Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-12-2024 17:20

General

  • Target

    https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4160
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92e0746f8,0x7ff92e074708,0x7ff92e074718
      2⤵
        PID:4936
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        2⤵
          PID:1820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3884
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
          2⤵
            PID:4456
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:968
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:1348
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
                2⤵
                  PID:2552
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4728
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                  2⤵
                    PID:4200
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                    2⤵
                      PID:1516
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                      2⤵
                        PID:1244
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
                        2⤵
                          PID:4624
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                          2⤵
                            PID:384
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
                            2⤵
                              PID:2900
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3524 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4876
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3088 /prefetch:8
                              2⤵
                                PID:3008
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3472 /prefetch:8
                                2⤵
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1796
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,11282961901835962095,10262278896047440689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3456 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1708
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3416
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:560
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2020

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    bffcefacce25cd03f3d5c9446ddb903d

                                    SHA1

                                    8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                    SHA256

                                    23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                    SHA512

                                    761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    d22073dea53e79d9b824f27ac5e9813e

                                    SHA1

                                    6d8a7281241248431a1571e6ddc55798b01fa961

                                    SHA256

                                    86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                    SHA512

                                    97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15db0db3-25ac-49f9-8184-9108c1076463.tmp

                                    Filesize

                                    5KB

                                    MD5

                                    2ebc373cccc656adf239d2fddbe17902

                                    SHA1

                                    174746ad40fc9b4566529c21967ac6f934dc0f31

                                    SHA256

                                    788684af26bcd0d22a9dda001da0e397a68595ab4032034a07c68d0e30938e46

                                    SHA512

                                    ec2db2ad43803bfa02c8127ec95da2898e241bc78bebee7010da06c0f437fe99e21c9df4501885fd2e4063d531af1a7544f3696947a224d15101205e4a6f42dc

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                    Filesize

                                    103KB

                                    MD5

                                    8dff9fa1c024d95a15d60ab639395548

                                    SHA1

                                    9a2eb2a8704f481004cfc0e16885a70036d846d0

                                    SHA256

                                    bf97efc6d7605f65d682f61770fbce0a8bd66b68dac2fb084ec5ce28907fbbdb

                                    SHA512

                                    23dd9110887b1a9bbdbcc3ae58a9fe0b97b899ad55d9f517ff2386ea7aac481a718be54e6350f8ba29b391cc7b69808c7a7f18931758acce9fbf13b59cee3811

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    4KB

                                    MD5

                                    2fd9089cad41f98e4b44bf9ba3775e8d

                                    SHA1

                                    c43910050811693adb1bc3e23c204709a910c289

                                    SHA256

                                    f2168a6385625dd86be7161dcb1490d595793271f98d2dfbe45841a87128e4ce

                                    SHA512

                                    0f423859bf9857ce0d33e2e60fdba3a969de15eeddf1425ca032134792057f55b96059cd359c1b57ac4356c482d26897ad8a26acd2dde94df4038bfcd4279d6d

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    5KB

                                    MD5

                                    d694586595b64dd9949c3d9c84680a08

                                    SHA1

                                    43b6657330b746eac892123626989c02ab95ac5d

                                    SHA256

                                    c0c42d1dd6b0519eea9534a85dbc79c2e2a98b17db238cff8afa7012f75248da

                                    SHA512

                                    14df089fcc91226272a7d2b02addc935f3379cb401a59a809d700c0d4aa7a5dd6ab9e1bf875eaf19a32fedf3297468908b4c7cf47b34e95ee2a014842b43ecc8

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    1KB

                                    MD5

                                    9a0eaafca983f63d11a4d7e89e7331b2

                                    SHA1

                                    2f64e54c7f0f0140c0d1f2805e2886ba5d7dd708

                                    SHA256

                                    9a1d516a1933d89f5b55c10e3c3c36d21ecfa601c3b45919b28dd2c2ebc30fe3

                                    SHA512

                                    b2bac05bc56bd397821fc559bfd99bf015061d8061d9a0316a618f966c28838843f029b99fef87ec37c1cc65e67ca11c434bd8d73ff2e716ff93841a30b43125

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    907B

                                    MD5

                                    a973ec7444eb77d1aef3f9676e2d6d5a

                                    SHA1

                                    6b44d3be4b0b6b27f5a2625441e66f18b446f681

                                    SHA256

                                    c08748f4ab385e25fdec0550d0c38ebc9f4374c0a873641e6ee1d9817007ea9a

                                    SHA512

                                    6402f1f27c5332e451ec8c90a170e03b55d5247525da2b40e692528d1ecf635fc9e916177dd767968953e0b28d5d9b8b39f549307ab9a05f82c77fe73dd894d5

