Analysis

  • max time kernel
    106s
  • max time network
    108s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    14-12-2024 09:03

General

  • Target

    https://jhttps-www-roblox.com/games/2753915549/Blox-Fruits?privateServerLinkCode=13791321685131000856350622800117

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://jhttps-www-roblox.com/games/2753915549/Blox-Fruits?privateServerLinkCode=13791321685131000856350622800117
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff92e7c46f8,0x7ff92e7c4708,0x7ff92e7c4718
      2⤵
        PID:2236
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:3744
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1008
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
          2⤵
            PID:4172
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
            2⤵
              PID:4360
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
              2⤵
                PID:656
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                2⤵
                  PID:2992
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
                  2⤵
                    PID:4456
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                    2⤵
                    • Drops file in Program Files directory
                    PID:3284
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff71cd95460,0x7ff71cd95470,0x7ff71cd95480
                      3⤵
                        PID:932
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3948
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                      2⤵
                        PID:1880
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                        2⤵
                          PID:3932
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                          2⤵
                            PID:3080
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                            2⤵
                              PID:1420
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                              2⤵
                                PID:1992
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                                2⤵
                                  PID:4460
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
                                  2⤵
                                    PID:1996
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                                    2⤵
                                      PID:3544
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
                                      2⤵
                                        PID:3632
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
                                        2⤵
                                          PID:2556
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                          2⤵
                                            PID:4756
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
                                            2⤵
                                              PID:2028
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
                                              2⤵
                                                PID:1280
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
                                                2⤵
                                                  PID:1620
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
                                                  2⤵
                                                    PID:1880
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8514984288259547278,3531175455336435692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                                                    2⤵
                                                      PID:1792
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:1332
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:2292

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        152B

                                                        MD5

                                                        aee441ff140ecb5de1df316f0a7338cd

                                                        SHA1

                                                        82f998907a111d858c67644e9f61d3b32b4cd009

                                                        SHA256

                                                        5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

                                                        SHA512

                                                        54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        152B

                                                        MD5

                                                        821b1728a915eae981ab4a4a3e4ce0d1

                                                        SHA1

                                                        8ba13520c913e33462c653614aece1b6e3c660a2

                                                        SHA256

                                                        36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

                                                        SHA512

                                                        b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                                                        Filesize

                                                        40KB

                                                        MD5

                                                        7460cbad99d899b9ec272d6e655571a9

                                                        SHA1

                                                        004533303807d9a259a7f2a499343370a123ea1f

                                                        SHA256

                                                        ed758979b43b4d214954de6a5cba5b3b9507998b2838ad7df2abf6268048704d

                                                        SHA512

                                                        3a6808c6195a5fde5423cd875b4815c762a70c5407acfce6ab1c423b5b067e5b4d8965d8e7b5f62c83c2535e0cb40923a49f4570379c5a2bc4afb786df2dccde

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                        Filesize

                                                        20KB

                                                        MD5

                                                        d8b8428fa9360c1a1e4937dc527eb879

                                                        SHA1

                                                        a54a9c0d5c2cdf700617b6d525d05d65e4fdf485

                                                        SHA256

                                                        2516135af981e163f462465b991ac3f0aae8becdb1ce7604efe2fa3ec89d2d57

                                                        SHA512

                                                        d8d3eaf20243e589e7f720476b3a1a2594ca11a1c3938988c9f2f9d221c9ceda1f52d46037604e2060ecd7bd4db40295589433a224add43ae90bb188cd9fe875

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                        Filesize

                                                        20KB

                                                        MD5

                                                        b1646bfedb296df347874445a4671224

                                                        SHA1

                                                        821d6df1255a4cfe1e5914da2a7410226dd2ee71

                                                        SHA256

                                                        4d34033ef1e5f9dcf4bbb6825562f7e759c479e311b9bca667432bd9fbdc1050

                                                        SHA512

                                                        aa61e7b095a99af0c9847052606b6459a7e8836a89841acfa5b20c205d311fce7eefe39a45f31530516bec3d38dff4b031d4576e3cd4f7f9d52a64d61ac73ff2

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                        Filesize

