Analysis

  • max time kernel
    131s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-12-2024 02:17

General

  • Target

    http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe109046f8,0x7ffe10904708,0x7ffe10904718
      2⤵
        PID:4352
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:1904
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:392
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
          2⤵
            PID:2420
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:2500
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:1696
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
                2⤵
                  PID:3156
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
                  2⤵
                    PID:2300
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4764
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                    2⤵
                      PID:4344
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
                      2⤵
                        PID:4992
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                        2⤵
                          PID:5088
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
                          2⤵
                            PID:3248
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
                            2⤵
                              PID:3532
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
                              2⤵
                                PID:2616
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3744
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:5088
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4396

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

                                  Filesize

                                  1KB

                                  MD5

                                  c6150925cfea5941ddc7ff2a0a506692

                                  SHA1

                                  9e99a48a9960b14926bb7f3b02e22da2b0ab7280

                                  SHA256

                                  28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

                                  SHA512

                                  b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                  Filesize

                                  328B

                                  MD5

                                  73541b06882c6124f8a510990d4e9bf7

                                  SHA1

                                  77a2a0d15d4247fda215c91c3a5fbb2e6fd7f28e

                                  SHA256

                                  eec68b8d7ddb8a6062c26f0ebc09fd805e65c2ec48fea3fd1bb0834e560e9f5f

                                  SHA512

                                  eb8d5c11c253406de9fecfde0fcbbd0214eed3708792733de07bbf48f98b26f1124fbb77ae95742ef3d9ba515d1ed9b07dd2028fa5bf5f94c17269c2bf267327

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

                                  Filesize

                                  276B

                                  MD5

                                  6c1f2728e98aceed824a43f2c14476f3

                                  SHA1

                                  d2bfd22c08726370187636a1c2df4ae819d84409

                                  SHA256

                                  53f299fd57815ffa68dffee92b822b82a4f3420f5ba39fa1aa040091798b5b45

                                  SHA512

                                  b80a5baf0271b33c81faf56508ce7e2768ee990de70dd721c3db0c7bf17c9200358709bb2aec8d8d16c83848aa6f0bc94bc60554b0b73619bf29bf7d488c221a

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  85ba073d7015b6ce7da19235a275f6da

                                  SHA1

                                  a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                  SHA256

                                  5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                  SHA512

                                  eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                  SHA1

                                  010da169e15457c25bd80ef02d76a940c1210301

                                  SHA256

                                  6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                  SHA512

                                  e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

                                  Filesize

                                  92KB

                                  MD5

                                  700db95cfa2fcac3be6b694fecd627cf

                                  SHA1

                                  a2a1223671a8bb5c88f330a481587235930a4ced

                                  SHA256

                                  2914ec7a29ee658022d985263799842db3916cec965a0ef2829be1957d33e482

                                  SHA512

                                  b6b096bc026b0a8ed3c796c4ed3a6fb73995065ad6a7013bba8b61426ff1fd69c275cb96de6fad0ed26175ebefd5f7d220538403c4c6b13e5d06c0e65d1991c5

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  4KB

                                  MD5

                                  528d8bdbe1339ff0c8fd62ad718bcfe9

                                  SHA1

                                  a3862500b27bdde737b8361501841e9b39705f33

                                  SHA256

                                  ceab6bacf904bcfb6c1dc9d8d06af3b7815be104bda866dd6d2813b82fe469f1

                                  SHA512

                                  b78d75d24e5ca7d619dfe55551300b50357d149068f7b6eff1d388f0206c1318e7fc2c27b01f37a696d9f94222528941b45eb227e50df55d044fa86db1f07503

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  2KB

                                  MD5

                                  3f19e60bd1a5e76cc437903ac70859b7

                                  SHA1

                                  e0731788e1231a926edb8a80e3a6949bda43a2ef

                                  SHA256

                                  5053953fdede62f46227dbeb5ecbe7ce6e85b9679eaed887b5046163e7d8d6fd

                                  SHA512

                                  5fffa5b55802bced012947e3dba570bd00231063e53a249d794dd3114cba43a035f33dfae1d980fd0be8180a413f7d290fc83271cf32b238d30a006a4593f819

