc4505048d4e4cc281aafeb5046211c458637f11e8911a8fcd277019ab7e1c9e247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 f1cad4800853bba09a023250de102801
SHA1 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6
SHA256 e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b
SHA512 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 b715a5dd019d1b8771a3031ff85c972b
SHA1 5768744eb85d3137d094458e4b7842c1c5c526cd
SHA256 e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a
SHA512 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc8644ecf608c9540ef9b519d4ddc139
SHA1 641ca31c6270b29cf8fd5d879d30635024bf243e
SHA256 a4000d408336c100aeff4e27a2863804dda1b0d6ebbcbb858f3c6ecbfdfde62b
SHA512 fff7f7cf60ff1eb6450ce95b2b69ed3fe7bc973378ad4e5d2dd6c907e64e4f7759e09961584e42fa2dd4d591c44acac570633771f0bf375d43e9d77055ae370d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5ac28161f771e7d6cdc1e45a66139a32
SHA1 2a125f2cc9fab514887194b313ed5b6a35481844
SHA256 26ef79a7e5c4266fbdcc6900c06d4cb3ac6bf82b8a163e874f10fc9864c3505c
SHA512 430079e68d53d3fc589305ae9f6a3d9b75fca6055e3c69eaece422dab880b0bd9fd498dfd3f25fe0259b94842eeab30257a0a032cfd62999c7576fc2d82d4c72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf836fa0b9d0589d3a845c91e3e7fb6a
SHA1 4a7594cbd0eb178a18611576182d43eb8ed2a3fa
SHA256 bd1cfb12490538523f6c59cd456561ffa7025a3887917c2074fa268fb7a163ad
SHA512 b78eb2bd2af8af8b942abcdd686ce4a2500761897f68393b882fe493af9b1f04a03e890ab2b7d021eed1cb1f61e5f3fbac7967d7bbfed4b847c5c9abec9ee41a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 88aac1bd3a4ff604abf562d362065c69
SHA1 bf49cb6c04f492f3b3d21c330e6b1a81d198cea5
SHA256 74a1f07979541fca361838928ec166ec2db52a7da4efc1acf1660427420445cd
SHA512 7fb5a97da459b76014ecace03aad05d937513660e04fcd3fd700d371f27810b2f61340898f4c8627013b4786936aaaa5bcc556644bacbbf9c18e065b34b70463

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a226b5e3d75800c3c991e01fcad9d70
SHA1 68937844cf932bce0c8408311fb4805198ddb52c
SHA256 99cab38ccfc35fa538effd2ecbf57f0d780ef5ae161aa10ea29c12b11f0749e4
SHA512 b8db1a1e50eafa22cb97071b1ed3a5e0bc6855e0420880e1eb89de71108180b65ec7e9e7fc44f7f035144aeeda58d8faaf5f7ecd84efc6647ca94a9e35fe9803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5454181ebd132f4e6ccc5bbc662fdcc
SHA1 0893f77e8bc53e19fcee44070bec210e31e71e25
SHA256 61151e1cfe5a5c5bea3ec3bbcf90e5da8a7bd01d1105339e5b45af45c732aa98
SHA512 4931370092375357820e998a79719d7bb8684824ba3bc0ed13dfcc3233bc1b160bbe122069dc80611676883fbf5ea6f51fe49efcb6d50d30b34a7b001129192d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4688f877-a981-426e-9507-cb614bb24fd3.tmp

MD5 fe8ff6b2c5654c8fd6c967159e5bbefb
SHA1 b2d938cc88f5571774a0c95c300e69132b25a7df
SHA256 11a4565bb894acd0c436c67ae150a65da8f167b8a934d122c8738de59452c4ab
SHA512 30b648997cec59ecbfa170cd906e76083aff63bf1371b7250e19968415f47626f70305c269c0f45709ea6aaa5f6db29aec16ee5ee1313bf4562d3147ab86d426