                                                        59KB

                                                        MD5

                                                        99adec199701191fda80529b0506e475

                                                        SHA1

                                                        ba63a6135825ed9f463762fdb1fe8e4a3cab26e7

                                                        SHA256

                                                        86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b

                                                        SHA512

                                                        c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

                                                        Filesize

                                                        98KB

                                                        MD5

                                                        fe796e8cc389e60f11155e08168f5cce

                                                        SHA1

                                                        16d50a20e7a91acd82590f0944c67aecadc7696e

                                                        SHA256

                                                        d8d0a3feb1e21c4fb73db3d2a7ba76e47717b200059a92dfa1884e4f383d45ab

                                                        SHA512

                                                        3e7a76587bf23ad9d1cdf3a50ea91c46c7c8ebff4f6b987a619070c9edfea8990f224773c29f8107058cd1e29d30bc6edf5548a2d7a3449007f4acb70427b852

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

                                                        Filesize

                                                        107KB

                                                        MD5

                                                        c478cf3f93d419269f9e77b75eade14d

                                                        SHA1

                                                        1c89f93a9fea5af41f368ee01707e81ac414e0d1

                                                        SHA256

                                                        9da5d79e6c59ffd3790e445fa5279a84cc3d4474b2eba98be5c7a50c3000ad0d

                                                        SHA512

                                                        383ea532de0bd8d0f45caa69d6a5747d6f5e5cd362709d1491fcf6a40e2d0a3019c97432acdbc0da4c66917822a934bf56cd859751b972771aef7e9cd3b33dd8

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

                                                        Filesize

                                                        52KB

                                                        MD5

                                                        e8853ca83d8b297c288d1a1addeca08d

                                                        SHA1

                                                        34f5e82e6cee1554c96d2a2fc1fe7875a603837e

                                                        SHA256

                                                        d29bea480977ff82ab81b0e8c159c4ab6d38ffa5377699ef3acba48887b707e7

                                                        SHA512

                                                        117865bf4c9995a1ffd9d7d128d6359cf1845b44eab79f169b50630420ac1c5c915a4fe368859f81891ec6d691c9a8e1cea6390c4a7bf2e2e2aedb956fd172b9

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

                                                        Filesize

                                                        51KB

                                                        MD5

                                                        d150fb711ad72a3862ff09555afdf572

                                                        SHA1

                                                        169f55f7080a41082dc8c35271c63974f5abd5e4

                                                        SHA256

                                                        f3d793f104b300132dc7dc0c652a240ebbca770499b6531cc2a0f67336e589af

                                                        SHA512

                                                        9e8470b277a95a5ab077007f4d841b78863c67829dc917a5a5af816e5eeba52609d11982b9a2c20e8ae047782238340d1d96cb1fc8cff20477990e712fe1e75d

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                                        Filesize

                                                        144KB

                                                        MD5

                                                        c91d52fefcd219e48ac2df3eba741453

                                                        SHA1

                                                        ed52e2731389f1b38b9eb3cba0100f233b6de1f9

                                                        SHA256

                                                        c91db6b90049795900f0cc5645f8ba5fb6e4041b25d135bcb213dcf563bafcd2

                                                        SHA512

                                                        f8c1a91c21d2f8612a1e14d2decb1a2bf72cec2ddf6420acd561f72c34ca11f14a96483410115feb9d7b61bbe482ba735666394fdb3ae285fe4b394e9ddfe124

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

                                                        Filesize

                                                        20KB

                                                        MD5

                                                        6475a4afa02878aba743451522eb5e43

                                                        SHA1

                                                        c0f8d41970f233ab9fb258b06674d1df7bff58a9

                                                        SHA256

                                                        db13973812c4dd5f62d6885ad06ed9d86f59089de6753752618b32be56d72fc3

                                                        SHA512

                                                        a016fd71ebd5c38cf4c4f4fcff4d0c555e86ebc201b8da4cd29e5f68162ede89922458495df44b05347ad62c76ee9f82f3147bfce1e5b4bfc5d55332de3119df

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        48B

                                                        MD5

                                                        1d3cf3d04593b4078fdd05b26e58524e

                                                        SHA1

                                                        3e4fa47d9ad70089a49dd6eb2713a3f7b8d24cb0

                                                        SHA256

                                                        8e06f7caafd2e7542a5a73d45e92d45de92ec0ae5af8f7819081e7705e9c6f3a

                                                        SHA512

                                                        41517c6bcc9d93a882a183216abf7a83ff79471a4f09fa86af36e28def3fac7e38b22a43c4569e9ec55c87e123cd658c2afcc6a11a73b77f2cc2a634e28f1367

