Malware Analysis Report

2025-01-18 23:01

Sample ID 241210-y64qrsxmct
Target https://www.r.oblox.com.kg/users/322389417039/profile
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.r.oblox.com.kg/users/322389417039/profile was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 20:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 20:24

Reported

2024-12-10 20:26

Platform

win10v2004-20241007-en

Max time kernel

78s

Max time network

84s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.r.oblox.com.kg/users/322389417039/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4800 wrote to memory of 3748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 2096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4800 wrote to memory of 3108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.r.oblox.com.kg/users/322389417039/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff877f846f8,0x7ff877f84708,0x7ff877f84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8414509886189134999,2049724653114383708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 www.r.oblox.com.kg udp
DE 5.252.33.158:443 www.r.oblox.com.kg tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 158.33.252.5.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 inju.cc udp
DE 18.66.112.18:443 css.rbxcdn.com tcp
DE 18.66.112.18:443 css.rbxcdn.com tcp
DE 18.66.112.18:443 css.rbxcdn.com tcp
DE 18.66.112.18:443 css.rbxcdn.com tcp
DE 18.66.112.18:443 css.rbxcdn.com tcp
DE 18.66.112.18:443 css.rbxcdn.com tcp
GB 2.18.190.70:443 static.rbxcdn.com tcp
GB 2.18.190.70:443 static.rbxcdn.com tcp
DE 5.252.33.158:443 inju.cc tcp
GB 2.19.252.132:443 js.rbxcdn.com tcp
GB 2.19.252.132:443 js.rbxcdn.com tcp
GB 2.19.252.132:443 js.rbxcdn.com tcp
GB 2.19.252.132:443 js.rbxcdn.com tcp
GB 2.19.252.132:443 js.rbxcdn.com tcp
GB 2.19.252.132:443 js.rbxcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
DE 18.66.147.28:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 70.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 132.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 18.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 28.147.66.18.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
DE 18.66.112.18:443 css.rbxcdn.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 t4.rbxcdn.com udp
US 8.8.8.8:53 t3.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 ecsv2.roblox.com udp
DE 5.252.33.158:443 inju.cc tcp
US 8.8.8.8:53 117.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.20.12.94:443 tr.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
DE 13.35.58.126:443 t4.rbxcdn.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 ncs.roblox.com udp
GB 128.116.119.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 94.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 126.58.35.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
DE 18.245.60.52:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 52.60.245.18.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_4800_VENLZMFJWBDSKIGA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c788c7b517939d0c4af948aca6ea7f42
SHA1 67b0dd314d1d6dba9096fdfa0a8560edf059a075
SHA256 4dc8983e62cba3f4c2ed4452c43497085ed4464cef60880bdceb20665bb510d8
SHA512 ffff808df49a5417b039012add5fb367e4573956070e75bf2c558f7a01f5b9c4d7b4377bf252fe0a965f57088b74a44351814fabcf19bfb9814cf83ff672f6ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dd3486f1d6d21fba7ff7400c72c7d58b
SHA1 7fde5a00f0b6e9ae7f4ef09de207ec1d0e234404
SHA256 4fabcccab71e7e3c1364d4221997e7e9427b27a6b622a1436328bedcc6e3c374
SHA512 f641fe762fe59cbad9cfc50020671188e242b912ce2bbc59145b806c0334e224cb3c0edd7823954950d06017ed56f8669fd34a394e7213a1bb7e403f33c2ae26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dfffe551-d553-4791-a6c4-c9861a6356fa.tmp

MD5 08060db616e7433dfdab468abf70490b
SHA1 e22310b5d3a9918947d3afcb168c1a16b4ee9160
SHA256 308c9c02e7a838d88648700b2210212e96aefaacc70fa1de565ab085484dd367
SHA512 2fe5276bce9fed8c46b2c2dcb2b0c69c419cd4bcf4dcb34256956cac2620f1bec05b55e4974d932dba718de193fae0a14d3bc6f818c49196919d9f2177c8bd88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb5e.TMP