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\000005.ldb

                                  Filesize

                                  1KB

                                  MD5

                                  2b01ea8b5823f84adc505ef9f235e955

                                  SHA1

                                  b6b8f92b19d2ec21b3cc07f91c18ccac9d400558

                                  SHA256

                                  588b67c5321bd67692fad82a1eb3d0e4f426b381ad958f2201c218b71495eea4

                                  SHA512

                                  6c3e0285000dbb1eaf09379d8e573078aab3951ed95d54f0a843c613f20a61510ab5ca54998b807fa85c7476ab5deef50e4c8c4ba76f793bf20e1fb2cdce8ca3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old

                                  Filesize

                                  383B

                                  MD5

                                  f3252eb236ae93b5dc302520c66ee9a7

                                  SHA1

                                  03c30e122dc3e011766403d1c56818f43ddc2367

                                  SHA256

                                  7cb838b897dfaa30023926b111cb293694bde6a1f000c67556f7576b9b7eecbb

                                  SHA512

                                  6f4eeb94898a4951a6b1f9cecb00bfa8ec3c482741a3b19c5fedb8e15c4f2ec122f890646e9dd78d958cb873023059f5424236c6575153fc568a335294afb78f

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old

                                  Filesize

                                  383B

                                  MD5

                                  f13e7df9e4978d2fc569af6d5ebc4908

                                  SHA1

                                  de1bbace2b506a009bd9d1c287d9f94e1ee4e2bc

                                  SHA256

                                  9641998f0e6696e8d215d7545f1a0a3462fc67e3186eb81ecb5b690e30a8cd67

                                  SHA512

                                  74e2747dc4d6c087e54f9e803088f07a03c624cead4042818c811cda4f41ca6208a9904f835b032cc676ba8746375b7c0a629590dcc9c4090b310026b92dc146

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old~RFe5800b7.TMP

                                  Filesize

                                  665B

                                  MD5

                                  d95a29bd8ffa58870b29d8e3f1e1e059

                                  SHA1

                                  89862715fc85db152cc7153e6d935146aeed1c7a

                                  SHA256

                                  41a2534f5c706b29577dca749cc659af13be9becd7e5dc6c2f896fbf5694ef54

                                  SHA512

                                  cde22bca18bfb8d268f402eb30172bbba2498aca29561dbd9ee2bb61bb05543111a990159db85f5593d1a79173068153db9d3804a23d65b741f2827f49c20de1

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\MANIFEST-000001

                                  Filesize

                                  100B

                                  MD5

                                  d81106fdc94384ef2ed1fcea7a5d9e5b

                                  SHA1

                                  e694edffa5d6f8843cc7a6a4edd2c27d08a51b34

                                  SHA256

                                  8741c23815ebea5de820107e31a05fcc3b3e0b331712d42e7fcac36befe6a989

                                  SHA512

                                  ef29b662d7ae5e5501e48b676b028f5d0bbb46a5f4b16f365d149e68333720f4746c3e1968cd67e774db3c77c20beb33c1342e8fc2c99b39e9ad0be4e47f81ea

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

                                  Filesize

                                  23B

                                  MD5

                                  3fd11ff447c1ee23538dc4d9724427a3

                                  SHA1

                                  1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                  SHA256

                                  720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                  SHA512

                                  10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  897B

                                  MD5

                                  071630776929191c3fd8bc92c50267ac

                                  SHA1

                                  4a3ff6114b2a27fc2b6a3d75951f738315d8665b

                                  SHA256

                                  cae036e27617730f347db535cbfe372625aee7e5b494f674516a7bf7849ad10b

                                  SHA512

                                  20eba7b98ba008c91c53960c123175446547964f73f57f0afa0d95605ef87b0775cbc91bcc27b7425aa210edeebb2b6521d017e9c5ddf7b08e3beef36b4bdada

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  897B

                                  MD5

                                  6deb8ca0563b52a7b181cb72e23caec0

                                  SHA1

                                  357ae7760046c4a9d966f19de56cfb9684d3e974

                                  SHA256

                                  1d445cf6ae39e09e8a0beec4c29555b09ad3eb14a0a6a4c649c8a3cda396a21e

                                  SHA512

                                  a8e998b4ee0abce9001e796dbcc05f339154ffb2fe4748a4f47eb20aa82ecfeae16e618fac56be7e8c7eef2b034d8430156167587073236fe541b1689a98dfac

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  7KB

                                  MD5

                                  bf743b40d7491d2e5ca13fdb5e77a04b

                                  SHA1

                                  47f945d9bc3244a512ab845e232c8742aa6c65c0

                                  SHA256

                                  05550d6b4f2079caff6f546952f31e04c432627881c7d3dfca3f6e12f3942990

                                  SHA512

                                  feed8f795885c4ed5c5cf109e0fe2ec1dd114d34e8676a661d2194d430714f4ec3d92db54ab0b1ab95bd07fb2f1e81c1f7d4a3fb776f5344fe110e1bd1203b95

