Analysis Overview
Threat Level: Known bad
The file https://www.roblgox.com/users/371462006122/profile was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-07 20:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-07 20:51
Reported
2024-12-07 20:53
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
155s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350944739-639801879-157714471-1000\{37AC5BCC-372B-456E-9E74-0B983DCE94DF} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblgox.com/users/371462006122/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce38246f8,0x7ffce3824708,0x7ffce3824718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5920 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,18305583938672380948,16126000087116736298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblgox.com | udp |
| DE | 5.252.33.158:443 | www.roblgox.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| FR | 3.162.38.58:443 | static.rbxcdn.com | tcp |
| FR | 3.162.38.58:443 | static.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.132:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| GB | 2.18.190.80:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | t2.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.20.12.77:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.77:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 77.12.20.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_3908_BFIQXXXLGGZIIYBG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e85f2116e5761da59418625039d46775 |
| SHA1 | f4d9eb7df3e8b5387e7eeee991d24cc199b6b5ca |
| SHA256 | b2ba84c6b0b052ddf5b35c4f05befe183f3191c57d64981412fac3f3835a8e4b |
| SHA512 | 9df777a8ca7179b703d04200c9ca35db27df6340cae9d59da52035c727cb2a81e4d1997c713d69fdfa189313e2b40289d2ec92c0bdefd70846827d78476577f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc665444d120006a8443efdc18f4c360 |
| SHA1 | fe05ecf783ea7ae57be4f03e3d23f2845340f89c |
| SHA256 | 63f76ceceb339707b610a486112746ef0c6c3e15a930d4c1e0cc160a4d026faf |
| SHA512 | ce14f76c7fd7a1ed22d58372e887cb115cc515416625a2c5e9c36485fea25855de749decb5b30716560e9fa2cf2a5bd1ed87414b87a6a23bda20680ea711b02d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49da1d2cd33bfcf3645f740d2b18a095 |
| SHA1 | 8c0597714c4f094840b7b6d503ced3aa5d227864 |
| SHA256 | a1590270ae61244b51b5c676bb5d3fecff226e35944caced949c97a5ca85b97b |
| SHA512 | fb61a2ff6177a94f2320b5c2237284025a4774a4bde418f65bf7f2c97d0ed6f12273f1b7c36da322e7f7bc793eeac4cd26f77f92b30d3ff6aa6a1b0e2bd8ab00 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc2ef82567ef37a5405fdfa5cd59013a |
| SHA1 | b82284ae568dcd950ed73673a4f1b89e76a4ab51 |
| SHA256 | c86dbd03d9451cb7be48de019e0370bd52bdcfd75ae02d4afd278026343522e7 |
| SHA512 | d3a904c41f6f2b7f5f9e7e745447b33a1d3437d55f66e484c858221c191f3dac030caa1636e17c5c045fb305ede83470d9d5cc97b55f6c8d56987690ae74a203 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 8664f2c3996d8611e9f2eae4d01abd28 |
| SHA1 | fda43d5a3a9e020ce95774a79e95c14ecfe8bea0 |
| SHA256 | 339566dbf1826ec0ff77c281615b433cdbafe4325d727b14261c41ace4d19aae |
| SHA512 | 0f7cab0f4aa7c16bb075beaf56aa37758251e10bb20976834a9f43b57dbd6299d3fd41cbd77854215746e409df2dd71ba871a22ff6894ccde9ccafc78b2f0888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee48.TMP
| MD5 | d7129dc6cb988d7ab18826f1288eed53 |
| SHA1 | 009221e4fd07a9f9c483e8c69c50588d2d7008d8 |
| SHA256 | 56ab01b4baafd7f3bf73f53ec84781f962889e603d11330c92f823dffe6dd238 |
| SHA512 | bf1dd982e99c4a507d3311a15612643732eb9c75f6af047011fe4cb953c3717fba73b84bdee7375978a080ffab8ce8d163f9f269e77b6e0758cf7ff067d9b710 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a151652c4b1e66f6d7307cee2484e49b |
| SHA1 | 8d67e888d3a2b6b688c3e3440bb3feb9876e68ec |
| SHA256 | f34031c1ae88a8a3aae14a92b8161cd9bfc560be143185d3372e38f25df2c370 |
| SHA512 | 82f4130e3eaed4f686d18ff863247e5cbb7207d2003190fb8fb6f4cb2f95fef1f1c3f9c0e208dccc33aeab4adf8385f57cfe0933b0c760ee38db3f8ce9784724 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 246569286d8df05227cd265d5f3c5a10 |
| SHA1 | 365b7a1ad2fcb2695670b3fe7ffb7a6691ba21c9 |
| SHA256 | dad2d8e38214ccaf8146355b7f0db9d95b34b450bf94c7462025d8cb324a5957 |
| SHA512 | 8bbf61e65394bc9d9fecd0688084fdc3662d05bec88f64392808b8cbd0255804a79728b06735574a600eeadb39ac37cad30a234ec741a6908b17033f2760c93c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aa81ce337fe0094e522f90d8d31dd354 |
| SHA1 | d808e9d6e9837986a866c83d44adca57ef4163a8 |
| SHA256 | bfe89bf0cf9bd455760549309596f719ca5d21653e3c9c97d93ed129967e4e23 |
| SHA512 | 08da8c504ea1a4fa70db88024edddc73ff56317c78f108c396cd34b80b2ce3f9ee11d18233f7df405508e2687d2487e59819e40db110315ef5124eb959debbbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3a5853480d3e39c26ea651c8a9ccc13 |
| SHA1 | 578aa4079b21834cd2db233c19b8d23bd179543e |
| SHA256 | 71112d135b654226ce37299eae3e1a9b5c291ed62083844b7ce0c800d3c46060 |
| SHA512 | 9c0a750f2f697da4de3a040d8c96302f91e721a48f0bd43ce96e2a4b9e75c44b22a8d27fd3376a747276ed98a604a2e211472e5a4407b64fbb953e8ebe611672 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5f501f705a57be7a69897e355acc937b |
| SHA1 | 04cd5d8a12b9bb6f645d7da09161850026d565f7 |
| SHA256 | 1f37a64989a6e33648ee7d00f4221ba9ca652182e1f87023543845eb952ab0df |
| SHA512 | 00fa103af62778446287617cd604a37b5566e6961f1af1f53a9df9c5bf7002467957cf491adf7761a8629b8443483e5d0f97eccb915053e71e2328f3bb0898e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2e4552bbd416ead14447ef2065914a8 |
| SHA1 | 342b91c5f25c3083262331e9b631623dcf972f47 |
| SHA256 | a5edf56645bf8da1daff492143549ab62f8ebb5d900e3cc7ba5a08202db6012f |
| SHA512 | 58400e2b7d2780eb9bc3f781d987878c59795aed0d15bf913ba1f0393245f27de7659d8a10c5178bafc1dc6a7d47e0a9bfcaa648a14d09dd2b3143dd3b9961da |