MD5 beb639cf94c949b37cd0c64f6825e630
SHA1 88422c7e2b05323d6a3bd6fedc4953bf815ecc2d
SHA256 b00d1e26281a570f98f320906ee453fb71160fadb6a07419cd6eb3474a4511ba
SHA512 838a1f875501217ef5c0edf95d6c065e5266eb6d03805aee69bc1871317f60c506806fe8c826a2ba14278d92d6e2b9e09593e3f9db413422c13150454153f263

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8c4d7afad3ab21a85a518326e75b1ca
SHA1 e7449096ef762d08579d9b5f2a7274ca0b04113e
SHA256 d72fc4832a107503bb44b674734a95a623768ab4969c884ebd47f92dbd5906c8
SHA512 d4f54d95589af9e876e6bb9c5f16317798a0ddb4dd5dc099b9efe739534293027574124659aa36cca1186c21cdedcd61f0dbdfabdc3bfadcc2b6b9ebfe92b8e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 259834d276ff9c298e14542e8e8a2cb9
SHA1 4dd3fac34e322b80c6169f9bbcd350b5a8871e2c
SHA256 a0e731ebd2e054ed7761483ace223a0cbf89b07a330479ff49763e14cf03f196
SHA512 422b486c15b05f4021b931a946113a2c214640e89e6a4a06f48d813085142eebbe62e053c548c50b5066ae95859f987d3d755f82842ebfc17aacf37c8202ddb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 28d6deba0823880f8331bd4695469645
SHA1 a9fb38e13eddaed233b777f4db8efb4762c215a2
SHA256 2897ce935bf259f030e1c67dc25840da8793d4b58bc5fc8d5450525490d62590
SHA512 05261445ce6c11d1cf49716c0a2c6c2abbc930af4b7c817d36afa7819446f7e40f740a31b8e9734a5f68a0b140f2424db8779f27bae349a429002bdb30c79e7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 e4b0d20f483b4c24ecffd4678479e3ae
SHA1 f0f3175f2c92922d123eac1e3a4c5bc8f6091b49
SHA256 ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a
SHA512 54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 700db95cfa2fcac3be6b694fecd627cf
SHA1 a2a1223671a8bb5c88f330a481587235930a4ced
SHA256 2914ec7a29ee658022d985263799842db3916cec965a0ef2829be1957d33e482
SHA512 b6b096bc026b0a8ed3c796c4ed3a6fb73995065ad6a7013bba8b61426ff1fd69c275cb96de6fad0ed26175ebefd5f7d220538403c4c6b13e5d06c0e65d1991c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 0184869286788eacac1ba69396519d49
SHA1 0c5f414d628c549f94ad3a74b0afcb60e5dbedd1
SHA256 f696dbf8cecfefca50ea3fa5cf29f5ba98c37e723bbcd5c6381269e08be54e0f
SHA512 b6bb6bec302cb11e978fb40be6ed3ad6ec18afbf3bc4e81aa5aa078c841bc323542b7a4c83037c7eeef8245c29e27d0143528f071d33acf5346ccef4fd5f38df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 7fd069146ea79b16633bc8b45f90482a
SHA1 98dfafac54f6f5db51e3baea698208833ed1b642
SHA256 a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7
SHA512 c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 86fe63fc0e7a1438f6e28c33fe5064dc
SHA1 8e2536f901bdf219649c2ef9fd4915b2778a877b
SHA256 d70dec47837e50799c46d9b8925767d32f65adda04ec015be6af92bd4caffec4
