Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    13-12-2024 17:12

General

  • Target

    https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde52b46f8,0x7ffde52b4708,0x7ffde52b4718
      2⤵
        PID:5048
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
        2⤵
          PID:4640
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2436
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:1464
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
            2⤵
              PID:2088
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:448
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                2⤵
                  PID:3832
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2344
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                  2⤵
                    PID:4964
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                    2⤵
                      PID:4452
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                      2⤵
                        PID:4028
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
                        2⤵
                          PID:1188
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1212 /prefetch:1
                          2⤵
                            PID:3664
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5396 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2688
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=6352 /prefetch:8
                            2⤵
                              PID:1752
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=video_capture --mojo-platform-channel-handle=6364 /prefetch:8
                              2⤵
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4940
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5928 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3748
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:392
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:560
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2932

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  dc058ebc0f8181946a312f0be99ed79c

                                  SHA1

                                  0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

                                  SHA256

                                  378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

                                  SHA512

                                  36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  a0486d6f8406d852dd805b66ff467692

                                  SHA1

                                  77ba1f63142e86b21c951b808f4bc5d8ed89b571

                                  SHA256

                                  c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

                                  SHA512

                                  065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                  Filesize

                                  50KB

                                  MD5

                                  47577cc424be5f5e74011fedf295fa45

                                  SHA1

                                  a21f8bc9cb6fa31bd7f57a6c1c81f39bd1052556

                                  SHA256

                                  4e41c21b72cf434e1605937431e63cb6baa698c7748fb10bcf231f7315d3a17d

                                  SHA512

                                  11a169a33c0f6e2c9e5592a7ab8664e7362511581ef79f2ce5cd1752cfeb8a07238921e671c68c6dedfa71e85c796c91d378f3056c312967146a9e2fff9b202a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  2KB

                                  MD5

                                  1ffd254c58fc358ceb71334bf4e2298c

                                  SHA1

                                  9df753d26b4c287fa349ed42872d04b2caf05f9a

                                  SHA256

                                  f209a51d576272440b7368ca6df7d3a1b577543b4d877a19f88e30053a1ec3ec

                                  SHA512

                                  3469aceeeedc073c41acb33cdbe73ac1cf5fae4da46fb857fe2e2c146b0f8386b8f08e212899fc788bbfeebaa1439c9d1003cc4aa8ac1259c2d129a339f37fca

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  2KB

                                  MD5

                                  516ccea171073b91b7c9df73ef971965

                                  SHA1

                                  42f9329bff7cf2090e7ece0aa0bd2201da7b3cc0

                                  SHA256

                                  6a7e843ce0f504c03e23a73dbd644af6d14ed9f94f332f5e7fd097d8f5a0b501

                                  SHA512

                                  824ed4f4e10f2e71358cdff02cce6f695679de923892416dcd359905912f03a2e307bc89b6e98dc7c1c82ed8bf189c5eea749eca7079735294b576abe0486982

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  1KB

                                  MD5

                                  33dfb70a2a08da705ef6f676e03b4450

                                  SHA1

                                  b3722c7059e59575c3350755dc4c75fdeb3bde22

                                  SHA256

                                  9ef72c97d1de3905de40266e435b9c62b97b73a9c0fb332c7d866dc816478d19

                                  SHA512

                                  c5fc6b3255c5f1547cd8271153445e546605e0c31e1a48160a45949f7d88cca6b9cdb61d5b7fb9fc334dd21f1912e1e0df44d2cbcd72a7d6651aa0caeb0dce88

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  757B

                                  MD5

                                  735335ea3407dad158dbd108fa155bef

                                  SHA1

                                  08f7f3429df979d6e341177e2b76abdf0ea277e3

                                  SHA256

                                  541b6795204c9062949be0bea20fb3b69397efe359efb70677c6e217271fe9ef

                                  SHA512

                                  3840cbc2bf63e27cf99b2c239b820b7197ffbc1135ed5ebd118d6adbe976f40e41630be7659ad36431a2bf687e11cfd7e4ddb7c8be1ca4612b80e69e1e222ec6

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  5d724f4730a92d7909b50722a4fff06c

                                  SHA1

                                  dbd648cc9c140b591bf0029ab870f92a2c3a7e59

                                  SHA256

                                  474a8fffcf96c6f43eadb03cfd3d4aee787b599341977abc172fca07ff3ecb57

                                  SHA512

                                  25d372e4a0c6f21db6aa340fbe9f26206646e2374c159c685f76bebc8039207094dadb115a89dd52584f642542f89b7c24a6af6db6761da489c75c928d160db5

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  2aa35163758de7d6f2441417cd905a5f

                                  SHA1

                                  4af0a3d825b154c2e998e1e9efe20a3f3d60ee82

                                  SHA256

                                  65ac25f44dc72516e5ac8eed2b3fb6a9f064eec285992504d346cc0f415b4716

                                  SHA512

                                  a6ac862beb3ed886631904bccccbaaae93c9fa1af0203bc6c3382962d619029d96a5bc1a39441c9a351f8aa2c0add7a067dbde8bf997e506d3d5c013a0a465bb

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  30c343688e2ab3e295dbb5124fc689ab

                                  SHA1

                                  48ec04c9a420f7dd69ee37ac7f798feac4ac4d5a

                                  SHA256

                                  a3fa6751376c27692d407575bb13594f728495a11ee39d408d76f0893274662a

                                  SHA512

                                  9c9fa19f822df6bad43e3d02e830a179356df9851964ac5a7cdb71de526870ca2716e8c6bcfffb60585b7d580150359281d7088b8bc14903df1a3e154d2b085a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  873B

