Analysis Overview
Threat Level: Known bad
The file https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-13 17:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-13 17:12
Reported
2024-12-13 17:15
Platform
win10v2004-20241007-de
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{9E08EF70-BA52-4707-9AF6-48C5BCC6F9E0} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde52b46f8,0x7ffde52b4708,0x7ffde52b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5396 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=6352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --lang=de --service-sandbox-type=video_capture --mojo-platform-channel-handle=6364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8744892486367119545,8383210293252657251,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5928 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.robiiox.com | udp |
| DE | 5.252.33.158:443 | www.robiiox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| NL | 18.239.83.100:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| GB | 2.18.190.73:443 | images.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.robiiox.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.robiiox.com | udp |
| US | 8.8.8.8:53 | assetgame.robiiox.com | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| NL | 18.239.50.85:443 | arkoselabs.roblox.com | tcp |
| NL | 18.239.50.85:443 | arkoselabs.roblox.com | tcp |
| US | 8.8.8.8:53 | 85.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.robiiox.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_5112_SWZEVDHASRUGSAFT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30c343688e2ab3e295dbb5124fc689ab |
| SHA1 | 48ec04c9a420f7dd69ee37ac7f798feac4ac4d5a |
| SHA256 | a3fa6751376c27692d407575bb13594f728495a11ee39d408d76f0893274662a |
| SHA512 | 9c9fa19f822df6bad43e3d02e830a179356df9851964ac5a7cdb71de526870ca2716e8c6bcfffb60585b7d580150359281d7088b8bc14903df1a3e154d2b085a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ce1bf983e57d6771c927277287fadbc3 |
| SHA1 | f93c83b8408b713f71658d31f0df849651d9ce50 |
| SHA256 | d93a3e028fbd88583f1bf05fb52e65633946d5ad9c7f946e58c47e7973e28261 |
| SHA512 | 79c3b503b91f8f21af4cd4412ef2776c99bd69a10e9d9a9c34c74007837784c433e846ff103c822891c7a18ecd2ea1110013f341b15ad1842d938552da646836 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2aa35163758de7d6f2441417cd905a5f |
| SHA1 | 4af0a3d825b154c2e998e1e9efe20a3f3d60ee82 |
| SHA256 | 65ac25f44dc72516e5ac8eed2b3fb6a9f064eec285992504d346cc0f415b4716 |
| SHA512 | a6ac862beb3ed886631904bccccbaaae93c9fa1af0203bc6c3382962d619029d96a5bc1a39441c9a351f8aa2c0add7a067dbde8bf997e506d3d5c013a0a465bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4507b7b94cc336ff8e8502b2616a3bc4 |
| SHA1 | de10bb0cbbccc77b8621e5df4c0b25f98a5e60af |
| SHA256 | ad089cf720a20ddd3291086ca45a2fe0901dedd78f94c6c47827da5baed259f4 |
| SHA512 | 0b008af59b1570e97049779e6a7c6e8733c10f48dbae813733a3313844459831b85d646613c04e4390311e2e67bc7ebe995b2cc4ee071f748656ef7e99711637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d09e.TMP
| MD5 | a70ea3a8a45d44221feeed2e049d2959 |
| SHA1 | e18c1a69f32ea65f4770d7d01a162ebe433d661c |
| SHA256 | b70ac82ba68cacc594f0fc3cc0044f4f2c4bc37b86d96cf8ca320b5b42c04b5b |
| SHA512 | d6998e246c8a280f0fc7400d2df501272c21c8287ddc5049e5c8d105fcee55a3e1c99a6656b3f55a7ff4eb313b88ce95f26a55c944b0741f7a4d0b27c002a42b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 33dfb70a2a08da705ef6f676e03b4450 |
| SHA1 | b3722c7059e59575c3350755dc4c75fdeb3bde22 |
| SHA256 | 9ef72c97d1de3905de40266e435b9c62b97b73a9c0fb332c7d866dc816478d19 |
| SHA512 | c5fc6b3255c5f1547cd8271153445e546605e0c31e1a48160a45949f7d88cca6b9cdb61d5b7fb9fc334dd21f1912e1e0df44d2cbcd72a7d6651aa0caeb0dce88 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\de-DE\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8db1219f28edeaf8a4903d901888fa19 |
| SHA1 | 1b327845e970660008e915b1dafa500d004b90ad |
| SHA256 | ee539956a9a607331308b2e840383bb52acaec8a254720746dd0f2e6e28961b9 |