SHA512 99f6f8abf56e3b620dfb9e961a71897c050e7f6b3d3b20801e5b7209a6f0afde2de637f26e4baf5d869aab99e99f1b872b19017954155fba0340f8ec771bb03a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 6915ed0a3c7d14bcb1ebd9b02cc179c0
SHA1 391c45e87cbeabbfa660d126b8b357ce3e88821b
SHA256 0d0df9558a11e84ec622a0d8a5914c0e5af6e2048e9fd3d827c6fc0bbede7450
SHA512 8badf6729803b5be4f8ca63b773c26e5eb44befa3cd78705381fc9079ae3e07d18a19efb04a80c8e34197ae1c4aad02828375618a14da866b6bd680759b4bbbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 6fd1421c547715cb7b78ca67104bfb78
SHA1 cc7f1d6761d9c7256745ef7586ad53e3183f0e2f
SHA256 57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d
SHA512 f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 15a2f0d9497bdefec193f1951b076696
SHA1 b673c0729fa90d589261edd38bcaa74439297cdf
SHA256 aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b
SHA512 36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 e1f6e032096b2924e561c3928b9dc73d
SHA1 f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad
SHA256 fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8
SHA512 b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 d4b76b742347035e0313d5a517938642
SHA1 a96b03de782f4135e6989b935022e1849c1f49ba
SHA256 ca877e4461a5d3d6e0878bbd7f0e8673979acb15bbf59d5c27096b78b4490e3e
SHA512 c6de439bcb529b86633b6d3df41c2376d44cacb491584ce4be72259dd9d742940b01ab45343794b72111a0d48241d24520b90d850c6bb341cc184c9ed88c7e98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 cc7ad65e0558327d8fbe8ade40ab94e8
SHA1 6c153e9bf971f196db25cb2cb3b62f77f0a1299a
SHA256 956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30
SHA512 0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 f550dad3dbfb045a5d3b91aaeca0b384
SHA1 ae0700d295166c471d2e3640134d7bcfb183bbcb
SHA256 a2d804e54d655a53053419498366fcc7e4a9e485fcc872795b22b31c6b889720
SHA512 1eeab46bbd2eaadd75ba18fa3d74f9ba0555082588e7dfca77425adf6716d9553b669250af5cb2948cd4d4a5a4453866834f018709941da5aa67214c0f6b8b95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 2115b6b1b215c8ad565149054dec8b80
SHA1 36efbccc554f9a8ab99ce47c469bd2632f5fed97
SHA256 b6c3af46c0937a5536e6042de7a2f73d0a467b540e8c2f822e7d951d0707883b
SHA512 93b6416ea3ece70ec93e747f85b1548d425aa9dc92c4b6053b69e7e472f6a637a5bfd9ba3e30d33b21469e09c75754d1709789fe607ec84e417fedd5ee9163ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 31923cbaa38a167d83e542d092988cf0
SHA1 cad1e5fc907a16565ad809ae155a1510598a322d
SHA256 9cb8398ca06946845efba82e74b30ee29c2ceeb34877ff67186e01e41611e270
SHA512 4706e5cd2ec2ca6c3946035ad54fc99cd3f9c62cefc09d79bb180116fe89fef6686873739624d57c5b0a1ee6f0ffb0f4cd6c746fe92fb9dfab7d6fb8802a2862

