Analysis Overview
Threat Level: Known bad
The file https://www.roblgox.com/users/371462006122/profile was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-07 20:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-07 20:54
Reported
2024-12-07 20:57
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{98251E1C-D56F-4977-B5E9-2062132A1FC2} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblgox.com/users/371462006122/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1d5946f8,0x7ffc1d594708,0x7ffc1d594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5296 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,98567389555759011,16412148469378685837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblgox.com | udp |
| DE | 5.252.33.158:443 | www.roblgox.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| GB | 2.19.252.155:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| GB | 2.18.190.72:443 | t2.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | images.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | 4.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| GB | 2.20.12.94:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| FR | 99.86.91.66:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 66.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_4956_FQGECDMWPAADZXDH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75514eb93ab893d834b5f282e6769925 |
| SHA1 | d7785cfb8823cd2cca64a4b167ba1175c03ccf25 |
| SHA256 | 36ddec556ef2d9d7d4b06af3013c0ec5add38317c1155eb4761dc014a5c0c773 |
| SHA512 | 270734ed6eb21d55d6f71c110b71b478c8dfbe538aaf22d5b9e91b3cb97a0735cf195a34d212cc1f7f3953a9182edb69aaa6625dc5a181081f1a3dad50f01e57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d56815eb3d682ff9874a0f227f41de9 |
| SHA1 | 67b7eab58623d2452f3d15afb536f1ff3f40c728 |
| SHA256 | f9176c0c413cef68eb89ce970da8dcb2196348bddb9a1ad38036fd4fdf340acf |
| SHA512 | ec4eb54cdd43191ec0a0de25ee1c649e041eac375a8c3517fc83d207c0f26462213d2f0dffda76eb67241f88620534f5ee12eddfa044cf32d6427e608f7dfce9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 099622ee702d475077cd34c0160fae6b |
| SHA1 | 7d2c4a5bc5ea58151cbc8b05e53e38381be5a7c7 |
| SHA256 | 17f409fa0990a2cee3d5f7969cefee3604fb1e156b26c887542eb60d119f8300 |
| SHA512 | 0a37533d60ded508c47922fa527b0fb476988457644d36014322d85d639a05c28ad953229f2f4e481c2e95048384f36dee7553ae3c89cc2e76812e16c11db8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72b988b6b0027b068a0dac25ee2e66f8 |
| SHA1 | 8ff834d700ad285bdcec2bd025029b4a19716077 |
| SHA256 | 279f2a4a879fb15611e6e01e2c0d8a9e6e7b84ed0a0f033e11bd9ffec6f66564 |
| SHA512 | bdf87e06f32eca5a3a92410c619c22b7220bd53b7fb5e989c42c96df14d23f8de3feda05ab801929991a35edac8fda9ec89c40d3419e8b377469de50e5ec6e2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe26.TMP
| MD5 | 3d895f2a0075ab759332cfa06a22ca0f |
| SHA1 | 47d022e2d132e178847638f773220c35ffe75003 |
| SHA256 | 0adee2f83fec10b69be2f21d6c5bebe7e200a7c81a8253b002bec25409ed023b |
| SHA512 | c13e328d06f41d6cc50b8d253196ed24a7a27e136d096b1ebd8575adc4362b4efbba648a77c8dd8bb0ec3f65dac1cf810576768446779d29cd4cad1c0954fda1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5eed8af2502fb3c1a1750b20652d5dd0 |
| SHA1 | b75da576ecf353ba416cfec57dd0e96e9e4b38c7 |
| SHA256 | 1775416897eb6759ac13454f0cc698a7dd33d935d123292adb33a3a5f97245b3 |
| SHA512 | 4dc7a250ed7452eb3373846b3f2937eba015dee325057e11ffdf54ab66e113312e1f5f25f3465361cbc34e44e6e924f9d1e5c3c2fcc7433573ba2d45aeff15db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 8664f2c3996d8611e9f2eae4d01abd28 |