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    d096964a2e47ba8f7f645d3fa3d02de0

                                    SHA1

                                    612004d4a10ddf55f20983a6d912e01ac990f02a

                                    SHA256

                                    8aa55726e31e721e8a131475a0d418e2035e8ab2f0245cb1ae6b557dc2403921

                                    SHA512

                                    86c06973614a1c15ca6c81e4afe7e37d4aa6455421692ad220b8a7aa52a5dc1ba58a0ce4efd648dc373b0a364b44d5c0ea3f844123870d9a48ccef5a12376d43

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    cf0d630c86d410aca8d31ab267130d82

                                    SHA1

                                    137ea61f94260ae479d7de0e8e6cd2c4c0840133

                                    SHA256

                                    45942484e141efa0d691ec127ba1a2c1a5f55bd60c6bc2546f8b28854ab81621

                                    SHA512

                                    a93f2b4ebd9b471ad292ce8ab1c3473d9df45f309c518868e2e494b95a624d2981edfaf651c8afa429d7925eafa17e1cc3389b374c0d8e3741af461cba825d24

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    8177a39623e1ccf00fbd170e0501f32a

                                    SHA1

                                    6f4e5399906333485925d093fe83825fae754d15

                                    SHA256

                                    05dfe8035c8a8c34ba8650064fcbb524ed5c2109da04bfb11796b4f8ddc5955f

                                    SHA512

                                    8f745daaac5c5a911c555e7133c7bf531ca8a794bf71676a68dc235ded4a90b788907eb481c60dc55065f8fe756c2a193b3ed1e4961d80b9b9ebcdfd07626986

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    74f5fb015e04bed29cdd4dfd7363c212

                                    SHA1

                                    a9afee0b931a22442580807e802768e72defa6b2

                                    SHA256

                                    6ec7f0731d55ef126e400ecab7cf4187e709cc1575fda7790d6c7a7bd677a4fb

                                    SHA512

                                    913e676b7eede9c2fd6822022666c3e1945ed3be8d400a19f5d14bb724a163c360395da9e3339d24d0cb4f4cb9dade852ecb80ad67bfc4e72c7cd10884978fe0

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    672060563bee868146f2a119eb672329

                                    SHA1

                                    0bf8b15c25fac8b7f9dc6e232d39e826317dd5a7

                                    SHA256

                                    a0ef450a3580fefbf8149350539a38408d654be1afbcedd411119b4c69cfc245

                                    SHA512

                                    baf757a723698e76b1914a605091decb64f396aaeb600ea54aed912b67ff9aa09ad3df56a4a67ad648939b3c16cc10f24c561061846eaa939fa62872d09f532e

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    56294ced626caea74aa41e389feb55c1

                                    SHA1

                                    21ad262e42ff18ff084143c6ced213de047d67ee

                                    SHA256

                                    8e511f52950afb2638439714cabaca19e6ef36377b659bc1728d7392c34357f0

                                    SHA512

                                    64851c64d294bd3683fdc44ef4c6020fcd21171f408a49b66526eae415b39e82d720809b80f861311815496dded7ee5e1bec1b1378d357c3eeff5ab63b693f75

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    3KB

                                    MD5

                                    9bdbfcb3b54a69b1aa5f59a717cd8384

                                    SHA1

                                    075648da21627cb546d22bd591cd869ec197dc1e

                                    SHA256

                                    cba31220391b39f42512316ea95b88cba0f996476fdeea934d7faac1c72ea407

                                    SHA512

                                    88be56ac96ab8dffee052d5eeb8befed04c252d61cb9a6d95870883e8c8ed26e89e261ab0e4943a8d2152d0b9e9b1d9b4f1c6b92a6477fc844fea78842e8ed6b

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    3KB

                                    MD5

                                    4b22e8ce77ce7a6db72fa09d2497ca98

                                    SHA1

                                    bcbe321af1d407660b14c0a894f28a9557d95329

                                    SHA256

                                    bd82242ac4de5c8da42657ad7a6b128d7ca4d7d9ee1411007b71bd7f2f9a50e8

                                    SHA512

                                    1ad69dd73ed503e95f0b8f66eaa7888ad018f13deb234c4638177e397ede400cd5301ff5e2bc8868054a6cb9716bbf3cf5875d51927fb9d81c01adf298076169