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 2f4c4483d3f4a087d5a26b0180688607
SHA1 6f616df9d2f7feb4d7ae7e623265318f5f44aabc
SHA256 d65eb75c2f3cb2b808687bb9667615029ba71a52d6261cc922a239a7df8a8d28
SHA512 25ee93d819b12b7e8c8649a115b40fe7c70afe0884c51868db9223458f13fcd22acd46406d7a023f950862b41593957d2a435e120db0e4b81d6baedcbdfa6bec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 4ced8626f9780b9a5e6d9a3a6b0bf879
SHA1 0f5748bf6f834ebff891ff1991a6a4bce2d856b3
SHA256 bca48aa06fd698b8be08eebf2ce6b4c70f0297bb7197588e7cd8613a0a56bfc3
SHA512 6311b907dba1cb1432a790a96fb806de7adeb467426bcc6fda494ddf74f407f0cec7d209e86e34e99dc83e6cd69f0cc59bd52661ce470f99358d685e804e9956

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 5fa54cc7bd54a3730775a199fc221e42
SHA1 09ac79d5156344ef5f6e533b4a23d05ec434eb83
SHA256 67527b8f186d6633fff48843dc2e9bd75bb07f227f7d0d940f7c996b0a3c256f
SHA512 81e4e73ab35cd1eddb5a777849d74ecf368b8850a3299430f22df30d653760be17d7503d6c89284da3ec20daa50fd363b80ffe2475f78950a404dbf4d320cd14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 efd99f6b50b61e6bc88ab81db271f5dc
SHA1 13a91d8c6aae48306779d950cd3da773bac54a04
SHA256 3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9
SHA512 3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 cf32003b2a71b7f09b15e9ad77a42d40
SHA1 dd13a04a430ae36e5947a503abf60c24f17d31a1
SHA256 9442cba9804cbfce11010881cda395e6df369f778358e50536bc183c926370d7
SHA512 6007af3fe5be0f250b877d18351510f82fe40458033c7342e26aa4ab8fa75f728881b2b872e1bf1a6aca7810151523bb53bf9609f87d414390b45c32c0e66542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 f1cad4800853bba09a023250de102801
SHA1 76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6
SHA256 e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b
SHA512 4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 b715a5dd019d1b8771a3031ff85c972b
SHA1 5768744eb85d3137d094458e4b7842c1c5c526cd
SHA256 e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a
SHA512 22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90a60dcaa6dfc56895963fc7b5e4f2cd
SHA1 49a70895833201bcc62678285c2713d18042341f
SHA256 9fedef2b72b7d24af64ab2808e16a2f542c4fee55eaa92da867feab1670f4f98
SHA512 a909c0151c878e803305cd24fb7b7d60a8be130d8bf55024473808715e2a326a6b8ae1c57c70251c02af7543a2ae66a5d1be6ff0d79f45e993f420275d2ddff3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a8fc36e9262bc23f459c08359aaefea3
SHA1 8edcecaed01a52a0ad8479947f7d1241b6fd76d1
SHA256 31fa20c62eb72ec7964a66aeb628ecc686b37ce1a5e3b8fef149340c5b77e143
SHA512 5b1fe8913a5aa1345d3f1dd91d504aaa572955d038f84125aa31efdd7fba6017a2ec848f8655adc433e34caf70aa79df85ec066026350a828e95412a53a3e88d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 df304fad7fc358ea8521843d06d9ed80
SHA1 1efa78068abde7e9924362b4a918de96a4066389
SHA256 365be0ed01ff12ab786f857861ccd5f38de468f80cfa42b4f1b940a8382bc23b
SHA512 0cafdf336f10ccddddf90f2008e6f4185b6b37653b7945928bd20e2149a870a6397f0e676710b8608bb1d51a3a86f95619a3596f0ac8f1f1d60c20f33faf2648

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5cd930f9be1b822931aa9694e1c024c2
SHA1 1f657ebe00b4c22493bc636b8e68ad7bd37b88d3
SHA256 6e3480d0dace390b0847a8164788858c44cb4765aa621ae5ecabd98a708a0bb0
SHA512 e0aa4b42e492555583cd1143286f31ba618fb72322d9c6fdf4b5223d0eabd2fb79de3470e0a8ed32072678a7cd90e1403606a6eb664e4c99843125e40d22c81e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c83771b11aee3520337eaab25b4c295
SHA1 2a6b05b27e04f27442b1f8082e749e3da9526683
SHA256 d6c0df839b9834852ed21233bbc7b0fb34d3a8bdfe35ddd77fffb69d86b71b92
SHA512 bf974decbc1f1885081ae84d8c17d2e1e6853eb300516b7401c4e74b2b3070c903bd48a8efe1af5c48bb57d4d472acf6daf557de7fd2b5807d209c768d7fd39a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3d58965f4d9cf7a79109161e3f61ad0f
SHA1 5c7ec78e29cc36d79411d6ae60c239a51fbfac62
SHA256 52c2a4ba0ee80cf60f4aa45fc6fc4f727d1f371bc68aaff1ae48f2179cd6a835
SHA512 44b01e2441cdba24f218bc9d95b6bc5aaea00751a642aac0dc5558b4b5ee5783d82cc96c4ee10722c5eb4b28417fe6b5fecbffe2c71446841e213067191ad438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ac639bf9051290f38942579ea2440af
SHA1 2c2e3bd9cde6184d126ab97ee02d4091e2d9f0c4
SHA256 a47bef0d3e38cfbd3f3ecf9926c58c41c1a2ea95ef03bbd75672219a20249f0c
SHA512 dda771d3ba11ccd7597639fe2acde345e8e0ea6da2f1cf9e104ee29965d46f6740a5cf3abcc55ae1229f372d3ee9eeadfa3ab578766ed3ff8ac60aa260260f4d