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        3KB

                                                        MD5

                                                        0df7127635ff8248c40956caafe4c733

                                                        SHA1

                                                        2f314650f38a7978ea62b0f6925ac399cea5bf40

                                                        SHA256

                                                        08ee191615b458582a8d9a8b572f9b0896d9d3c9f9f708f6bd569da363c5e586

                                                        SHA512

                                                        bad61060c69a91c90d9583fad9cb146d5c00ea05a3be0f2db7acf13c276b2f65d47678eac417fb630106a579bd0822dbf2edf45d7eb086d6c610e13bb4d5b566

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                        Filesize

                                                        70KB

                                                        MD5

                                                        e5e3377341056643b0494b6842c0b544

                                                        SHA1

                                                        d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                        SHA256

                                                        e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                        SHA512

                                                        83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                        Filesize

                                                        3KB

                                                        MD5

                                                        1ef23e0d0fc8a4bec5812554fdf8a32b

                                                        SHA1

                                                        53ee09055ab54c7bb49159c11ef9a982c755d167

                                                        SHA256

                                                        c972400f8a9229367d82af4be9d9ed17082f8d021454ba70b78ce5fdbcb81699

                                                        SHA512

                                                        d68c0ac26ca248147a145fb7fd605bd7435c9448ee587d1953e884f3fe46dfb81ce1c4013d01532863086d2f6d0a567e172aab5105adc33460b693d4ae539653

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587a1d.TMP

                                                        Filesize

                                                        59B

                                                        MD5

                                                        2800881c775077e1c4b6e06bf4676de4

                                                        SHA1

                                                        2873631068c8b3b9495638c865915be822442c8b

                                                        SHA256

                                                        226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                        SHA512

                                                        e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        f24a615d98913330928293d067a38ac7

                                                        SHA1

                                                        2db335331bc87621b602a0612a09889d7b8274cf

                                                        SHA256

                                                        151bd504526e9540ffaeae44e44310216320d21aa7cd09de884cc445cbf01a64

                                                        SHA512

                                                        b67e0e5f78b19e1ec3ab7772271609567b7904d5d33e74ad0f725ac1326ad0e2897bdbbf99ef4320d9e058b2c8586a487e20807cdc4c9a7e0d881eecf835afeb

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        cb71a9c8389a1c74e77beb7846a53aab

                                                        SHA1

                                                        93ec5bfcd6e2e38cbf369a4419d3444565539528

                                                        SHA256

                                                        e56c05932b93d33e1d76997a38ed9ed19ddee59e4bbac5452f794e66abf5ddf0

                                                        SHA512

                                                        97a7762f916312acbffe0a6614605f4c2b7a23d0513eb104763e6cc137cb7fbf6fef07605690f37d1341563416297f15ea9ed82c1e2b767875b537585af151cb

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        0e4bf16b6399d18644bcc5223a68af72

                                                        SHA1

                                                        248a48030a95f4ec9c4ba2518d9fc258dc72db00

                                                        SHA256

                                                        0f052610c102b61ff30b9632c2f8df16f2da112984f541780a49e646071fd2d9

                                                        SHA512

                                                        e987b3588a61097a5356eeddd7cd7e9e397ae24441fc39301aa7b95d3dc6d087191bdedda9448f362c91702ee58b3eec6f92090fa561c65ccba0c9dd61958137

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        4db1a71bd77f5c928d736f80f6e26ab6

                                                        SHA1

                                                        4890fea771cff48300e6551f6e2d0794d3f7fb6c

                                                        SHA256

                                                        2877d9e603d489adb299f7dc4f8dd9fd6679ff25d1f7be2991abd490a35c89b9

                                                        SHA512

                                                        1eb492a6c59281d9b1a74c455d3cf233729e8857fc44760f545b76e460ae781391a87567a4393f3931e19513e25cd371d0803d4c7d893522d726fbcf7547cf6a

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        71813122935e2c6b9297f0e1575fe829