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    5e52c99bdc2120fb5aa91c742d20b078

                                    SHA1

                                    16bc42eab7f28674c09ecb839f06dbc4610e2ae4

                                    SHA256

                                    7701b4826c7b14c2c2ebeced4ca7e6e80efaeeafe1a05183491daa71991a896f

                                    SHA512

                                    23cac1eda16218921312f4417ecef0b7076c52cacdb1393e30608246449d97f871dc7030d614485cfabf4a2b9e11c05b0f3421ed64136f5e354322aaed3280cb

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    708B

                                    MD5

                                    f0f60dcfa4bfdca078c31ce1b2cc3bf3

                                    SHA1

                                    8072a45f5ba2760e48896fd3517ec23503c89c03

                                    SHA256

                                    e552397813e22c886ccf21d20e7354e8e87967e31b22ea48900c000c47aff3d7

                                    SHA512

                                    23fa6ccb44631b65fc4a48b51fd46c9ae0a181957024f26433346aff766bb3b312e773209451c0c2f0bdee260e98c356bd1529a9b84a0fbfc139a59c01de0af6

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    d31a8c5bf8e5089596fc34d89da09986

                                    SHA1

                                    cb524e462e188dee4d264ce001c6fe8b0fe0b669

                                    SHA256

                                    c4cfd0b56ff26199152c57c45f22b4ace2acc59fc50ea5d1de7e420af7371661

                                    SHA512

                                    8f8e7755b61e3928e5d81c562c5bc825aa483c24c0fd92558b1c30949f5398746242813204cbfe623278e928ebce7903e00188fe876207c9a254f3946e367b9b

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    3KB

                                    MD5

                                    4e04d0e86f83cd912eabb65ab3a14660

                                    SHA1

                                    379540149633c148f4ae0ed2d02400636daa8227

                                    SHA256

                                    7f8e24b28783526869dccb0d7274b1d954d70f150a6700d3e8ff1c245d17f896

                                    SHA512

                                    bac1a7e767092eadf44e452cf0b89fe86befa3fb8b852f999163a51afda5798db77a0ec9714f22097344d2bfe54a2cedc95d92f28bd076ce9ad00ff29ca46106

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    fe4f0210dffa499704d85a2a6a1b1533

                                    SHA1

                                    138bbaa1007361116b3f54a2f14d978dc26bc41a

                                    SHA256

                                    e9e5524875e48222adb2e538150d0ad8eb2b11f3c00281ba43dc30ad9f261597

                                    SHA512

                                    1041b34bb75bf6b89c86ead05b798008ee23715d14812540c6cd53fe69e25d95de840e0bb169c6e59192aaa4593eb31d0eea60f712888baa64361f9340a8a606

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    891d6c21cb4ac570436d65968240fcc9

                                    SHA1

                                    3d44d22f1fb519be5b4f0c0e287f0a017ef8d645

                                    SHA256

                                    38a329ee8122d31821e9fed037fb3c5a9509ac6989cf1beaf73320586d530970

                                    SHA512

                                    71670622df49f7c3dad27b24d84ded7363e53cbfb12e3af712cc0c51570c3c31d4dbf90c4e0f6aeb0fd179bcb334f2dbc23091dbe2c31a05dbe4a5ad185cd6b6

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c4d6.TMP

                                    Filesize

                                    708B

                                    MD5

                                    b6b087c9b5f482a9d2be698e10b4c6d1

                                    SHA1

                                    f8874fd778457e25c66ba2028f63d7e4734bb266

                                    SHA256

                                    eac2b5905066553c5b42ba50aecbf0d43ed3e1edce23305629fc2a48e98686d4

                                    SHA512

                                    ca4c07431d9d3307e06fb4fcd6f833adf852090140802e2afd1f6b791386f42783616db41cf4f83444331f2aa8297183e45ad6e780379f21e861319d3e26b0b3

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    10f773cd6d66b98faeb124de9c46bfa6

                                    SHA1

                                    bd527bbdd110bac1caf44f2b9bfcf5e9e1bdbf49

                                    SHA256

                                    4084922b4dda4f560ce9a884d6d24a7338444cd8c04e8212f575d62097bf1763

                                    SHA512

                                    713f53a081484657d2be714a05141e24afd3dbb3fcf8d4d5f469a0fa64e469561347ebfcc227e92484e5414eaf69559d16d3bcc6e92ca8eb62b0c10eb13c6729

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84