| SHA512 | 076ce8d0e6ed4120a5d92dc55af5474ad7a08f5694f1c1203409cb32569ec8e34a8d05c64b933c449c1e656d5fcfebf2d69fc5578c63bd30ee9d05e3c1f406aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a9e906ccf610e6bc882b3640b7c4bc1 |
| SHA1 | f3616c8b82562f710e184251c26f5d2a994ed06c |
| SHA256 | b9944639e9d1de6b66aaf4b54c61919ffaf86098d50285f3f9fb6de6d84f01da |
| SHA512 | 231dc22aa06e620d6446bea62c96d8d620c89a503375895e488dc1907c726d80c2bed41d09b5bc3f5c726d255234742a88ddc5c779ed2cd5fd8a63af862e3826 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d724f4730a92d7909b50722a4fff06c |
| SHA1 | dbd648cc9c140b591bf0029ab870f92a2c3a7e59 |
| SHA256 | 474a8fffcf96c6f43eadb03cfd3d4aee787b599341977abc172fca07ff3ecb57 |
| SHA512 | 25d372e4a0c6f21db6aa340fbe9f26206646e2374c159c685f76bebc8039207094dadb115a89dd52584f642542f89b7c24a6af6db6761da489c75c928d160db5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fec808725490092c21f421c4c9e708e5 |
| SHA1 | 203e8933e4738f3ac8b22679c229deed170fdfdd |
| SHA256 | ccdc0ad9ec0c49c2e8aeb0ea3371ba83e2c8176cfff954339d97e3dadc2f0f75 |
| SHA512 | 846a197bd9142644fb69da79d582a1f9770cc965c6104118662f986ebfef47692994183535495e51f8201a3d394e972a3a8ce53f0538f89e997859ee424c0bbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 735335ea3407dad158dbd108fa155bef |
| SHA1 | 08f7f3429df979d6e341177e2b76abdf0ea277e3 |
| SHA256 | 541b6795204c9062949be0bea20fb3b69397efe359efb70677c6e217271fe9ef |
| SHA512 | 3840cbc2bf63e27cf99b2c239b820b7197ffbc1135ed5ebd118d6adbe976f40e41630be7659ad36431a2bf687e11cfd7e4ddb7c8be1ca4612b80e69e1e222ec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d979ec3dda098eb98f8cbb32495ffc1f |
| SHA1 | 72b7e2b4b45a274e97de2ea2a4c2e44c86298b27 |
| SHA256 | 2630be62ec240b06aab6020280ebab9103c76a264bce660e97193fd39bebaec4 |
| SHA512 | 95db5648ad2e31ee8a565c9a862b0f8f83f1351a4e489cff431de582bdd845081eeaca4921b34f95f14f19aaaf7eb013747daa1d431859059daee77dd3a248db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ffd254c58fc358ceb71334bf4e2298c |
| SHA1 | 9df753d26b4c287fa349ed42872d04b2caf05f9a |
| SHA256 | f209a51d576272440b7368ca6df7d3a1b577543b4d877a19f88e30053a1ec3ec |
| SHA512 | 3469aceeeedc073c41acb33cdbe73ac1cf5fae4da46fb857fe2e2c146b0f8386b8f08e212899fc788bbfeebaa1439c9d1003cc4aa8ac1259c2d129a339f37fca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 47577cc424be5f5e74011fedf295fa45 |
| SHA1 | a21f8bc9cb6fa31bd7f57a6c1c81f39bd1052556 |
| SHA256 | 4e41c21b72cf434e1605937431e63cb6baa698c7748fb10bcf231f7315d3a17d |
| SHA512 | 11a169a33c0f6e2c9e5592a7ab8664e7362511581ef79f2ce5cd1752cfeb8a07238921e671c68c6dedfa71e85c796c91d378f3056c312967146a9e2fff9b202a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 64cb8338170d0a1c67fa8a069443e23e |
| SHA1 | 50cff91ba377eb05de2f33bf36a187ecf1cec762 |
| SHA256 | d77f995d06671a0eabfae7493e4fdca541a85d789794c109125394c53838236c |
| SHA512 | c689216e4de915cfb9c1806085c06b28e7629b13c897dbe690a4a13e69e6153c4c29bbb98ab16b876aa9955d268c52dc4793a67b6a8756fca5748402a24f765c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c89c612637f801b32ef6204ca6738970 |
| SHA1 | 12ced4f4df88c84b78f07ad3886dbe390c6f9667 |
| SHA256 | bcad46d8a7b25824394c370f117a414aa340f96fd0225f6d6a15c1e9a58c642f |
| SHA512 | 8c2af0367ed6bbb748770114329eda37173fe39d52610a718563181ad7e58179b3281219f1125aa40df612b12c44b187cbbb8601fc0cc37f46d511030b70b9cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a904e326f7f5ef22127acd37b9596255 |
| SHA1 | da9416963fedf1fa2b951a6713de8085a2227b80 |
| SHA256 | 22f97b226c5d7661be6924aca2852c00fe5002ab80e65b2b2e68250abe10331f |
| SHA512 | b17c621cc2a43f2e2d790dc52b58894db1829d87cad94725e62172ab33f9371d8d9af2696a676763e18020e97c6ac1d910c7fb9593916894e2394946982337e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 516ccea171073b91b7c9df73ef971965 |
| SHA1 | 42f9329bff7cf2090e7ece0aa0bd2201da7b3cc0 |
| SHA256 | 6a7e843ce0f504c03e23a73dbd644af6d14ed9f94f332f5e7fd097d8f5a0b501 |
| SHA512 | 824ed4f4e10f2e71358cdff02cce6f695679de923892416dcd359905912f03a2e307bc89b6e98dc7c1c82ed8bf189c5eea749eca7079735294b576abe0486982 |