| SHA1 | fda43d5a3a9e020ce95774a79e95c14ecfe8bea0 |
| SHA256 | 339566dbf1826ec0ff77c281615b433cdbafe4325d727b14261c41ace4d19aae |
| SHA512 | 0f7cab0f4aa7c16bb075beaf56aa37758251e10bb20976834a9f43b57dbd6299d3fd41cbd77854215746e409df2dd71ba871a22ff6894ccde9ccafc78b2f0888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be4655dd89069d3644834a7ce5d80b99 |
| SHA1 | 5d92f525c9a8740deccab7671ded067a391b51c5 |
| SHA256 | 4113981c553b1b403706dda9e7ce666d04df0084e70321963d3e161c20311a1f |
| SHA512 | 910679b5affbdd19f7e6c159fbc23c5b1e47c7048b4814fc0c40bf2f5561b1295998c767e7f0a6c4fa4745bdd719741f1233f6980f00958bb9a58f4f21474253 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 8d90806f43872941b53aafae7b6257ba |
| SHA1 | b96d82a48808a027b07ebeeed7d8b1b1541bc7fd |
| SHA256 | 2d4901efd03b3da3cf7205a2205576d12e4d75e73d951babe1210b9bc8ae3e16 |
| SHA512 | a07c8789733f2fd109962649255854e53f7b62466adbaeb1499e0c00848572f35763f3c68f27dac5b7d27de25ef82a77f2ad7d5a177b11b8d5c352931c8db83d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a728ffe15370f9aa424b0cd24cc37499 |
| SHA1 | 72ea06c83fcb8115d623a6a1c6c8a9a0433daf70 |
| SHA256 | 7d842d9f0248939a33cebfb3f19b598351889cceb954ab323e2e43e3c1576e0e |
| SHA512 | 3d9e488629476a6650e8d877c304b8b109b8b30ab750cdddcc1b177c463824fc7479ff00f04fc570c180cc78b39a54e201f461cae6b5efdd1b23c1db19e8adbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a858e83def2bb53c9dbf3c1849819b3 |
| SHA1 | 050fac6c3e4e57af3cbcb7d556bca3045981f8df |
| SHA256 | aa96e7b1ee5e5e10c3e26eaf62a53aa6fd8da3fb06fda620c02de8f69a3dc146 |
| SHA512 | c8e444a209cf52dc3013612c65f8b4cd37156023e805580e3f2600faee473c41e3c7a208159ad7d70d5664afd8d8ac1cdfbf3892c15b42563f72f6fe917b293f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 02ad96dc118303003e6479fff97a33e1 |
| SHA1 | 4b14de6c63d31ae3aadeb575b22776f30683c5dc |
| SHA256 | 84c8eeceb93f200bcd10899ae52a3721efdb941b5ff1b3e763db3711b927f05a |
| SHA512 | dd4002a86bcb761d9cc92f32292ec761fca2f04a322e49c18d993e464c97a493123cc7b59654506a792f58b7e4785e53681ec444535dba9c8a3c150c475d37b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7cebb402545df6d12bb88b84164170f5 |
| SHA1 | 8c575ae907030348d09ae89d33ccfca58cacb445 |
| SHA256 | 1fab30e4a0f9b4349f3e78410769917cef10a082a73d8ee931b69e1e903d9c0e |
| SHA512 | 3a72ef5deb128b35d37f171085b769f55809a5fec582a600f290e34dbcc479b92f289822957eb8f5f610e0649933226e16355b4250658aff7e0abfa497b89156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dcc921126442bb42878191ba20a7e688 |
| SHA1 | be3d0b5b71c75539563a98e7aff85a2d619f3c3d |
| SHA256 | 8d01a00191ee51f84105c2a00f47e8e5a19dccc2947f4d1c7ccc77314816b63a |
| SHA512 | 6216eb76c4c26afa51b7f3a77f5eceaacccbb89aeb87849880022831214126836c28fac69a795c8f60384256cef291797b1d8a21c7ce152aadb606f7e5c8edfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e27b72785624706535404bd5c4b32313 |
| SHA1 | 9a2920987e96872b9cb67a4e202b5ea493e6146f |
| SHA256 | d97568f7f125d120208f6ea98b2c33b002a533a26c681769031b8beb9e4ac4e3 |
| SHA512 | e5fabef6aec8a094ca2ad7c99be495cd39b7ca6dac47b9e40ada950c44ff50d1f973c22fde3201c13873e98d1ff0c6e29ffdbe623d33821ec6b93070754218e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e74e486ba55294099f0e601466bd636 |
| SHA1 | 9ef84b21734b5583b6df03d587f1d83d2cd8c3e0 |
| SHA256 | def3af770e8b7cf31fd9fb6b697091d6fa04ca53f9dc10e01beed512e878f677 |
| SHA512 | 948fdcbee7a8169004bdff60f1b62f8f199fceb2ee3c00f66e923f42d32ee3fb3d3d486354d529c341d24f216af2152400b13394744fbeba802a184a68b64532 |