                                  MD5

                                  c89c612637f801b32ef6204ca6738970

                                  SHA1

                                  12ced4f4df88c84b78f07ad3886dbe390c6f9667

                                  SHA256

                                  bcad46d8a7b25824394c370f117a414aa340f96fd0225f6d6a15c1e9a58c642f

                                  SHA512

                                  8c2af0367ed6bbb748770114329eda37173fe39d52610a718563181ad7e58179b3281219f1125aa40df612b12c44b187cbbb8601fc0cc37f46d511030b70b9cd

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  708B

                                  MD5

                                  fec808725490092c21f421c4c9e708e5

                                  SHA1

                                  203e8933e4738f3ac8b22679c229deed170fdfdd

                                  SHA256

                                  ccdc0ad9ec0c49c2e8aeb0ea3371ba83e2c8176cfff954339d97e3dadc2f0f75

                                  SHA512

                                  846a197bd9142644fb69da79d582a1f9770cc965c6104118662f986ebfef47692994183535495e51f8201a3d394e972a3a8ce53f0538f89e997859ee424c0bbf

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  708B

                                  MD5

                                  d979ec3dda098eb98f8cbb32495ffc1f

                                  SHA1

                                  72b7e2b4b45a274e97de2ea2a4c2e44c86298b27

                                  SHA256

                                  2630be62ec240b06aab6020280ebab9103c76a264bce660e97193fd39bebaec4

                                  SHA512

                                  95db5648ad2e31ee8a565c9a862b0f8f83f1351a4e489cff431de582bdd845081eeaca4921b34f95f14f19aaaf7eb013747daa1d431859059daee77dd3a248db

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  708B

                                  MD5

                                  64cb8338170d0a1c67fa8a069443e23e

                                  SHA1

                                  50cff91ba377eb05de2f33bf36a187ecf1cec762

                                  SHA256

                                  d77f995d06671a0eabfae7493e4fdca541a85d789794c109125394c53838236c

                                  SHA512

                                  c689216e4de915cfb9c1806085c06b28e7629b13c897dbe690a4a13e69e6153c4c29bbb98ab16b876aa9955d268c52dc4793a67b6a8756fca5748402a24f765c

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  871B

                                  MD5

                                  a904e326f7f5ef22127acd37b9596255

                                  SHA1

                                  da9416963fedf1fa2b951a6713de8085a2227b80

                                  SHA256

                                  22f97b226c5d7661be6924aca2852c00fe5002ab80e65b2b2e68250abe10331f

                                  SHA512

                                  b17c621cc2a43f2e2d790dc52b58894db1829d87cad94725e62172ab33f9371d8d9af2696a676763e18020e97c6ac1d910c7fb9593916894e2394946982337e9

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  708B

                                  MD5

                                  4507b7b94cc336ff8e8502b2616a3bc4

                                  SHA1

                                  de10bb0cbbccc77b8621e5df4c0b25f98a5e60af

                                  SHA256

                                  ad089cf720a20ddd3291086ca45a2fe0901dedd78f94c6c47827da5baed259f4

                                  SHA512

                                  0b008af59b1570e97049779e6a7c6e8733c10f48dbae813733a3313844459831b85d646613c04e4390311e2e67bc7ebe995b2cc4ee071f748656ef7e99711637

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  708B

                                  MD5

                                  8db1219f28edeaf8a4903d901888fa19

                                  SHA1

                                  1b327845e970660008e915b1dafa500d004b90ad

                                  SHA256

                                  ee539956a9a607331308b2e840383bb52acaec8a254720746dd0f2e6e28961b9

                                  SHA512

                                  076ce8d0e6ed4120a5d92dc55af5474ad7a08f5694f1c1203409cb32569ec8e34a8d05c64b933c449c1e656d5fcfebf2d69fc5578c63bd30ee9d05e3c1f406aa

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  708B

                                  MD5

                                  7a9e906ccf610e6bc882b3640b7c4bc1

                                  SHA1

                                  f3616c8b82562f710e184251c26f5d2a994ed06c

                                  SHA256

                                  b9944639e9d1de6b66aaf4b54c61919ffaf86098d50285f3f9fb6de6d84f01da

                                  SHA512

                                  231dc22aa06e620d6446bea62c96d8d620c89a503375895e488dc1907c726d80c2bed41d09b5bc3f5c726d255234742a88ddc5c779ed2cd5fd8a63af862e3826

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d09e.TMP

                                  Filesize

                                  708B

                                  MD5

                                  a70ea3a8a45d44221feeed2e049d2959

                                  SHA1

                                  e18c1a69f32ea65f4770d7d01a162ebe433d661c

                                  SHA256

                                  b70ac82ba68cacc594f0fc3cc0044f4f2c4bc37b86d96cf8ca320b5b42c04b5b

                                  SHA512

                                  d6998e246c8a280f0fc7400d2df501272c21c8287ddc5049e5c8d105fcee55a3e1c99a6656b3f55a7ff4eb313b88ce95f26a55c944b0741f7a4d0b27c002a42b

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  ce1bf983e57d6771c927277287fadbc3

                                  SHA1

                                  f93c83b8408b713f71658d31f0df849651d9ce50

                                  SHA256

                                  d93a3e028fbd88583f1bf05fb52e65633946d5ad9c7f946e58c47e7973e28261

                                  SHA512

                                  79c3b503b91f8f21af4cd4412ef2776c99bd69a10e9d9a9c34c74007837784c433e846ff103c822891c7a18ecd2ea1110013f341b15ad1842d938552da646836

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\de-DE\default.dic

                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84