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  3737e8d834a70fa208071710b9fe627c

                                  SHA1

                                  95c1a515f9cc5025aa98742f99d9a29df9ae5969

                                  SHA256

                                  ba0565786c406439fae19e37915c0ef8979610375e926618c93d6e6b11f8b26c

                                  SHA512

                                  c8d2ecda100501a45dd33fb5cd37ecfebb4ae8f9a8f89c89e652dff0225c91d555d69e97e8e77af2fe082fa726014d8b606f38592b79336df1abd8bc62aefc0e

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  7faa9d545345e40f278a8fd805a3d6ff

                                  SHA1

                                  c9bad1c8fe48485fb03ebe32fb186cd2e2e7473e

                                  SHA256

                                  4f91d36b3a68e016619f10f195e3a45c3e4be262e32609c6dea5792e98b0ca90

                                  SHA512

                                  df0a1695ee4cc16a40a635190d1c81a20dec73a30e86a4b42da85189fb58b2777174b95dbb38b78eb4a6d34c9bbfa1a12c37eded1bd1e456936d97356205551c

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  0c0a469b1f1ef30c2645c9dd4fbfbec4

                                  SHA1

                                  ac7a5a8ba990600c0bf26bc4fad81c23b8657164

                                  SHA256

                                  f853558348cc3cc92cf5bc085b73d38164b042ffc59ca7f798c95a7980a16ee8

                                  SHA512

                                  88f16d6e7a633b37a36a8d495d6e7b32646627ac293763b283178ce6d737dc15789112451a1fefbd430732c7e582f389f18f09a6cb3009ff3ebcbd99410ea6ef

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  6084ab306d9f1a06eba8b4e5c5f787fe

                                  SHA1

                                  26b58f5367ed05db0a833843442113f2a038d0dd

                                  SHA256

                                  681d0dbf0d2cb9461fa3bb8926eb2dab6ac4359875a59bad6450e1c8d16c6340

                                  SHA512

                                  4b1d6448a4c151b5bc4673e9808b00e6c72d85f6b669739b454b973a333207b7715342f43974330b7106ad86d283c4424c4d2601689948f6e949e7462000f7bc

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  81733fe41236a8f61fcf7e379e710023

                                  SHA1

                                  3dbc96799ca9cd4e1e50b772aebd4e610e5d4ab6

                                  SHA256

                                  a52ae2030114c328847a72d9aae942cc93c72d9821359ab6378b790877a3506b

                                  SHA512

                                  cc76cbd988625ec92a46e6d95fe60bac097d56b77bdecb82e4f0f365b7ab731252e55b76ae7a51bf4836827794aeccd82ca27fd6e757bce1cb68d6f34e6c444e

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  ae9e06914d29a61aaa577112872194f4

                                  SHA1

                                  24226817916b8e283add380a5c5100ec373de914

                                  SHA256

                                  5645658ef1d4f915fc151df3fb2abec64c79354100ec1dd3b036cb33eed678bd

                                  SHA512

                                  205d412e49556fd0c87152cfa787d127d847a149abf6fa4be426e46327a7f735f397352c6c1687b71843f1f998f326aff917075674951d035a26b839370eb287

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  eca24f84f45156ba2ecf2f754f520eae

                                  SHA1

                                  e7e2c31877071f2ed77a12ab76f298aee13266d9

                                  SHA256

                                  5eb758d806c84a1a23c1f656df84a14c247370e8c7035066f3e8621b1965daf2

                                  SHA512

                                  64d13a596793092a01f853c9cc0f71d50bb82f120f85f73948e3f8827b30a6590ba0bc6822cc16104abde91527905659e95744bd1d8e460571eed9753f6053f4

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  4202b14eb9c688bc25f8900fe9c4bdc8

                                  SHA1

                                  ba1018fd5e0f4e923dcd90a5d82ebeb44dccf0cf

                                  SHA256

                                  1a0944cb87049e28b6000312b8c4bc0f4aa557f4c394ef0e700b82cb2c78f034

                                  SHA512

                                  f2a63964175d353327cbe95a42f7d2a4ad04455a314b16dd3fd41773d84fef30d71c28c90ab2407815d77ae06e0910df0e3bc54095303f5aae1e641c86f41ae3