                                                        SHA1

                                                        d62ce00ba00e53e86d81865b13723e9737e2e03f

                                                        SHA256

                                                        cc21241803942bfd4622d28492cc10abc3041f23e4b5bf72180899ae8a673f8d

                                                        SHA512

                                                        ab4592d26728d80dfd3856083e0cfa5ef3afb6d208c7904dd6ad5b0ad7fcb38aa8828c4939074b46699759f071f7e770f853ca092e4dd1ae8fe0bf97983b56a3

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        c1df49aba5d13dfa3a7110648386e00c

                                                        SHA1

                                                        01a12aebeb08708807cd6844427f02dc74e0872b

                                                        SHA256

                                                        81da7cb9d5a97b1ad6e840dacd4f0f7a3a8059f46c03caa3a6ca190df2c44624

                                                        SHA512

                                                        132a2e3373d6642a75e089b350043056f2fed0fd2454746f5bdaa76e780e025387d67a31ecdf9e5f4c6306f95cf36520aa4a5b29b6663f163363861af08bb654

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                        Filesize

                                                        24KB

                                                        MD5

                                                        40054cb73dd68fcf513186a36e7b28b1

                                                        SHA1

                                                        782f64c46affe72bd6b334c69aae88aa32216b2d

                                                        SHA256

                                                        136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

                                                        SHA512

                                                        8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                        Filesize

                                                        24KB

                                                        MD5

                                                        729df10a7e0b722edf6673d36f2040a3

                                                        SHA1

                                                        d082d92cb6eb8c0d79c9ea7e67e8b4828c5ea02b

                                                        SHA256

                                                        e2c498352af617d6d1106ea4d53c59fadc993a1f432068307250cdd0be68f7c0

                                                        SHA512

                                                        1619048945ed9b48ab2568dc546adf5173f2c60d03ee74f4616c3ffafe7182052b760feea19ce288799448c0f613b5e5592e5c547417fd7705997663439e3270

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                        Filesize

                                                        72B

                                                        MD5

                                                        ecf2f4b548aa21571d0db55f12663c62

                                                        SHA1

                                                        bbe79c4745cf55afba3f07bfa55d98cf77843533

                                                        SHA256

                                                        ac175c4c416adc0abc69a182b6caf7524928d0e38e0a9917f8af13c70e59f66b

                                                        SHA512

                                                        091de845403a528cd5d5c05780d89c44dde28508db571021bfa134374dd8a8356f49041837deec4d553593e02895e364c39e2c382a27dcee8879fd074451d5bb

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5828b1.TMP

                                                        Filesize

                                                        48B

                                                        MD5

                                                        9f813c8e08dd3ac7ae6eaa31b91c1f01

                                                        SHA1

                                                        f2eb7c40fc4f0f989cc14e15f61d6962c44c6210

                                                        SHA256

                                                        fcf65f04062b24d2a821dad53940ff931153205f60ced55892ec1972283ec510

                                                        SHA512

                                                        158c54d48bb374c337bdabf924a8a2f774f0eb5ecf6277596d196501d1a0b97265079ee09a5273ad5bf7dd43738b1919e33d937534790ceff2fa024b0d8087aa

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        46295cac801e5d4857d09837238a6394

                                                        SHA1

                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                        SHA256

                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                        SHA512

                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        d3be2877bcfe6a2fcabd3af2084dde3f

                                                        SHA1

                                                        afd2d6d3287ee472b18c8ca61d49cfb4e6298847

                                                        SHA256

                                                        50c624d5614096361061ec8adfeaa6b4301ac5cfe06178c6e200292849d05f7c

                                                        SHA512

                                                        74f62d07e7fb799b9d8a2e6489a2c1b7473a6d7a650104e3929facdd2b8ddf7c03bc0e1e7ad18b8f16b155501395bea19bb9160330119ff776b2a197e558466d

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        2d1d37dbeeb06987fc7bea07360e7c41

                                                        SHA1

                                                        d6c00b36200e37cf92121cd2d3515886862cfd4f

                                                        SHA256

                                                        b9f39c061dbcaee9d28034d323706670d24618c765084a4de4dc192ca37860a6

                                                        SHA512

                                                        7d1471a21e2157838d50f79f4a2a361d16c252e2500833b0473c19da4feda73e738461ed37464385f561f59d5047b1fe20e18ade6645b2db89d712c2367ec65e

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        d5517b8c56ad3a086037a31d815d04ff

                                                        SHA1

                                                        13235f78223de745c456dc85a06d4465af43a9a7

                                                        SHA256

                                                        33f8a0367963744795ae3d6ccebe54e27c910cc8b20b551733131fc9dd4fcb3e

                                                        SHA512

                                                        66a2129d3848d034f85b5c05ffa120f4feba01621d20e8de4e2919c287b1ed3436ed80678614f3352749f225ee892bbcd89c6b0b63dd4f6726af4bd1b6fa4670

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        97bd3f6808b0c4e1e10fd1eafa3f1a1d

                                                        SHA1

                                                        53c9d011223fb3029eb45b2e3daefa4cab69f55b

                                                        SHA256

                                                        f41010f7379c3a2a3af86a8f558640b30738b3e43ba89f9bb1229f16dfb20cb3

                                                        SHA512

                                                        354d3c6381d1bd0a06f4c5473c10c9e37d34be143c3876bb9b16a72eb9202033367c2eea0501e056a7634b255f41ea6f0ae6ec7ea9fce78504e7e6f6c5d4a91b

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5ba.TMP

                                                        Filesize

                                                        203B

                                                        MD5

                                                        7d1a9393132532e93c1d14e59715c47d

                                                        SHA1

                                                        f24896dd172d185e7bfc285575d5537a43a17b84

                                                        SHA256

                                                        276fbc2267ec4c028451af2de4c9c107ed97a219a7cdde6a24a765f9e94ef3f2

                                                        SHA512

                                                        a387489c455845f422d3092b7e03f035e87ce65655cab8123e13183d6af624f3826fdc9005856dad105bab7b44a2d71b114677af31631613e7d9c15db96d94c0

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        206702161f94c5cd39fadd03f4014d98

                                                        SHA1

                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                        SHA256

                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                        SHA512

                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                        Filesize

                                                        41B

                                                        MD5

                                                        5af87dfd673ba2115e2fcf5cfdb727ab

                                                        SHA1

                                                        d5b5bbf396dc291274584ef71f444f420b6056f1

                                                        SHA256

                                                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                        SHA512

                                                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        f6c9689889f6525b1131bb54b4d2e8ac

                                                        SHA1

                                                        f51954681f5c167e37ecc6290608799a1102d95c

                                                        SHA256

                                                        d87c9b9d7956ee822d1613b32ff811ec3291c7d382e25f40a4bd155ace22e848

                                                        SHA512

                                                        3f06eb037b8e355d26fd62cde1b1450a95baf44ae6321a1cd4aac222771b27a34f344faf279fedcd2ea70cf05209622a8c08b680782317b7e7074bb03ce33ddc

                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                        Filesize

                                                        2B

                                                        MD5

                                                        f3b25701fe362ec84616a93a45ce9998

                                                        SHA1

                                                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                        SHA256

                                                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                        SHA512

                                                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                        Filesize

                                                        3KB

                                                        MD5

                                                        bf21b0cef8a5c4ed9e130029027f10cb

                                                        SHA1

                                                        2497349a85a81b48b8926250d76fd202d338765b

                                                        SHA256

                                                        ebbe7936f1c53fa32bf2f1ee22ea30d220a4c8b226b2cb87c19bde45b49982b0

                                                        SHA512

                                                        154611a736f07563ab350cd53bee79f6b4e3fed97152bf93e9588dc7a895dc4eeade2c14e10a61cb7fc83c705218ff4c8feafcf688e3a8b1bbf77f719aefb6e5

                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                        Filesize

                                                        3KB

                                                        MD5

                                                        f04e8f59aaeea0f401019563ef8366ee

                                                        SHA1

                                                        73b384a925358d541dfaf03ab51aa5eb9d764e2c

                                                        SHA256

                                                        65f8a43c4501093edb88c18e7ee586ddded7636567cb631e6828d65bab741024

                                                        SHA512

                                                        7b26d5c52c8576f13dec306595b759df5300cecd88ff151081a7c74594454038c38a1fe328872f84aeb1c02d8e02bfbca472af09c7a045621a6c2b0aa7ae3f43