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  cc1248a3023a9b3663cdad0df4a1a1c6

                                  SHA1

                                  58d29d5b107d16bcb1abb059981345a923c7e37f

                                  SHA256

                                  bf10cb8bb01c7b058108f61e57b2bf6c46a547f0ae4350a793943eb9ae4cbc82

                                  SHA512

                                  9346f845dde5b59ac9e8e36c7908d0205e71a1ac68ae14f97b74dee9fa06c3d95bde6064a6547ca3191b23b8def1bc014c370bb64246ac8a03e92cfcb694b737

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  91ef76b5a448fabdf87a6a848eb39260

                                  SHA1

                                  7900e67120861aaf2f44dde9a21bf461bc3ee7a7

                                  SHA256

                                  97dd74e2afc67cbd578df3e7091c6e1c98327700e2662eced6c0b9eee9bec919

                                  SHA512

                                  99b6066b2d0aaedd6cd14081965364507d19c8965822147d08fc4889d9872aaff00fe8f39f4a9caebaabd72420c521247807e4d14e285996aed1ea945851b7b4

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  6540d82ffad71a6784026e5b6b3d5e53

                                  SHA1

                                  1f22013365d3c91f6160813612848f47089db898

                                  SHA256

                                  1e158e579a983023150a505aaba97d7ea93c3534cab0efadaf145e73ea56063f

                                  SHA512

                                  fc01f547cac490598f2e6285207ea0505363122afd6788779be5ff4435fbafa1d677d1db52dee1f7861a30808b2c54900c03f18ba1c577d31a54a3424986f630

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  eb81c6eb810ed709b4c526b13dcfd8a2

                                  SHA1

                                  6334edbed667ea27213163d8052afdc6a4457807

                                  SHA256

                                  679cedefbf56fb6509da069389951e2b621a0daf2aeaa8a58e47b0220d0db102

                                  SHA512

                                  f941bf0fd11dd79bcd276d3e030297657a69b5184b96c8bcceb0c82012c86ef7e05fb48d26f075354514e044fb3fc4e0831a3753d1e7faddb10764c4dae0a7e1

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  989114c8fc89919f0910c2e2cc837d1d

                                  SHA1

                                  55d51f0041e01c7b1cd39400206d3f46f95c693f

                                  SHA256

                                  769017059f03d7f383c06aad4519890ebff7e04c0797aa20ecc4ad6e4e96d85b

                                  SHA512

                                  d8797f4bea581870c7e0a9861faa165c27f58e4ab373343542be2ebbc542b90fc3a8f75b13f6fc0641fbfbf121c94466690203c9d47c14881c4a22be430a2f02

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da91.TMP

                                  Filesize

                                  1KB

                                  MD5

                                  8e6c74d28c35d63a239c3b941799130e

                                  SHA1

                                  8f2bacd8dd79726913ba7d5374504884bd86ffe4

                                  SHA256

                                  13d9a46312e765b13d83c745235cf0480595cc460b6cd21ab74667fbadce7eb3

                                  SHA512

                                  43fd29774f92dc92fcb25c0eb8800bccd1b164ef681c6d618973e8a840326912169eae8d1b49e93a5bca4d2777490298d4d327b979dc62a52b6a9b01675fb105

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  11KB

                                  MD5

                                  0694becb9148df9f252d5808c1134c6a

                                  SHA1

                                  2906dc6efeff7c484c56814d4e0e193b95b312a8

                                  SHA256

                                  0edfa45a8bd1e09a2ed00a2bc57412e4284fa619a3cc09f0c3b2525c4e89deff

                                  SHA512

                                  d8017b0d9614cd17ec9fb352047915df8ce881df02615b3665cf9438fcbb31adfef2e198d8d452a5e52c5034c0b546f6d3a0d8e951f19c19da052c3e09ed4631

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  e90c826a3215be956cbeaeff23e6b9f9

                                  SHA1

                                  6c48803873c3f351dff04a6f7bede2d78cb94ae3

                                  SHA256

                                  38ff5d58a4549cc91c250b3e4a3f4bea1e5fddd49dcc97cbf9370d2556196918

                                  SHA512

                                  a5977eafd27397c08e35061a080e2e54314b4f65bd721d51a7401a54cf66ed04874473de5d33a96928dde740473f65f622d01369b0b8a7b28fb364d5a93cdc30

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84